General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

When to use zone type Tunnel

I am setting up a lan to lan tunnel between my palo alto firewall and another palo alto device. When I look at the documentation online, they suggest I create a new zone and set the type to "layer3". But I also see a type "Tunnel" in there. I would like to understand , should I select Tunnel or Layer3 for the zone that will be applied to the ...

Ismailsh by L1 Bithead
  • 2457 Views
  • 3 replies
  • 0 Likes

User Mapping - Server Monitoring Issue

I am currently having an issue with the Server Monitoring.When I add the DC to this section then under Type: Microsoft Active Directory I want to use the Transport Protocol WinRM-HTTPS but it is only showing WMI and is greyed out.If I swap the type to Microsoft Exchange I am able to select what I want but I need it to be Active Directory. How do...

RFloyed by L0 Member
  • 1746 Views
  • 2 replies
  • 0 Likes

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it! During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure future and protect everyone in this ever-evolving digital world. Some of the items we will be hearin...

A/A vWire Deployment Forwarding MAC Address on HA Links?

Hey Guys, I'm having an odd MAC flapping issue when I implemented a A/A PAN under a A/P ASA. I'll give the high level and attach a topology with the failure patterns I saw. We have a pair of 5585X's as the traditional L3 / L4 internet facing Firewall. We were looking to update our threat prevention architecture, remove some inline taps and conso...

PAN Boards.png
PAN Boards 1.png
JamesFer by L1 Bithead
  • 7163 Views
  • 6 replies
  • 0 Likes

Broken capture in SASE workshop registration

I'm not sure of the best location for this. I'm trying to register for a SASE workshop (and I'm not sure if it's online or not, but that's another conversation), and I need to complete a captcha. Unfortunately, I can't see most of it (see the attached). I've tried Firefox, Chrome and Edge. Any idea how to report it?

Bill-C by L0 Member
  • 969 Views
  • 1 replies
  • 0 Likes

Resolved! Paloalto Images not available

Hello Gents,I noticed, Paloalto has removed access to the VM resources.I dont see "Updates" tab in the menu.Earlier I used to download KVM/QCOW2 from my personal account (Not Organizational Account).But now its not available, can anyone help me download?Appreciate your support.

ssgilani by L0 Member
  • 1270 Views
  • 1 replies
  • 0 Likes

Bulk changing target device in policy set

I have several policy sets which have between 500-900 rules each and are being re-used for a firewall migration. Each of the sets has the old 850 palo set as the target device. To save time on migration night I am looking to change the target to "any" . Is there a way to bulk change all rules within a policy to now use any instead of clicking in...

MAllen_0-1756208384619.png
M.Allen by L1 Bithead
  • 979 Views
  • 1 replies
  • 0 Likes

Commit Failed on Passive Paloalto-3250-admin-role -> AdminRole -> role -> device -> webui -> objects -> packet-broker-profile unexpected here

Hi , Please help , after installed dynamic update of antivirus on Active & Passive PaloAlto-3250, commited successfully on Active but not able to commit on passive.. after commit failed on passive try another way made appication & threat shaedule none in dynamic update but again commit failed, getting below messages. DetailsValidation Er...

S2S VPNs using Self-signed Certificates

What is the procedure for configuring Site-to-Site VPNs using self-signed certificates? For example, we need to establish a VPN between Firewall A and Firewall B. The documentation describes how to create a self-signed Root CA certificate, but it doesn’t explain the subsequent steps related to certificate handling, such as: creating the certif...

ET by L3 Networker
  • 1254 Views
  • 2 replies
  • 0 Likes

Resolved! How to configure a site to site VPN with Self signed certificate

Hello folks, This might be a newbie type of question so I appreciate your patience..... I need to create a site to site VPN using a self signed certificate. I'm happy to do the site to site VPN. But ........... I'm not sure how to use self signed certs for doing this. Does anyone have any procedure of how to do this using certificates? Are there...

Jedi_D by L2 Linker
  • 6942 Views
  • 4 replies
  • 0 Likes

Resolved! Creating CSR with SAN via API calls

Hi, I am trying to create CSR via API calls with subject alternate name for hostname and ip address, but I cannot find it in documentation. Simple creation of CSR works for mehttps://10.XX.XX.XX/api?type=op&cmd=<request><certificate><generate><certificate-name>apicert</certificate-name><name>testing</na...

nm2025 by L0 Member
  • 1955 Views
  • 2 replies
  • 0 Likes

Type: INNR in session id detail.

Hi team, What does INNR represents in type when looking at the session ID details.I know that this happens at child session, when parent session ID belongs to the HTTP/2 ID.If you guys have any idea about what INNR represents, let me know.

Mgmt Traffic over VPN

Hi All, I am looking to deploy a few (4) PA-440's into the field. What is the best way to configure my remote firewalls to send MGMT traffic 3.3.3.3/24 (using loopback) over a vpn to central firewall to pass along to panorama MGMT (10.10.10.10/24) to receive to traffic to manage them remotely. Thanks for the help.

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels