This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

Resolved! Confirming Upgrade Path

Hello everyone, I just wanted to clarify/confirm the proper upgrade path to latest preferred 11.0.2-h2. We are currently on version 9.1.12-h3. From what I have gathered, would the below steps be the proper steps and path? 1. Download and install 9.1.16-h3 2. Download 10.0.0 3. Download and install 10.1.10-h2 4. Download 10.2.0 5. Downlo...

Resolved! UserID Agent version compatbility

Hello, I'm currently working through the Certificate Advisory. We currently have firewalls running 10.1.11, user-ID agent is 10.1.1-102. Started an upgraded firewalls to current preferred version of 10.1.13h1. The issue I have is I am simultaneously trying to introduce PA-1410 firewalls into Panorama for management. PA-1410 does not supp...

Issues with Device Telemetry

I have an HA pair (active/passive) of PA3250s (no Panorama) and just recently upgraded to PanOS 10.0.6 from 9.1.9. I configured the device telemetry and downloaded the new certificates for both firewalls. Telemetry is working great on my primary firewall, however, the secondary is failing every time with the error code "CDL Receiver Key Empty". ...

cdlkey.PNG

SNMP (V3) not working on MGMT Interface

PAN-OS: 10.1.6-h6 Issue: SNMP (V3) not working on Management Interface. Description: Customer have configured SNMP monitoring from Logic Monitor and Palo Alto but and its working fine for Dataplane interface but if we change it to management interface its not working and getting the error message as below. Troubleshooting Done: 1. Checked t...

Purushotham_0-1713112831485.png

How to allowlist a file form wildfire-virus

We have a file (Filex.exe) that is throwing blocks of the following type Threat Type wildfire-virus Threat ID/Name trojan/Win32 EXE.crypt.aexg ID 213019932 (View in Threat Vault) How do I add this exclude this file from alerting? I went into Object > Security Objects > Antivirus > the profile > ...

Verac22 by L2 Linker
  • 1658 Views
  • 5 replies
  • 0 Likes

Resolved! No "certificate used by" field when generating certs for SSL forward trust and untrust?

I'm configuring a SSL decryption POC and I'm running into an issue where when I generate or import a certificate for either my forward trust or untrust cert, I don't see a field to specify that I want this cert to be used for those purposes. In the documention, I see this: For Certificate Use For, select Forward Untrust Certificate. But I n...

Domain/IP categorisation

Hi all,I am using a PA-5250 with PAN-OS 11.1.6-h10. Our environment makes use of the automated correlation engine correlated events. So for example we get alerts like this one: Host repeatedly visited uncategorized domain (6 times), and performed EXE downloads from these domains. The hosts that are responsible f...

PA-445 stability?

Anyone else having issues with PA-445 stability? We're doing our 2nd RMA in less than 6 months on a PA-445 that just randomly restarts. It's on dual independent electrical circuits (with UPSs). After the first RMA it did it again and support said it needed an updated OS to resolved the issue (11.1.4). Same issue again (still on 11.1.4) and this ...

Identify users (UIA) authenticating with SAML

HI, We have some users authenticating with SAML (EntraID) but these users are not being identifing in UIA. Is possible to get the info in UIA and palo about users authenticating in SAML? any idea or KB?

BigPalo by L4 Transporter
  • 582 Views
  • 2 replies
  • 0 Likes

Software NGFW Credits

Can someone please help clear up some conflicting info I am getting. I have Panorama managing on-prem firewalls and cloud firewalls. When I purchase credits for my cloud firewalls, I would think it is not necessary to check the Panorama Management box below, considering I already am licensed for Panorama. I'm being told I should check this o...

securehops_0-1758331564853.png

Disable interface and kill its sessions by schedule...

Hi,This is a boarding school situation. By mutual agreement we close internet access to the dorms from midnight to 6AM. Several years ago we tried to control the DormsNetZone rules by a schedule. However as this didn't kill the active sessions it was of little use for us. Now we interrupt the AC power to the DormsNet distribution switch to a...

password not working in active device

We have an Active/Passive Palo Alto HA setup with IPs .135 (primary/active) and .136 (secondary/passive). About a month ago, when logging in via the VIP, I landed on .136 (active at that time not sure how it became active ) and was able to access it, but couldn't log in directly on .135. Last week, following an issue, the roles switched—.136 bec...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks