This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Validation Error after upgrading to 10.2.3-H4

Recently upgraded my PA-5220 to version 10.2.3-H2 from version 9.*, (took me 5 version upgrades to get into the 10.2.3-H2). Which now is causing some commit issues. The issue is a Validation Error as follows: vsys>vsys1>service-group>DM_INLINE_SERVICE_1>members 'domain' is already in use vsys>vsys1>service-group>DM_INLINE_SE...

CAllen by L0 Member
  • 2543 Views
  • 1 replies
  • 0 Likes

Server Monitoring of User-ID agent set-up shows Authentication failed /Connection refused error

We have over 80+ firewalls in our environment, all of them of version 10.1.6.-h6 , we are using Kerberos profile in the user-id agent set-up and every server monitor status seems connected. Except for the firewall which is with PAN-OS version 10.2.3.-h4, even after using the same parameters. getting below error: Server monitor HOSTNAMEDP(vsys1):...

Sujanya by L3 Networker
  • 3566 Views
  • 1 replies
  • 0 Likes

Resolved! Upgrading PAN-OS 8.1.x to 9.1.10

I want to upgrade PA-3220 (Active - Passive) from 8.1.14 to 9.1.10 Is this upgrade method correct or not?1.Download and install PanOS 9.0.0 (no reboot) Should I upgrade PanOS to 8.1.19 (Preferred release) or not?2.Download and install PanOS 9.0.13 and reboot3.Download and install PanOS 9.1.0 (no reboot)4.Download and install PanOS 9.1.10 ...

jirasith by L1 Bithead
  • 12800 Views
  • 10 replies
  • 0 Likes

Failover but Cannot access WebGUI

Hi All, I tried to upgrade the Palo firewall HA (Active-Passive). But when I failover active to passive, we cannot access the GUI on both firewall. Before I failover, I check the passive cannot reach to updates.paloaltonetworks.com. After I failover, I tried to connect throught CLI and passive (which it became active) can reach to updates.p...

Momoj by L2 Linker
  • 3595 Views
  • 4 replies
  • 0 Likes

Resolved! What happens when a base image is deleted from PAN OS

Hi All, My colleague deleted the base image 10.2.0 whilst being on the 10.2.3-h4. There is no issue with the device (VM series). Is this a normal practice? Will it ever effect the working of the firewall? FYI: This was an attempt to clear the root partition and it dramatically decreased the space from 99 to 72 percentage. He had deleted other v...

Pras by L4 Transporter
  • 4994 Views
  • 3 replies
  • 0 Likes

PA-220 console is blank

I received a PA-220 to set up at work. When connected to the console (USB-C cable), I'm only seeing a blank screen. I'm using 9600 speed and 8-N-1 but nothing shows up.Even if I reboot the device, nothing appears while it is booting up.

dlemez by L0 Member
  • 2115 Views
  • 1 replies
  • 0 Likes

Resolved! Google Chrome Geolocation

Hi, we have been experiencing a strange problem and not 100% sure if it is the Palo causing this. We use 2 ISP's and BGP, and have confirmed that our Geolocation is accurate, however when accessing google.com and using any map site including google maps it shows that we are located somewhere in Northern UK (we are in the US). My question is, I...

Resolved! High Availability Commit Failure on PA-5220

I am having trouble trying to get a PA-5220 to commit, when attempting to configure HA1, not on the ha1-a default interface, but rather on aux-1. The same applies when configuring HA1-Backup to use aux-2. I can commit with this config, under high-availabilty: set deviceconfig high-availability group 1 peer-ip 192.168.0.2set deviceconfig high-av...

Cortex geolocation ip error

Hi team, Cortex is erroneously geolocating IP addresses, although the FW itself locates them correctly. Can anyone help us how to proceed? Regards

Alpalo by L4 Transporter
  • 1200 Views
  • 1 replies
  • 0 Likes

Global Protect Hip check doubt

Hello, We are implementing HIP for our company, the case is that we already have several HIP objects and profiles working properly. My question is, if we have identified a machine that does not pass the hip check as we want, is it possible that the vpn is cut? or we can only limit access through security policies? Greetings.

Alpalo by L4 Transporter
  • 1260 Views
  • 1 replies
  • 0 Likes

User mapping - IdleTimout and MaxTimeout architecture with GlobalProtect only (no User ID agents)

We have a setup for up to 2.000 employees. Every employee has the GlobalProtect installed, but we are not using any User ID agent.We have only one portal configured, for both internal and external (vpn) connections.On both gateways (internal and external), we have configured the client tab with a Login Lifetime to 7 days and the Inactivity Logou...

convert configuration from set syntax to xml

dear community, please help with any idees how can convert a config file with "set" syntax into xml format. i know that i can extract the config direct in xml format 🙂 i need this solution to migrate some configuration that care only available in "set" format ..don;t ask me why 🙂 many thank for all your feedbacks

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks