General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 643 Views
  • 1 replies
  • 4 Likes

Auto-commit after upgrade to 10.0.0 fails

Hi all,

 

After upgrading a PA-220 from 9.1.13 to 10.0.0 Data plane is not coming up as auto-commit keeps failing. The only info i got so far is as shown:

I have downgraded the PA back to 9.1.13 and the auto commit is successfull after reboot. However w

...

GnContente_0-1646686454846.png

SAML Jumpcloud HA Implementation

Hi,

 

i follow the docs here LIVEcommunity - PAN-OS SAML SSO with JumpCloud and Mobile Push MFA - LIVEcommunity - 493684 (paloaltonetworks.com)

it works well with one firewall. When it used to HA active Passive Environtment, it wont work on the passive,

...

URL Filtering Wildard - ? in URL

I have inbound decryption set up for a server and we want to restrict what URLs users can get to.  The website admin tells me that ALL links to the site will contain something similar to the following:

 

https://my.web.server/xxx/yyy/zzz/TEXT_SOMETHING

...

RCurrie by L0 Member
  • 139 Views
  • 2 replies
  • 0 Likes

Session end reason=resources-unavailable, version 8.1.15.h3

In the traffic log we have found some entries with a session end reason=resources-unavailable, version 8.1.15.h3, however PAN-189468 is not affecting our version only affects version: 

 

9.1.0-9.1.13
10.0-10.0.10
10.1.0-10.1.4

 

adm_(active)> debug datapla

...

Alpalo by L3 Networker
  • 100 Views
  • 1 replies
  • 0 Likes

Client certificate for syslog is failing

Im trying to setup a syslog forward from a loggcollector with tls, i get this error in the syslog log on the collector.

 

Certificate subject does not match configured hostname; hostname='scrubbed', certificate='blah.blah.com'


However the certificate ha

...

hbalzac by L3 Networker
  • 1323 Views
  • 1 replies
  • 0 Likes

Palo Alto CloudGenix Support

This is terrible!!  The second time, in the last week, I'm in need of urgent assistance (the whole office is down) and I'm unable to get anyone's phone quickly enough!  First time I was waiting for 2 hrs. on the phone before finally, I got someone to

...

Resolved! Error in commit after upgrade to 10.1.5-h1

After upgrade from a PA850 from 10.1.5 to 10.1.5-h1 in the end of last week we no longer can commit new configs 

It gives the following error when we try to commit.

  • Validation Error:
  • rulebase -> security -> rules -> Block xxx -> hip-profiles unexpected
...

Resolved! Interface states in PAN

Hi Team ,

I have query regarding below . Physical interface is showing down but subinterface is showing up. 
ideally subinterface should also be showing down. ?

 

 

DeepakVerma_0-1656413018591.png

Resolved! Best practice for allow Internet IP

Dear All,

 

Now I want to optimize security policy, I have many rule that allow any but now I want to change from "any" to "Internet IP". Does PaloAlto have internet ip object by default? or how I define internet ip in address?

 

Thank you for your help.

Resolved! Custom created Anti-Spyware profiles not opening, showing “The server is not responding. Please wait and try your operation again later”.

Hello all

Model: PA-3220

Firmware version: 10.1.16

 

  • I am not able to open some custom-created Anti-Spyware profiles after moving to 10.1.15-h2 from 10.0.X  then upgraded to 10.1.16 (being a preferred version ). showing the below error.
  • - default & St
...

Zeeshan_Shaheen_1-1655878999153.png

NAT policy retaining original Address

Hi,

 

We have a VM-series running 10.1, with a number of hosts with public IP addresses. The hosts are running a common service (i.e. HTTPS on 443), however they need to be accessible from external on an alternate port (i.e. HTTPS 8443). As such, we ne

...

gprinsen by L0 Member
  • 129 Views
  • 1 replies
  • 0 Likes
Top Solution Authors
Top Liked Authors