This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

Traffic getting hits on non-allowed URLs

Hi All, I have been experiencing a situation where http and https traffic are getting hits on 1 of my security policies which is configured with Custom URL Category. It looks something like this: Source Zone: Internal Source: Internal Network Destination Zone: External Destination: Any Application: Any Service: HTTP & HTTPS URL Categor...

Route traffic to certain website(s) through site to site VPN without Route All Traffic VPN set.

In existing site to site vpn tunnel setup between Head Office and Remote Office, there would be requirement that traffic to certain website from remote office need to be routed through head office Internet connection through the existing site to site vpn tunnel. However the requirement would not be to configure the site to site vpn tunnel in Rou...

What is error "management server failed to send phase 1 abort to client logrcvr" and "management server failed to send phase 1 client ssl VPN" ?

Hi All,.PAN OS 4.1.11 and we are using user id feature,.. is this is due to bug in this release for "high management CPU utilization" ?What is error "management server failed to send phase 1 abort to client logrcvr" and "management server failed to send phase 1 client ssl VPN" ?due to this i am unable to do any changes in my firewall,...kindly h...

Gururaj by L4 Transporter
  • 13636 Views
  • 8 replies
  • 0 Likes

Resolved! LACP interface ethernet1/24 moved out of AE-group ae1

Hi Guys, We are getting "LACP interface ethernet1/24 moved out of AE-group ae1" through syslog (emailed) multiple times in a day on PA 3410 running on PAN OS 10.2.3 in HA active/passive. The switch in use is Aruba 8320 Interesting the same msg is received from the passive device too (whereas its interface is in shutdown mode) l2ctrld.log has no...

paragkarki143_0-1673237010186.png
paragkarki143_0-1673328417388.png
Pras by L4 Transporter
  • 20435 Views
  • 9 replies
  • 0 Likes

Resolved! Palo Alto Layer 2 bridging

Any idea on when or if PAN is going to produce the functionality to do layer 2 bridging (example, traffic on vlan 300 would be directed to vlan 3000...etc? Right now the function only seems to be possible when in conjunction with a physical interface per bridge which isn't scalable for lots of vlans like a DC. Another option is enabling the func...

Resolved! Palo Alto BGP routes from Azure

Palo 5220 running at the edge, using VPN tunnel to Azure virtual WAN running eBGP. Palo iBGP peered to switches, switches peered eBGP to Azure Express Route. My issue is VPN route is always installed in route table rather than express route, I assume because eBGP is AD 20 vs iBGP AD 200. I have tried local pref and weight on the palo to try and ...

Enable DNS Cloud Security

Dear All, I generated BPA Report for Panos 10.2.3 but I need to know how to enable it DNS Cloud Security ? Best Practice Checks DNS Cloud Security (Fail) Configure DNS cloud security and set the action to Sinkhole and packet capture to a single packet. DNS Sinkhole (Pass) Anti-Spyware Low/Informational Profile (Pass) Anti-Spyware Stric...

Resolved! New Panorama deployment - templates question

We have a new Panorama deployment. We are deploying the first pair of PA440 HA pair. The question I have is around templates and template stacks. Do we create individual template-stack for each and every site that we will deploy Palo Alto firewalls in. We will have a total of 100+ Palo Alto firewall all in HA mode. My organization supports...

ismailsh by L1 Bithead
  • 2454 Views
  • 1 replies
  • 0 Likes

Palo Alto interfaces in Layer 2 - Portchannel - Log Monitor more details

Palo Alto interfaces Aggregate Ethernet mode Layer "2" - Log Monitor more details Hello Live Community, good afternoon, I have a huge question regarding what I see in the log monitor of some firewalls with Layer 2 Portchannels with sub-interfaces tagged vlan layer 2. I have some customer firewalls, which have Layer 2 Interfaces with Portchan...

Metgatz by L4 Transporter
  • 5757 Views
  • 6 replies
  • 0 Likes

Resolved! Virtual router not getting attached

2 Azure VMs managed from same panorama template. Adding a loopback interface and IP but virtual router getting attached to only in 1 VM. They are not in HA and are separate firewalls. It won't even let delete it on this firewall. getting message below

image.png
raji_toor by L4 Transporter
  • 2370 Views
  • 1 replies
  • 0 Likes

Newbie looking for some guidance

Hello everyone. I am new to Palo Alto firewalls. We have bought many new PA-440's and I am having trouble with my very first installation. I have a site that is currently using a TP-Link AX1500 router. Very simple setup.... ISPmodem----WANportOfAX1500/LANportOfAX1500----Clients. I have tried, without success, to mimic the setup of the AX15...

Resolved! System logs view option missing

Hi,We have recently upgraded all our PA firewalls from 4.1.7 to 4.1.9. I no more see the system logs option. It used to be available earlier. I see the recent system logs on the Dashboard. How do I see system logs?

Sly_Cooper by L4 Transporter
  • 14100 Views
  • 10 replies
  • 0 Likes

Resolved! Auto Commit Fails and prevents 10.2.0 Installation on ESXI 6.5

Hi Guys, Auto Commit Fails and prevents 10.2.0 Installation (upgrade from 10.1.x) on ESXI 6.5 on Active-Active FW where as the peer (on Active-Passive) had no issue. My question is, as per https://docs.paloaltonetworks.com/compatibility-matrix/vm-series-firewalls/vms-series-hypervisor-support we need 6.7,7.0 to run 9.1.x to 11.0.0, then, firstly...

Pras by L4 Transporter
  • 2716 Views
  • 2 replies
  • 0 Likes

Resolved! QoS cleartext match issue

We have setup similar to as below I created/applied default QoS profiles on AE1 and AE5. However in order to be more granular I want to apply on individual subnets.As in this example we want to use separate QoS profile for 10.129.0.0/16 subnet for traffic going to internet. I have tried to add subnet under cleartext on both AE1 and AE5, with a...

image.png
image.png
raji_toor by L4 Transporter
  • 2816 Views
  • 2 replies
  • 0 Likes
  • 24335 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks