This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4104 Views
  • 0 replies
  • 0 Likes

Resolved! Behavior of the 3 possible options -SIP flow with TCP - SIP TCP cleartext

Hello good afternoon everyone LiveCommunity. For an environment with TCP-SIP with the ALG disabled at App "SIP" level and/or with AppOverride, I would understand that these options should no longer generate any noise, problem or unwanted behavior no ? PAN-OS 9.1.14 - Layer 2 FW - HA https://docs.paloaltonetworks.com/pan-os/9-1/pan-...

Metgatz by L4 Transporter
  • 8063 Views
  • 2 replies
  • 0 Likes

How to get/send DNS logs to on-prem SIEM -- DNS Proxy + DNS Security

Hello Community! Wondering if anyone has this scenario / has experience with retrieving DNS security logs... Remote Site Firewall setup: - DNS Proxy Enabled (Rules direct internal domains to internal DNS servers across SDWAN, all other DNS request go out local internet to 8.8.8.8) -Firewalls have DNS Security Subscription Problem: We previou...

SWITCHING PANORAMA VM FROM LEGACY MODE TO PANORAMA MODE failing

- We are trying to switch the Panorama device from Legacy mode to Panorama mode SWITCHING PANORAMA VM FROM LEGACY MODE TO PANORAMA MODE - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPTzCAO - Currently running on 8.1.x version in Panorama Legacy mode on VM and need to upgrade the system disk to meet the requirements...

Param_Upadhyay_0-1677708171809.png

Resolved! Network Throughput Graphs are incoherent in PA-220

Hi, We are experiencing an issue with the PA-220 network graphs displayed in one of our sites. We know that the router in front of the firewall delivers a 90 Mbps (Megabit per second) max throughput. This measure has been verified extensively. However when trying to visualize the traffic received by our test machine from the firewall we...

f4lkon_0-1677147475652.png
f4lkon_1-1677148310474.png

Resolved! Unable to change password on LocalDB user, when added to AuthProfile

Hi People! I'm using PanOS 10.2.2 on a PA-440. I have created a few LocalDB users and added them to a group. Then i've created an authentication profile and added this group to the allow list (also tried with "all"). Since these local users are also the fw administrators, i've created the same users under Device/Administrators and linked the app...

IPsec tunnel on passive FW and Solarwinds alert

Hello,We are currently running pair of 3260s in HA. When the IPsec tunnel goes down on primary FW, we get alerts from Solarwinds that both tunnels are down on primary and passive Firewalls. Is this normal condition? If so why would I receive alert on passive FW?Thanks

understand thermal check commands

Need help with understanding output for this. show system state filter env.* | match thermalenv.s1.thermal.0: { 'alarm': False, 'avg': 55.000, 'desc': 6220 Core Temperature, 'hyst': 4.500, 'max': 95.000, 'min': 5.000, 'notified-avg': 55.000, 'samples': [ 55.000, 55.000, 55.000, ], 'shutdown': False, }env.s1.thermal.1: { 'alarm': False, 'avg': 39...

fatboy1607 by L4 Transporter
  • 18414 Views
  • 11 replies
  • 0 Likes

Resolved! Clone a Device Group?

Hi Guys, I have Panorama with a few device groups; how do I clone one of them from GUI so I can do testing without impacting a production device group? Thanks

tinhnho by L3 Networker
  • 7058 Views
  • 1 replies
  • 0 Likes

Resolved! Only partial of template got pushed to the firewall.

Hi Guys, I have a template in Paranoma and I pushed it down to a firewall, the firewall could only get 80% of the template. The Panorama didn't complain as there were no error messages after the push. The firewall is currently missing interfaces' settings and virtual router settings that I have set up on the template. The Policies and Object...

tinhnho by L3 Networker
  • 4498 Views
  • 6 replies
  • 0 Likes

Resolved! Unable to change hardware udp session offloading setting as false

  Hello all,I am using PA-440 on the PAN-OS 10.2.3-h4. Due to performance degradation issues, hardware session offloading and hardware udp session offloading was changed to false through the following commands. > configure # set deviceconfig setting session offload no # commit However, hardware session offloading has changed normally, but...

Screenshot 2023-02-28 at 5.36.56 PM.png
Screenshot 2023-02-28 at 5.37.22 PM.png

Resolved! IP Wildcard Address not supported in Address Groups?

I am trying to make an address group that consist of wildcard addresses but I get this error: vpn30-wc -> static 'vpn30-v110-wc-1' is not a valid reference vpn30-wc -> static is invalid vpn30-v110-wc-1 is an IP Wildcard vpn30-wc is a new empty address group. Is this not supported?

BBartik by L2 Linker
  • 3958 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks