This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

sip port 5060 same in source port and destination port

Facing issues regarding traffic flow on PA.Cannot see traffic on PA when the SRC port is 5060 and the DST port is also 5060 and application SIP.Have a rule which permits all the traffic from the source to the destination with all the ports allowed ( Any ).Session end reason - Unknown

Question about NAT

How can you use dynamic source translation with dynamic source address. This is my scenario. Site one Public NAT 1.1.1.1 source address 192.168.2.1Site two Public NAT 2.2.2.2 source address 192.168.3.1 If I want to combine this rule into one Nat rule can I do that? Can't use interface because we have 150+ Nat policy. I used dynamic source addr...

hpatel11 by L2 Linker
  • 2197 Views
  • 1 replies
  • 0 Likes

How to check VLAN untagged on ae interface and physical interface with L3 subinterface

Hello all,We would like to proceed with the connection between Cisco ACI and Paloalto firewall regarding this server configuration change. Is there a difference in how to check the VLAN untagged of the Ae interface with L3 subinterface and the physical interface? - If you connect the physical interface (eth1/5) separately from the current Cisco ...

No data in Custom reports

Hello, I'm using verson 8.1.7 (upgradede last week) in Panorama and firewalls 7050.I have defined custom reports added to report groups nad this report groups defined in Email scheduler to send it every Monday.If I do "Run now" in the custom report all data appear as expected, but when the same report is sended by email no data is displayed.What...

Captura.PNG
bprietoc by L1 Bithead
  • 9967 Views
  • 8 replies
  • 2 Likes

Resolved! After OS upgrade, CPU keeps high value

Hello all,Our customer is using PA-3060, and we upgraded the OS on June 19. (8.1.x -> 9.1.x) Although the CPU may go up due to OS upgrades, according to them, device that used to use cpu at 40-50% but it is maintained at 60-70% and sometimes cpu usage goes up to 100% after Os upgrade. In addition, three days have passed, but the symptoms stil...

how does two or more snmp communities?

Two snmp community values need to be set, but only one community value is included.Can I put only one community in the SNMP Community String?If anyone knows, please share the contents.

qmso475 by L3 Networker
  • 3637 Views
  • 3 replies
  • 0 Likes

Traffic logging issue from firewall to Panorama

Log-collector status show as active and connected. Checked the logging status and based on the time stamp, observed that log creating and log forwarding are stopped. So panorama is not showing a logs for pair of PA-850 firewalls. We have tried restarting the management server on managed firewalls but it didn't helped. Any suggestion and helps ar...

Global protect gateway disconnect

hello Everyone, I am having client who is trying to connect the laptop from office system. VPN is on the laptop, and he can see the file and stuff , but when he is accessing through remote desktop connection to laptop. when it login , Screen lock it up and VPN lost it connection and ping drop its connection. any solution to it. he wanted to acc...

loki4722 by L0 Member
  • 2151 Views
  • 1 replies
  • 0 Likes

Honey pot recommendation for DNS sink holing

Dear all, we are seeing many DNS alerts for spyware, but we don't have any DNS logs.Also, internal hosts can't resolve external FQDNs, so probably most of the requests are coming from the proxy.So we are thinking about setting up DNS sink holing with a honey pot.Any recommendations what to use as a honey pot so that we can get the most informati...

BGP on two virtual routers on same firewall?

Hi all, We have two HA pairs of Palo's BGP across two diverse datacentres BGP peering with 3rd parties using our private AS numbers. We now have a new 3rd party who require us to use a registered AS number. I am told that Palo doesn't have the ability to use a different AS number (like local-as in the Cisco world). Is it possible to set up a sec...

StuartS by L1 Bithead
  • 8963 Views
  • 6 replies
  • 0 Likes

Help infinite loop in 10.1.5

Hi, we are using VM series and I just updated it to 10.1.5. When I want to use "help" (question mark) it loads up new tab in web browser and it goes into infinite loop of redirects. Page never loads up.It happens on any question mark in any menu (as far as I tested), I am using Chrome. Any one else with this kind of a problem? Kind regards

Resolved! Too many IKE log in System log

Hi guys, I've received call from my customer, and they said too many IKE log in System log.until this time, there is no critical issue by this problem. (just little bit high DP CPU, maintain 40 %)but I want to know why this problem occur. anybody knows solution ? Thank you.  

카테노이드 IPSec.png

Resolved! Site to Site VPN between Cisco Meraki and PA3250

Hi all, I am having trouble establishing a tunnel between our PA and a Meraki MX with the dynamic IP. By trial and error, I was able to establish phase 1 by specifying Meraki's FQDN as "Peer Address" and Peer ID as it's local IP (can be found under the Uplink menu of the Meraki). Just so you know, Meraki MX will always use the "local IP" as it's...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks