General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 244 Views
  • 0 replies
  • 0 Likes

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 922 Views
  • 0 replies
  • 0 Likes

Radius Accounting

Is there a way to configure the boxes to act as a NAS by sending a Radius Server (like Freeradius) accounting information? I am particularly interested on the session start and session stop attributes. I am about to provide Globalprotect VPN access t

...

Error while disabling tunnel.

Hi All,

We are running PA with firmware 9.0.4

 

Getting errors while "disabling" not required/unsed IPSec tunnel.

 

Error: tunnel interface tunnel.50 encap interface is not set.

Error: parse tunnel member failed.

Error: error parse qos tunnel group

Error: er

...

Jimmy20 by L2 Linker
  • 5200 Views
  • 3 replies
  • 0 Likes

Rules from One Zone to another Zone

Hello All,

 

from the GUI i can get all the security policies from one zone to another, However, from the CLI, is there a way?

 

for example : i need all the policies from Orange_Zone to Free- App_Zone

 

"Orange to DEVDB11-1; index: 1333" {
from Orang

...

User-ID Agent

Hello!

 

I have a Palo Alto with version 9.1.5 installed and I want to install a User-ID Agent, which version can I install?

Rate increase in flow_ipv6_disabled

Hi All,

 

Is there any way to check which source of this flow_ipv6_disabled?

Our monitoring tool keeps on alerting us due to these parse packet drops. 

 

When I run the command below, I don't see any logs on Palo Alto's monitor. 

 

debug dataplane p

...

mudvayne15_0-1661210191059.png

Join Palo Alto Networks at SASE Converge 2022!

 

Is your network ready for a new hybrid work environment? Join Palo Alto Networks leadership and industry experts at SASE Converge 2022 to learn about the latest trends and innovations in SASE!

 

Check out the agenda and register for SASE Converge

...

jforsythe_1-1661266514429.jpeg
jforsythe by Community Team Member
  • 9363 Views
  • 0 replies
  • 0 Likes

Resolved! URL Filtering Version

Hello -

I have a question about versioning.

 

Some of my HA pairs have all zeros, some have a matching versions and some a mismatch of zeros and a version. Seems to be no rhyme or reason.  How can I correct this?

 

For example:

fw(passive)> show url-

...

Resolved! IPSec tunnel slowness issue

Hi Folks,

 

We had recently configured an IPSec tunnel between the PA and the Cisco Meraki firewall. 

 

The PA firewall is located in India and the Cisco firewall is located in USA.

 

We are trying to upload an file from an Linux host located behind

...

Quic / HTTP/3 whats palo doing about this

Hi

 

Wondering what the road map is for allowing this - but safely - ie decrypting etc

looks to me like http/3 is going to be moving ahead and looking at a lot of the material its going to be very beneficial - especially in the space of speed / laten

...

Dual ISPs VPN failover across both

Trying to provide some tunnel redundancy to some of our AWS environments.  I have 2 ISPs both with an interface/static IPs on my HA PANs. ISP-A is my default with a default route to the internet pointing to its next hop.  


ISP- A Eth1/8 9.9.9.9/24 ZO

...

drewdown by L4 Transporter
  • 2343 Views
  • 2 replies
  • 0 Likes

Resolved! Issues with Dual ISP Failover

I followed these instructions to set up ISP failover : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAO

 

When the primary ISP1 goes down, it does indeed fail over to secondary ISP2, in every respect except that traff

...

Rule Shadow count not working

Hi, everyone. I'm currently working on a new config for a couple of firewalls, but everytime i commit my config I get rule shadow warnings (valid ones) but I can't use the count link to get a list of the shadowed rules. I'm running 10.1.6; is this a

...

CMachado_1-1660849741876.png
CMachado by L2 Linker
  • 2179 Views
  • 3 replies
  • 0 Likes

Resolved! Best practices - Multi large upgrades pan-os Firewall HA

 

Best practices - Multi large upgrades pan-os Firewall HA

 

Good afternoon, as usual, thank you very much for your support and collaboration.

We have the possibility with a customer to perform multiple upgrades in one day, maintenance window.

We nee

...

Metgatz by L4 Transporter
  • 3467 Views
  • 4 replies
  • 0 Likes
  • 24025 Posts
  • 115 Subscriptions
Top Liked Authors
Labels