This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4451 Views
  • 0 replies
  • 0 Likes

Resolved! PA-220 Reboot

Hi Team, Firewall got rebooted instead of generating a tech support file can we do any other troubleshooting to check why the firewall was rebooted. If i generate the tech support file i have to go to Palo to check what it is and wait till i get the response. Instead, if I can check few commands, it will be better. In Cisco ASAs we can analyze...

Resolved! PA 500 Cisco 3560

Hi there, I am totally new here in Paloalto firewall. I have PA 500 and want to do lab test and I want to find a basic instruction to set up PA to connect internet and also connect to Cisco switch. I am very familiar with Cisco ASA and switch since we do all CLI but I understand PA firewall is all GUI. Any help I would be appreciate. My unders...

phugiay by L2 Linker
  • 9182 Views
  • 13 replies
  • 0 Likes

Resolved! IPSEC Tunnel to ASA - PeerID issues

I am setting up an IPSec tunnel to an ASA. I am getting an error message about the PEERID type only allowing IP but received FQDN. Per the other KB article, I changed the PAN Exchange mode to Aggressive. Now the PAN received a FQDN of the ASA side and gave listed the FQDN in the system logs.My question.. where in the ASA can you configure PEER a...

SDorsey by L4 Transporter
  • 8224 Views
  • 5 replies
  • 1 Likes

Newly registered domains

Occasionally we run across newly registered domains that we either know or believe to be non-malicious and that we need immediate access to. Newly registered domains are blocked by the Palo Altos - is there a way to flag specific newly registered domain URLs as allowable?

Exporting all the rules and sub rules

I have been tasked with exporting all the rules from our Palo Altos for monthly review purposes. Panorama has shared rules as well as rules in each device group. Our firewalls have rules on them as well. Support suggests using the PDF/CSV option on the shared rules. We have 10+ shared and sub device groups, and 20+ PA220s. Obviously this w...

AWongCA by L0 Member
  • 11193 Views
  • 2 replies
  • 0 Likes

Vwire

Vwire is introducing latency please help me. by using vwire we are observing 80 ms of latency.

URL filtering for a School

I am using a Palo Alto 500 to filter url content on a school network. I have blocked streaming media but some sites like college humor still go through. How can I block all streaming video, also I would love to able to block flash games. I am new at using the Palo Alto so if you have any suggestions on other application to block that would be of...

donaldmc by Not applicable
  • 7508 Views
  • 3 replies
  • 0 Likes

ION2000 controller connection failed "Analytics" not connected

ION2000 controller connection failed "Analytics" not connected Ion# debug controller reachability controllerTPM and tcsd process is running fineMic cert check passedCic cert check passedMic cert verify passedCic cert verify passedCIC cert connection test failedcurl exitCode: 7 How to resolve this

Resolved! vulnerability block action

Hi,when creating a profile choosing block action is seen as "reset-both" on the logs.is that normal behaviour or not ? Thanks.

PanIst by L3 Networker
  • 10745 Views
  • 10 replies
  • 0 Likes

syslog udp session keep alive ?

When forwarding logs, they are being sent to udp 514. The udp time out is 30 seconds, and the syslog server actually receives packets every 5 seconds. However, I wonder why the firewall keeps the session longer than 30 seconds. When the time is long, it is several minutes or hours, and sometimes the date passes.

스크린샷 2022-12-29 오후 2.34.03.png
스크린샷 2022-12-29 오후 2.34.50.png

Resolved! IPSEC Tunnel down on GNS3

Hi- I am trying to implement exactly this article for ipsec - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK However the tunnel is not coming up, I am not sure if its gns issue or my configuration? Wireshark packet drop also attached Please note you are posting a public message where community membe...

Capture.JPG
Capture1.JPG
Capture2.JPG
Capture3.JPG

failing back to primary FW and short loss of ISP connection

Good evening, Tomorrow I'm cutting over a new pair of 3410's. I have 3 LAG connections (AE.1, AE.11, and AE.10). AE.11 is the physical connections to my ISP switch. There are two L3 sub interfaces (VLAN 800 & 801). VLAN 800 = ISP1 and VLAN 801 = ISP2. Both ISP routes are static and have the same metric / AD. I'm using ECMP and it works well ...

  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks