This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4220 Views
  • 0 replies
  • 0 Likes

Resolved! What is multi-vsys firewalls?

Hi guys, What is multi-vsys firewalls? Why do we need multi-vsys firewalls? What are cons and pros of using multi-vsys firewalls? Could I get some cases that needs multi-vsys firewalls? AS of now, my panorama has default vsys is vsys1 for the templates. Thanks.

tinhnho by L3 Networker
  • 11535 Views
  • 7 replies
  • 0 Likes

dhcp on L3 or Vlan interface

Using our pa firewall connected to our ISP modem (in bridge mode) its working fine. But I have a zone called guest that I want to have dhcp clients on that will be separate from my trust network. I want to be able to have those guests on DHCP from the Palo. Do I configure that guest interface as L3 or Vlan?

roma by L2 Linker
  • 2977 Views
  • 4 replies
  • 0 Likes

duplicate ipsec tunnels

Hello Comunity, I have a weird issue, we upgrade a cluster to 10.1.5-h1 from a 9.1 version, after the upgrade on the gui i see all the ipsec tunnels duplicated for example i had an ipsec tunnel called vpn_consult, after the upgrade i had 2 ipsec tunnels called vpn_consult, all the tunnels are working, and in the merge-running-config.xml, i see a...

SSL Inbound decryption -Decryption error

One of my application is not decrypted i have applied SSL inbound decryption policy and got decryption-error.On other hand another application with same intermediate certificate having decrypted. As same intermediate only child certificate is change.

Untitled.png

Resolved! Adding a firewall back into a AP cluster that has outdated network and device settings

Hi All, I'm curious if anyone can provide an article or just some basic steps of adding a firewall back into a AP cluster that has "outdated" network and device settings. Firewall-02 was moved to a new location and has a new IP scheme for the network and device settings. Firewall-01 will be physically moved and needs to rejoin the cluster, b...

Resolved! HA Failover Hold Timers?

Hi folks, I will be configuing my first Active/Passive HA next weekend on two PA 3020 devices. I am trying to understand the difference between Monitor Hold Time for HA1 link and Monitor Fail Hold Down Time for the Active/Passive settings. Could anyone equate these settings to what would happen in a typical Active/Passive failover?Ex. Active fa...

HAtimer1.jpg
HAtimer2.jpg
OMatlock by L4 Transporter
  • 12346 Views
  • 4 replies
  • 1 Likes

Premium support contracts

I would like to open a case to verify our current support contracts. I need to know about premium supports if still covered for Hardware replacement and software maintenance? Here is my support account ID 23384 Thanks,

jgascon by L0 Member
  • 1597 Views
  • 1 replies
  • 0 Likes

Resolved! Device registration auth key is required for on-boarding firewall running PAN-OS 10.1 and above. All firewalls running PAN-OS 10.0 and lower do not re

Device registration auth key is required for on-boarding firewall running PAN-OS 10.1 and above. All firewalls running PAN-OS 10.0 and lower do not require or support device registration auth key. You can use the button below to create OR copy the default auth key valid for 24 hours for any firewall you onboard OR go to Panorama->Device Regis...

ZhouYu by L2 Linker
  • 5789 Views
  • 1 replies
  • 0 Likes

SSO with macOS devices

Can anyone tell me if there is a supported method or a known workflow to have Global Protect automatically sign in sign in to the current user account with locally domain bound macOS devices? Similar to the way we are able to do this with Windows PC's. On our Windows PC's that are joined to our on premise domain we are able to use the SSO featur...

Connect automatically to Global Protect using OKTA cred

Hi, Thought it might be worth asking here, maybe you can help me 🙂 We're using Prisma Access and the Global Protect client to log in to VPN. We're also using OKTA to authenticate. Is there any way to somehow automate the login to the client, and maybe in a way, somehow enforce the login? We basically want all of our users to keep login into G...

nivhovav by L0 Member
  • 2977 Views
  • 2 replies
  • 0 Likes

Downgraded software

I downgraded 5220 from 10.1 to 9.1.14h4 and once rebooted fan wont stop starting and stopping. Also can’t commit says communication error happened during configuration to dataplane

mlindsey by L0 Member
  • 2084 Views
  • 2 replies
  • 0 Likes

The Cortex UX Research Lab Is Seeking Participants!

Hello LIVEcommunity! The Cortex team is currently developing a significant UX research effort, the Cortex UX Research Lab, for all aspects of Cortex. As a part of that, we need you — the user — to help us best understand how people use our products and other security products in the real world, as well as test and give feedback on all manner...

Screen Shot 2023-01-17 at 9.59.01 AM.png
JayGolf by Community Team Member
  • 2890 Views
  • 2 replies
  • 1 Likes

Pre Logon then On Demand

Hi All, I have a question regarding Pre-Logon and then on demand. A client has reported they have setup pre-logon tunnel rename timeout to 90 secs. After the client logs in, the GP client goes into a disconnecting state and never times out. Client has to select refresh connection to resolve the issue, and then login manually. I have tested in o...

Ben-Price by L4 Transporter
  • 6058 Views
  • 5 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks