This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! PBF Rule breaks internal network access when connected to VPN

So, we have 2 ISPs and recently made a PBF rule that takes source, user and destination 'any' to route to ISP 1. Everything works and we can see traffic flowing accordingly. However, When 1 of our users connected via VPN (global protect) which is setup to connect to ISP 1, they can connect but were unable to access any of the internal network re...

Inbound NAT for multiple VMs through single Azure firewall

Hello, One of my customer purchased an instance Azure VM-300 firewall recently. The customer has approximately 25 applications in the Azure network and they need to publish these applications to the internet users through the Palo Alto firewall. Each of these VMs have a public IP and the customer need to retain these IP addresses since they have...

shabeeb by L1 Bithead
  • 3663 Views
  • 2 replies
  • 0 Likes

link-change still informational severity?

Can someone explain to me the rational behind allowing an interface to drop and having the link-change log a down state and yet have it be INFORMATIONAL severity level? I saw an old question about this and it seems somewhat ridiculous? We had filtering on higher severity levels and had a circuit drop and never got the alert and then realized wh...

Untagged subinterface NAT

Hello all, I've been reading on untagged subinterfaces and I'm not sure this scenario would even work for what I want to do. Basically I want to segment different two zones coming over the same interface. I usually accomplish this by creating a virtual-router on the core and running cables to different ports. License and hardware limitations p...

ClintL by L2 Linker
  • 3548 Views
  • 3 replies
  • 0 Likes

lacp worker poll timer interval too short

Software Version 10.1.8-h2 2023-03-17 16:18:48.037 +0000 phase1 completed2023-03-17 16:19:35.133 +0000 start phase22023-03-17 16:19:35.133 +0000 Configuration not changed.2023-03-17 16:22:41.815 +0000 Warning: pan_lacp_worker_poll(pan_lacp_thread.c:630): lacp worker poll timer interval too short. now 2045917863, last 2045917862, diff 12023-03-17...

Resolved! PA integration with Solarwinds

I am trying to configure a PA850 to send trapns to Solarwinds for monitoring. I have configured the SNMP trap and am currently in the "SNMP Setup" page. In regards to views, how do I find the OID and the MASK for it. Is that required or it there a way to bypass?

Resolved! User-ID Group Mapping not working in a security policy

Hi, I have searched and found similar posts but none seem to have a working solution for this... I have a simple security policy to deny access to a VM located in the 'trust' zone if it matches a user in the user group created on the AD server. I've confirmed with 'show user group name' that the firewall can indeed see the correct users in the g...

G.Grant by L2 Linker
  • 34235 Views
  • 18 replies
  • 0 Likes

Add Multiple DNS Suffixes

Is there a way to add more than one DNS suffix to DHCP?I know in Mac OS X I can add multiple search domains, but I don't want each user to have to do this, nor type in our long domain names each time either.Thanks!

Resolved! Threat Logs: Countries with no IP

So we have 'Use X-Forwarded-For HeaderEnabled for Security Policy' enabled, and are using it policies. The threat logs show the real Source Country but no address under X-Forwarded For IP Column. Although when exported to CSV many logs show the real address under XFF column. And many don't. Again checking in GUI although some logs show XFF in in...

image.png
image.png
raji_toor by L4 Transporter
  • 2492 Views
  • 2 replies
  • 0 Likes

Avaya 9611G/4610SW VPN to PA-500

Has anyone had success connecting Avaya IP phones via VPN to PA devices? I am able to complete IKE Phase 1 authentication, but fail Phase 2 due to local/remote proxy IDs not found: 'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 192.168.50.0/24 type IPv4_sub...

itmanager by L1 Bithead
  • 28810 Views
  • 22 replies
  • 0 Likes

Resolved! IPSec VPN Setup for Avaya Phone

I am attempting to setup an IPSec VPN tunnel to connect to remote Avaya phones. I am not sure if I am doing it correctly. I've set up a new IPSec tunnel and configured it to use dynamic IP for remote peers. I am not sure if this is correct or not. It seems to me this would be for a site-to-site VPN. I believe I am looking for more of a client VP...

mario11584 by L4 Transporter
  • 27770 Views
  • 16 replies
  • 0 Likes

Palo Alto 10.2.3 VM Series FLEX - High CPU Peaks Every 10 Minutes on ESXI Hypervisor

Hello, We are new to Palo Alto and a bit confused about the firewall behavior because it peaks every 10 minutes on the MP. There is a process on "show system resources follow" that is called "monitor" that is on 99-100 % of CPU usage. Unfortunately i cannot find anything about that process on the common processes KB. There is no traffic impa...

PatrickMarkert_1-1681300911914.png
PatrickMarkert_0-1681300451377.png
PatrickMarkert_2-1681300983286.png

Resolved! Slow VPN performance in >ONE< direction

Hello Community, i have a strange problem regarding VPN. Here is my setup: HQ: - PA3020 vsys2 connects to a 100/100Mbit WAN. (local, stable provider)- Public IP is configured directly on a interface of the PA- Speedtest from local network in HQ commits the 100/100Mbit Branch:- PA220 connects to a 50/10Mbit Vodafone WAN- NAT will be applied on th...

Resolved! Where can I find an old Cortex macOS installer?

Hi community. I need to know where I can find the installer of Cortex XDR 7.8.0.2405 for Mac because I have some devices where that old Cortex version is stuck and I can't delete it successfully. Or, if you have another method that can remove that old version it would be great. Thanks in advance. Jean Franco Martínez

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks