This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Questions about Palo Alto VM Series 30 day trial

I have the PA 30 day eval VM loaded in ESXi but have a few questions: - the company I work for is a PA partner. After filling out the request form it took almost a month before I received an email saying "Here is your VM series trial link". A friend of mine requested the Eval using a non-partner PA account about 2 weeks ago and hasn't heard an...

About User-ID configurate

Hello, My User-ID agent was successfully linked to PA and I also saw Source User in the log. I then configured the LDAP and group mapping and applied its source user to the new policy and wanted to verify that it worked. I found that the PAs were all using the old policy (LAN_to_WAN) and it seemed that the PAs were not catching the source ...

young19918_0-1682139262606.png
young19918_1-1682139381621.png
young19918_2-1682139521043.png

Resolved! PBF Rule breaks internal network access when connected to VPN

So, we have 2 ISPs and recently made a PBF rule that takes source, user and destination 'any' to route to ISP 1. Everything works and we can see traffic flowing accordingly. However, When 1 of our users connected via VPN (global protect) which is setup to connect to ISP 1, they can connect but were unable to access any of the internal network re...

Inbound NAT for multiple VMs through single Azure firewall

Hello, One of my customer purchased an instance Azure VM-300 firewall recently. The customer has approximately 25 applications in the Azure network and they need to publish these applications to the internet users through the Palo Alto firewall. Each of these VMs have a public IP and the customer need to retain these IP addresses since they have...

shabeeb by L1 Bithead
  • 3587 Views
  • 2 replies
  • 0 Likes

link-change still informational severity?

Can someone explain to me the rational behind allowing an interface to drop and having the link-change log a down state and yet have it be INFORMATIONAL severity level? I saw an old question about this and it seems somewhat ridiculous? We had filtering on higher severity levels and had a circuit drop and never got the alert and then realized wh...

Untagged subinterface NAT

Hello all, I've been reading on untagged subinterfaces and I'm not sure this scenario would even work for what I want to do. Basically I want to segment different two zones coming over the same interface. I usually accomplish this by creating a virtual-router on the core and running cables to different ports. License and hardware limitations p...

ClintL by L2 Linker
  • 3352 Views
  • 3 replies
  • 0 Likes

lacp worker poll timer interval too short

Software Version 10.1.8-h2 2023-03-17 16:18:48.037 +0000 phase1 completed2023-03-17 16:19:35.133 +0000 start phase22023-03-17 16:19:35.133 +0000 Configuration not changed.2023-03-17 16:22:41.815 +0000 Warning: pan_lacp_worker_poll(pan_lacp_thread.c:630): lacp worker poll timer interval too short. now 2045917863, last 2045917862, diff 12023-03-17...

Resolved! PA integration with Solarwinds

I am trying to configure a PA850 to send trapns to Solarwinds for monitoring. I have configured the SNMP trap and am currently in the "SNMP Setup" page. In regards to views, how do I find the OID and the MASK for it. Is that required or it there a way to bypass?

Resolved! User-ID Group Mapping not working in a security policy

Hi, I have searched and found similar posts but none seem to have a working solution for this... I have a simple security policy to deny access to a VM located in the 'trust' zone if it matches a user in the user group created on the AD server. I've confirmed with 'show user group name' that the firewall can indeed see the correct users in the g...

G.Grant by L2 Linker
  • 33421 Views
  • 18 replies
  • 0 Likes

Add Multiple DNS Suffixes

Is there a way to add more than one DNS suffix to DHCP?I know in Mac OS X I can add multiple search domains, but I don't want each user to have to do this, nor type in our long domain names each time either.Thanks!

Resolved! Threat Logs: Countries with no IP

So we have 'Use X-Forwarded-For HeaderEnabled for Security Policy' enabled, and are using it policies. The threat logs show the real Source Country but no address under X-Forwarded For IP Column. Although when exported to CSV many logs show the real address under XFF column. And many don't. Again checking in GUI although some logs show XFF in in...

image.png
image.png
raji_toor by L4 Transporter
  • 2422 Views
  • 2 replies
  • 0 Likes

Avaya 9611G/4610SW VPN to PA-500

Has anyone had success connecting Avaya IP phones via VPN to PA devices? I am able to complete IKE Phase 1 authentication, but fail Phase 2 due to local/remote proxy IDs not found: 'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 192.168.50.0/24 type IPv4_sub...

itmanager by L1 Bithead
  • 28057 Views
  • 22 replies
  • 0 Likes

Resolved! IPSec VPN Setup for Avaya Phone

I am attempting to setup an IPSec VPN tunnel to connect to remote Avaya phones. I am not sure if I am doing it correctly. I've set up a new IPSec tunnel and configured it to use dynamic IP for remote peers. I am not sure if this is correct or not. It seems to me this would be for a site-to-site VPN. I believe I am looking for more of a client VP...

mario11584 by L4 Transporter
  • 27193 Views
  • 16 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks