This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Fetch Device Certificate failure

Hello, I am getting this error (Failed to fetch device certificate.TPM public key match failed.) on a PA460 (11.0.2-h2). I tried multiple solutions without success : This KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NlxCAE but it didn't work. Multiple commit force. I even generated an OTP on the CSP but I do...

Meed by L0 Member
  • 21314 Views
  • 11 replies
  • 0 Likes

XSOAR virtualization support

Dear All, I would like to request official documentation or a clear statement regarding the virtualization platforms supported for Cortex XSOAR on-premise deployments. Specifically, I would like to know: Which hypervisors (e.g., VMware ESXi, KVM, Hyper-V, etc.) are officially supported for installing and running Cortex XSOAR? If there is a c...

VPN Tunnel - Routing and Hidenat from FW public IP

I am a beginner on the Palo Alto firewall. When to do IPSEC and NAT 😊 I need to create a NAT rule that will allow traffic from 77.221.253.132 - the partner only has 1 public IP address and it is on their firewall.If I make a route to the public IP address(77.221.253.132) and route to the Tunnel interface - the IPSEC tunnel go down.how should ...

Resolved! Vsys migration

Hello All, What is the best approach to migrate a Palo Alto firewall configuration with VSYS to another Palo Alto firewall (As is)?

Resolved! Does anyone have any experience with Expedition

Greetings from Detroit Michigan! I have been tasked with migrating our current PA-5220 pair firewalls to a new PA-3420 pair. I have been led to believe that the "Expedition" tool will help with this task. The problem simply put is that the documentation for this is quite spartan in the area of migrating from a PA to a PA. We are using Expedi...

R.Gage by L0 Member
  • 1361 Views
  • 2 replies
  • 0 Likes

The PAN-OS fixed version information

Hi All, i am bit confuses how the fixed PAN-OS version information works for example 11.1.10-h1 can PAN-293673. Since PAN-293673 was already fixed in 11.1.6-h7 (which is lower than 11.1.10-h1), does that mean a higher version automatically includes fixes for known issues from lower versions, right? If so, that’s what confuses me: if PAN-2...

Resolved! DHCP Relay for GlobalProtect

I'm trying to setup globalprotect where once a user successfully logs in, they pull an IP from our dedicated, internal DHCP server with all the DHCP options. So essentially, setup Palo Alto for a DHCP relay for the GlobalProtect clients. I was trying to do this, but the Tunnel Interface I'm using for the GlobalProtect network doesn't have an IP ...

Error: pan_ldap_ctrl_search_device(pan_ldap_ctrl.c:1889): user_id database is not bound yet

Hi All, While troubleshooting a intermittent GP issue, I have noticed the below error repeating in the useridd.log. I am not sure if this part of the problem or not, but it does look a little worrying. I can still browse AD from the firewall and find groups. 2021-09-20 16:18:10.268 +1000 connecting to ldap://[192.168.1.1]:389 ...2021-09-20 16:18...

Ben-Price by L4 Transporter
  • 21337 Views
  • 13 replies
  • 2 Likes

GRE tunnel issue with packet size

Hello, I am migrating old ASA to Palo Alto PA-440, one of the things i am trying to migrate is IPsec tunnel, that Ipsec tunnel carries only two remote hosts which are sources and destination for GRE endpoint on Cisco Switches. When i try to migrated it users complained about the unable to ssh to end hosts, when we tried to ping with the -df bit ...

Lukasz_1 by L0 Member
  • 2124 Views
  • 3 replies
  • 0 Likes

When to use zone type Tunnel

I am setting up a lan to lan tunnel between my palo alto firewall and another palo alto device. When I look at the documentation online, they suggest I create a new zone and set the type to "layer3". But I also see a type "Tunnel" in there. I would like to understand , should I select Tunnel or Layer3 for the zone that will be applied to the ...

Ismailsh by L1 Bithead
  • 2214 Views
  • 3 replies
  • 0 Likes

User Mapping - Server Monitoring Issue

I am currently having an issue with the Server Monitoring.When I add the DC to this section then under Type: Microsoft Active Directory I want to use the Transport Protocol WinRM-HTTPS but it is only showing WMI and is greyed out.If I swap the type to Microsoft Exchange I am able to select what I want but I need it to be Active Directory. How do...

RFloyed by L0 Member
  • 1576 Views
  • 2 replies
  • 0 Likes

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it! During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure future and protect everyone in this ever-evolving digital world. Some of the items we will be hearin...

A/A vWire Deployment Forwarding MAC Address on HA Links?

Hey Guys, I'm having an odd MAC flapping issue when I implemented a A/A PAN under a A/P ASA. I'll give the high level and attach a topology with the failure patterns I saw. We have a pair of 5585X's as the traditional L3 / L4 internet facing Firewall. We were looking to update our threat prevention architecture, remove some inline taps and conso...

PAN Boards.png
PAN Boards 1.png
JamesFer by L1 Bithead
  • 6783 Views
  • 6 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks