This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Failed to renew device certificate

Hi the device certificate is going to expire end of march.My PA trys to renew it and comes up with the following error:Failed to renew device certificate.Failed to send request to CSP server.Error: No OCSP response received(dest => 35.238.43.180) I have no telemetry enabled. Just activated the certificate with OTP on 2020/12/29 after upgradin...

kbe by L3 Networker
  • 30117 Views
  • 15 replies
  • 0 Likes

Tacacs+ Cisco ISE config

Does anyone know how to configure the cisco ISE side? We can use tacacs now to access the gui but only local usernames and passwords work when trying to access the CLI using SSH. Does anyone have a complete cisco ISE setup? I found a guide to set up palo alto on the cisco ACS platform but ACS is end of life.

PAN-OS 8.0 HA A/S Cluster MAC Flapping

Is anyone else experiencing MAC Flapping with an A/S Cluster running PAN-OS 8.0? When one of the firewalls is rebooted and goes into the HA passive state the network detects a network loop because of MAC address flapping between the Active and Passive firewall. Because of this dynamic MAC learning is disabled for 180 seconds on both interfaces. ...

mvdooren by L0 Member
  • 3892 Views
  • 1 replies
  • 0 Likes

ISP Configuration in case of TATA (Unmanaged ILL)

ISP Configuration in case of TATA (Useful for Indian Customers willing to configure an unmanaged TATA ILL) ** This is useful in case you are not provided with a MUX or a ROUTER along with the Internet Link form the ISP** If you are a customer willing to configure an unmanaged TATA ISP where you are provided with a LAN IP POOL and WAN IP POOL fro...

dc firewall Management interface

Hi, Where should I connect in terms of security and management if I need to connect to the oob management interface? I have access layer, collapsed core, and server farm switches. Thanks

simsim by L4 Transporter
  • 1341 Views
  • 1 replies
  • 0 Likes

Two ISP Connection with some of my inside network going out one of the two

Greetings, Looking for some assistance in a scenario below; keep in mind I do not have or wish to have SD-WAN 1. ISP1 services the inside and outside connections 2. ISP2 acts as a vpn portal for extenal staff to connect to the inside and route to ISP1 The problem. I would like to force some of my inside servers (mainly backing up to the c...

zaheera by L0 Member
  • 1725 Views
  • 3 replies
  • 0 Likes

Can you setup a S2S VPN behind your Outside (untrusted) interface on same firewall?

HiI am using a pair of PA-3250 in HA and have 17 S2S VPNs using my outside interface that has /24 public IP assigned to it. Due to ongoing issues with our current internet, we have decided to move to a different internet platform (DIA) and enhance our redundancy (enable BGP).However, with this new setup, the ISP must give us a new /29 block to e...

Resolved! Change Font on Palo

Hi All, I was wondering if there is a way to change the font or font size on a Palo device. Couldn't find any relevant doc for it. Thanks, P @BPry @S.Cantwell

Pras by L4 Transporter
  • 3008 Views
  • 2 replies
  • 0 Likes

Upgrading PAN-OS active/passive question

I have 2 firewalls in active/passive mode. Am I able to upgrade one of the PAN's and leave the other in standby or passive mode for a few days while I ensure there are no issues before upgrading the second PAN? It is a jump bigger than 2 versions so the PAN I do not upgrade should go into standby mode. Will I be able to then upgrade the device i...

AnthonyT by L1 Bithead
  • 5430 Views
  • 8 replies
  • 0 Likes

Resolved! Can the Palo Alto Firewall autoguarantine users based on the number of violations they have made for a particular time?

Hello to All, Can the Palo Alto Firewall autoguarantine users based on the number of violations they have made for a particular time? I know that palo alto can add the users or ip addresses to and dynamic group using auto taging with tags (https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/user-id-features/dynamic-user-groups )...

Log-filter-bad-user.PNG

Global Protect

Entered the credentials, got the push. Gp is showing connecting and after 2 sec showing not connected and minimizes the agent. Exactly after 5 sec agent pops up.. Started spinning and gets connected.(Without asking for credential and push mfa) Version :6.1.0

OOM-Killer on 8.1 Trail (PA-5050 device)

Hi, i know this is about old software on old hardware, but both are still supported by Palo Alto. In the last months we get a heavy amount of OOM Message / Stack Traces / you name it. Actually we arent able to push new config changes from Panorama to the both devices. Everytime the commit will be aborted by some OOM activities and mostly the M...

Can Applications be filtered in some way in Cortex XDR report?

Hello all! I hope your day is going well!I wanted to know if Cortex XDR has the availability to filter applications in a report?What my goal is : For example I have 20 systems. Is there any way that I can put a filter on them, to see what Applications those systems have?For example, this is now happening with Groups. I can see what groups are as...

Creating a support case forwards me to LIVE community

Hello, We have a Panorama premium support and recently trying to create a TAC case and request for engineer on the support portal. But recently we are unable to create one and instead recommend us to use the LIVE community. is there still a way we can create a support ticket and set a call with a TAC engineer? for your advice.

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks