This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4222 Views
  • 0 replies
  • 0 Likes

Resolved! VM-500 will it run with 6xCPU?

Hi All, We currently have one customer with two clusters running VM-300, but facing dataplane CPU utilization. Support team has upgraded the VMs to 6xCPU (without knowing that VM-300 only support up to 4). Right now VMs are with 6 CPUs allocated and we are planning to upgrade the vm capacity to VM-500. But I was wondering how the current CPUs w...

Resolved! PAN-OS version is not update on CDL Portal

Hi ,Anyone have some solution for this issue about PAN-OS version is not update on CDL Portal after update to V.9.1.13-h3?Last week I had updated PAN-OS from version 9.1.9 to version 9.1.13-h3 on HA Firewall .I got this issue on the active peer FW.After finished update OS, I check version on the active peer by "show system info" that already sho...

Version_.jpg
Jirapan by L1 Bithead
  • 2709 Views
  • 1 replies
  • 0 Likes

Listing PCAP rules

Does anyone know if there's a way to search for rules within the Palo Alto which have packet capture enabled? I'm trying to see what rules currently collect PCAP and disable the collection of pcap data for noisy signatures.

dgagnon by L1 Bithead
  • 2067 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect Disable Reason

Global Protect Client is setup so that users can disable VPN however they need to input a reason why they disabled the portal. I wanted to know where those disable reasons are stored. Thanks

SIDD76 by L0 Member
  • 11414 Views
  • 5 replies
  • 0 Likes

List NAT tables with static-ip translations

Hello all!I'd like to compile a list of all my NAT tables for static-ip entries for all my firewalls, I don't know if there's a better way to do it but I'm trying to do it by running the following command on my firewalls and recording the output:show running nat-policy | match index\|source\|translate-toThe issue with this one is that it's showi...

TigeRRR by L1 Bithead
  • 7465 Views
  • 6 replies
  • 0 Likes

What to monitor via Solarwinds

Hello -Just looking to see what others monitor for on their Pano/Palo FW within Solarwinds. Is there like a general consensus (best practices) or is it all over the place depending on requirements.

PA3250 in No Rules/Allow All mode and Public IPs

We are currently testing out/learning with a new 3250 in no rules / allow all traffic mode flowing from ISP > Palo > Cisco ASA (Being Retired). We have two public ips routed to two local static IPs and those have stopped working. Would a policy need to be created so the Palo does the routing and not the Cisco.

jpierce by L0 Member
  • 2471 Views
  • 2 replies
  • 0 Likes

strange behavior of bidirectional NAT

hello All, Today I've spotted weird behavior: We have 2 static bidirectional NAT translations between UNTRUST and DMZ interfaces for public IPs. Also we are allowing certain applications in for those public NATed IPs from any IP addresses using only applications and not service/ports. From logs we see that traffic which is properly allowed and w...

Resolved! Redistribution host address between protocols

Dear experts I set a PA firewall as an ASBR, connects to a RIP and a OSPF area with eth1/1 and eth1/2 respectively. And created 2 loopback interfaces on PA, advertised them into RIP and OSPF respectively. Then I can reach them within RIP and OSPF area separately. Now I create redistribution profiles RIP-2-OSPF and OSPF-2-RIP, and apply them to O...

DexinLi by L1 Bithead
  • 4344 Views
  • 4 replies
  • 0 Likes

Resolved! Accidentally Deactivate License

Hello we have PAN that license uploaded manually before, because a network issue that we cant get the dynamic update/retrive the license.we think that the license problem, so we want to remove the license and then add again to the firewall. but we choose the deactivate, not the Delete command from CLI. after that, we want to upload manually, but...

Email Scheduler Not Working (Urgent Action Required)

Hi Team, We've configured to schedule reports for email delivery on daily basis, It was working fine without any issues but last week we had restarted the Palo Alto firewall, Since from that day we're not getting custom report email. When we check "send test email" on Email Sheduler its working fine. Verified all the configuration which is fine ...

Site to Site VPN failing when IKEv2 and different PANOS

Hello, I’ve recently ran into an issue where I’m using IKEv2 preferred and the two firewalls are using different versions of PAN-OS. It will fail with “invalid sig.”. If both firewalls are the same PAN-OS version (this has been happening on 9.1.11-9.1-13h3… I don’t have any other versions to test), it works fine. But since I can’t update all fi...

COlson by L2 Linker
  • 3835 Views
  • 2 replies
  • 0 Likes

Session behavior when resource limit is reached.

Hi,I have been checking my PA-2050 with PAN 4.0.3 and I realised about new command in sesion configuration. The exact command is:set deviceconfig setting session resource-limit-behavior with the options bypass and drop. Default option is drop.I had problems in my infrastructure reaching the limit sessions. Synthax seems clear but before install...

Resolved! Passive device aggregate interface down

I have the firewall 3220 model in the 9.1.11 version in HA mode.I can see all the aggregate interface in passive firewall is showing down. i want to know is this expected behaviour or not because I checked the below KB for some mode it is expected behaviour. Aggregate Interface Down on Passive Device - Knowledge Base - Palo Alto Networks moreove...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks