This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

Resolved! URL Filtering Version

Hello - I have a question about versioning. Some of my HA pairs have all zeros, some have a matching versions and some a mismatch of zeros and a version. Seems to be no rhyme or reason. How can I correct this? For example: fw(passive)> show url-cloud status PAN-DB URL FilteringLicense : valid Cloud connection : not connected URL database...

Resolved! IPSec tunnel slowness issue

Hi Folks, We had recently configured an IPSec tunnel between the PA and the Cisco Meraki firewall. The PA firewall is located in India and the Cisco firewall is located in USA. We are trying to upload an file from an Linux host located behind the PA firewall to an server located behind the Cisco firewall using wget http option from linux ...

Quic / HTTP/3 whats palo doing about this

Hi Wondering what the road map is for allowing this - but safely - ie decrypting etc looks to me like http/3 is going to be moving ahead and looking at a lot of the material its going to be very beneficial - especially in the space of speed / latency. So simply blocking QUIC at the firewall is not going to be an acceptable solution any more....

Dual ISPs VPN failover across both

Trying to provide some tunnel redundancy to some of our AWS environments. I have 2 ISPs both with an interface/static IPs on my HA PANs. ISP-A is my default with a default route to the internet pointing to its next hop. ISP- A Eth1/8 9.9.9.9/24 ZONE-A ISP-B Eth1/7 10.10.10.10/24 ZONE-B Currently have all my VPN tunnels across ISP-A and want...

drewdown by L4 Transporter
  • 3026 Views
  • 2 replies
  • 0 Likes

Resolved! Issues with Dual ISP Failover

I followed these instructions to set up ISP failover : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAO When the primary ISP1 goes down, it does indeed fail over to secondary ISP2, in every respect except that traffic doesn't use ISP2's NAT automatically. Upon failover, traffic continues trying to use the NAT r...

Rule Shadow count not working

Hi, everyone. I'm currently working on a new config for a couple of firewalls, but everytime i commit my config I get rule shadow warnings (valid ones) but I can't use the count link to get a list of the shadowed rules. I'm running 10.1.6; is this a bug or am I missing something here? Additional info: already tried rebooting the fw and refresh...

CMachado_1-1660849741876.png
CMachado by L2 Linker
  • 2854 Views
  • 3 replies
  • 0 Likes

Resolved! Best practices - Multi large upgrades pan-os Firewall HA

Best practices - Multi large upgrades pan-os Firewall HA Good afternoon, as usual, thank you very much for your support and collaboration. We have the possibility with a customer to perform multiple upgrades in one day, maintenance window. We need to move from 8.1 to 9.1, i.e. 8.1.x to 9.0.x and from 9.0.x to 9.1.x. So the question is the fo...

Metgatz by L4 Transporter
  • 4563 Views
  • 4 replies
  • 0 Likes

Vulnerability Profile in URL Filtering

Hi All, So here's a question, when I use global find on the "strict" vulnerability profile (the one included in the software) it shows as being part of a URL filtering profile, is this because I have HTTP header insertion configured on that URL profile ? Any help with shedding light on this is appreciated as always. This is PAN-OS 10.1.6-h3

How to resume what I left off at Beacon

I started watching Firewall 10.2 Essentials: Configuration and Management (EDU210) Does everyone know how to resume what I left off before? There is a resume button. When I clicked on it. It just went to Assessment test. However, I am sure I have not finished all the curriculum yet. Please help or you can give me email address that I can ask abo...

alanwong by L0 Member
  • 2058 Views
  • 1 replies
  • 0 Likes

Support Portal - Not Able to Select the Asset

Hello, I'm Support Portal Page >Support Cases >Get Help in that can't able select the assets Find Asset Tenant ID/ Serial We can find our device with serial number ; we can't able to select the particular device .Please note you are posting a public message where community members and experts can provide assistance. Sharing private...

GRE tunnel failover issue

Hi Community, I am trying to set a GRE tunnel between Palo Alto PA-850-ZTP and zscaler. Issue: I have tunnel.1 and tunnel.2 created as Primary and Secondary. static routed default towards Internet. GRE tunnel Primary and secondary configured with Public local and peer IPs with tunnel interface .1 and .2 respectively. PBF rule is crea...

GauravSingh_1-1660652111162.png
GauravSingh_2-1660652222304.png
GauravSingh_0-1660652053031.png
GauravSingh_3-1660652596481.png

Day-zero Configuration of Palo-Alto

Hi All, I heard day-zero configurations of the Palo-Alto firewall we can perform via the free service provided by Palo-Alto.Do anybody having the visibility here.

Sujanya by L3 Networker
  • 3836 Views
  • 4 replies
  • 0 Likes

Resolved! PAN firewall HA and addition of same to Panorama

We are having an existing panorama in our network via which multiple production firewalls are managed and in one of the location we are planning to implement two new firewall in HA ( active -passive) set-up.question is : Do we need to add the firewall first and later need to configure HA or add the devices in HA first later we need to add them...

Sujanya by L3 Networker
  • 4236 Views
  • 6 replies
  • 0 Likes

iCloud- Base App ID

Hi Team, We are unable to see iCloud-uploading and iCloud-downloading Apps in our traffic logs, All the traffic identified as iCloud-base. Can someone help me on this ?

ping: sendmsg: Permission denied to connected router - but can reach destinations beyond that router

Any help is appreciated... I have a PA interface connected to a router using a /31. I have static routes with that router as the next hop. From the firewall interface on the /31 interconnect, I can reach all of the destinations I have static routes for. I can't, however reach the router's IP on the directly connected /31. When I try to pin...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks