This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4136 Views
  • 0 replies
  • 0 Likes

Migration Issue from PA-500 (HA-Active/passive) to PA-3220 with HA-Active/Passive

Hello, Hi Brothers, Existing PA-500 (PAN-OS 8.1.17) and New PA-3220 (PAN-OS 8.1.17) I tried to export the running config from FW (PA-500) as XML format and import it into the new FW (PA-3220) Shows me a lot of error and warning as there is a lot of discrepancies as following DetailsValidation Error:deviceconfig -> high-availability -...

Resolved! QoS Configuration Subnet /32

I have followed below link to configure a QoS setting for testing purpose. Configure QoS (paloaltonetworks.com) I have specify only 1 ip 192.168.1.x /32 in QoS profile and also tried to specify in the interface clear text traffic. In the result the QoS not only apply in only the IP that I specify but it apply all traffic going out through th...

JiaXiang by L4 Transporter
  • 3426 Views
  • 3 replies
  • 0 Likes

With PanOs and DUO (As 2FA), Entering on Windows Globalprotect ask to duo indefinitely.

Hello Everybody, We have recently upgraded our Firewalls to PanOs 10.2.2. We have DUO as a second factor authentication. The config we have is with "Always On" , from the upgrade, When a Computer starts, the user enter the credentials, and then Globalprotect try to connect to the VPN (Single Sign on active). The trouble arrives if the user ...

Resolved! Upload and Download QoS

May I ask how to configure upload and download QoS? I have tested whether I perform upload or download, the QoS always hit LAN->WAN policy. The result is different from what this article said. https://live.paloaltonetworks.com/t5/general-topics/qos-bandwidth-limitation-download-amp-upload/m-p/315516#M81270 My customer wants to do so is that...

Resolved! HELP - my Website is being blocked by GlobalProtect

We have produced a new website for a customer https://vertexgis.uk/ , but their key target audiences in the UK all use GlobalProtect and their website is being blocked as it is seen as a new site although it is now about 3 months old. Please can anyone help and advise how we can urgently get this website unblocked. It would not look profession...

Cisco VPN Behind PA-3220

We have a third-party that borrows our network to establish a VPN tunnel back to their office via a Cisco 881 ISR. We have it on a segregated guest network and it establishes an ike/ipsec tunnel back to their ASA over our internet connection. Workstation --> Cisco 881 --> [Guest Network] --> Palo Alto FW --> Internet --> Cisco A...

Someone school me on Syslog and Panorama

I have Panorama managing roughly 10 firewalls. I have logging setup on those FWs to send to Panorama, email and send syslog to a 3rd party host. I struggled immensely trying to get everything configured correctly on PANORAMA and the FWs themselves to even send logs. The syslog server is getting the logs but they are all coming from PANORAMA ...

drewdown_0-1659635032714.png
drewdown by L4 Transporter
  • 2909 Views
  • 1 replies
  • 0 Likes

Not getting proper SMTP traps for power supply removal and insertion

Hi Folks, We have PA-5260 in HA pair in our environment. Recently we had configured SNMPv2 traps on Palo Alto firewall to forward traps to our SNMP server and configured Log forwarding to forward All system logs as traps to the SNMP server. Specifically we need to forward power supply related traps forwarding. Yesterday we had removed on of...

Question about CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering (Severity: HIGH)

Dear all, PAN-OS CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering (Severity: HIGH) https://security.paloaltonetworks.com/CVE-2022-0028 About CVE-2022-0028 on Palo Alto vulnerability. If we have policy that config source with any because we use shared policy for all vsys. If we config source...

Resolved! SSL Decryption+ALPN not stripped: yandex.com not working

Hi I have a customer that wrote to me yesterday that if they remove the checkbox for Strip ALPN while having SSL decryption enabled, a few web sites such as yandex.com stop working.I was able to reproduce this with my PA-3220 and PANOS 9.1 and also on my VM with PANOS 10, the result is ERR_HTTP2_PROTOCOL_ERROR in Edge browser. There do not appea...

ShaiW by L4 Transporter
  • 7964 Views
  • 4 replies
  • 1 Likes

Resolved! Updating the HA configuration in large hops.

Hello community I am upgrading a PANOS 8.0.7 to version 9.1.14-h1 I would like to know if in the transit versions, you download and install only the base 9.0.0.0 or is recommended to download the base 9.0.0 and install the recommended 9.0.16-h2for example:Go from 8.1.x to 9.0.0 (transit version) and continue from 9.0.0 to 9.1.x.orGo from 8.1...

PAN-DB is not connect to cloud

DB Cloud is not connected as i have 9.0.3h3 version. And this command is also not running. Please suggest request url-filtering download paloaltonetworks region <region_name>

Joshan_Lakhani_0-1586860186931.png

Command user group name not working

Hi, We just check that the command: show user group name 'cn=......' has this output: user group xxxxx does not exist or does not have members. All config is OK. If we run "show user group list", i can see al the groups, but filtering by one of them shows:user group xxxxx does not exist or does not have members show user ip-user-mapping all --...

BigPalo by L4 Transporter
  • 10272 Views
  • 7 replies
  • 1 Likes

Issue with VXLAN traffic passing through the firewall

Hi Team, We have an SDWAN box placed behind the firewall and the SD_WAN box need to communicate with the controllers which is located on the internet. The topology is given below:SD_WAN Box<--->F/W LAN interface<--->F/W ISP interface <--> Internet <---->Controllers. The SD_WAN Box is trying to establish VXLAN connectivit...

tamilvanan_0-1653585569659.png
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks