This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4459 Views
  • 0 replies
  • 0 Likes

Resolved! IpSec Tunnel Phase2 Red But Ike Side Green

Hi, I have several TpLink Archer Mr400 4G Router. I setup Ipsec VPN tunnel between PA-220 and them many times. But new one is not success at Phase2. Phase1 IKE is green so devices communicate. But Phase2 Tunnel Info is red and i can't see any tunnel when i click Tunnel Info. I have read the losg and find below things; 2022-04-19 16:50:25.878 +03...

Tplink_ArcherMr400_phase2.PNG
PA_Phase2_ipsecCrypto.PNG
PA_Phase2.PNG
tsenturk by L0 Member
  • 3393 Views
  • 1 replies
  • 0 Likes

The PA-3020 in the HA pair cannot automatically run dynamic updates.

Hi All,I have two PA-3020 that are HA setup, version 9.1.9.Since the beginning of March, I have found that dynamic updates often fail. Strictly speaking, downloading images is normal. However, one firewall updates normally and the other fails to update, causing the two firewall versions to mismatch. But it does not always fail to update automati...

PA-3020-mismatch.png
PA-3020-A.png
PA-3020_B.png
PA-3020 fail detail.png
DevonFan by L1 Bithead
  • 5777 Views
  • 5 replies
  • 0 Likes

Resolved! May I set the same ip in different interface between two virtual system?

I set ip address 192.168.1.254/24 in the ethernet1 which belong default router in the vsvy1.I try to set the same ip address in the ethernet2 which belong another VR in the vsvy2.When I commit, it will display duplicate address.I just do some lab about vistual system for my client.But I want to sure may I set the same ip in different interface ...

kylelee by L1 Bithead
  • 17789 Views
  • 13 replies
  • 0 Likes

Auto update agent failed to install license information:

I am facing an issue while trying to update the license I am able to ping the google dns and updates.paloaltonetworks.comadmin@PA-VM> ping host updates.paloaltonetworks.comPING updates.gcp.gslb.paloaltonetworks.com (34.96.84.34) 56(84) bytes of data.64 bytes from 34.84.96.34.bc.googleusercontent.com (34.96.84.34): icmp_seq=1 ttl=57 time=6.26 ...

Resolved! Getting a 'Device certificate expires in 15 or less days' but all certs are valid

As the subject states, one of our FWs is logging a 'Device certificate expires in 15 or less days' message once a day. All certs are active/valid with the earliest expiration date sometime in 2023. I've been seeing this alert of at least the last 20 days but nothing was changed in the environment. Anyone seen this before or have any thoughts on ...

Support Case Access Problem

malik.kecioglu@barikat.com.tr can access Support Portal but when he click Support case ,get a error.I checked his user ,everything looks ok. I can see all support case.could you please check malik.kecioglu@barikat.com.tr user. regards

Serpil_0-1650359327407.png
Serpil by L0 Member
  • 2878 Views
  • 4 replies
  • 0 Likes

CLI Location command not showing the location of the IP address

Today I found that Application and Thread ID 8559-7361 is incorrectly categorizing US IP address as if they were from China and therefore blocking all the traffic to these destinations. The only way to fix the issue was to revert back to version 8558-7356 from 4/18/22. While doing the test below I could see exactly the problem: What is the reaso...

JorgeOrtega_1-1650490814484.png
JorgeOrtega_2-1650490867494.png

Resolved! SSL decryption policy - strange behaviour

Hello guys, Recently I had a situation where Cisco Webex traffic was decrypted by policy - let's call them "URL_policy"'URL_policy" was set to decrypt traffic based on the categorization of URL likes: drugs, extremism, gambling, adult, malware, nudity, etc - nothing business-related for sure.Just after this policy was my "webex_do_not_decrypt" p...

S_Owoc by L1 Bithead
  • 7284 Views
  • 5 replies
  • 0 Likes

Port Forwarding/NAT Issues

I just set up my PA-200 and I'm trying to get my Plex server (on my LAN) to be accessible via WAN. I don't think I fully understand how NAT and security policies intertwine so I'm rather confused I'm able to get LAN traffic outbound, but for one reason or another, I can't seem to get either my NAT or security policies correct to allow traffic in...

wallbert by L0 Member
  • 5018 Views
  • 3 replies
  • 0 Likes

Resolved! Block known AD users from Guest LAN

We have two types of network. The internal LAN and guest LAN. These are two separated networksOn the internal LAN we have use other policies then the guest LAN. Our employees connect to the guest LAN to avoid the policies on the internal LAN. So I created a block rule on the guest LAN if the user = AD User.On the internal LAN we have an active ...

ZEBIT by L3 Networker
  • 3555 Views
  • 4 replies
  • 0 Likes

Resolved! POP3S question

Hi,Does anyone know how Palo Alto Networks handles POP3S? I checked the applipedia, and there is no individual application for it. It is also not a part of the POP3 application as far as I can tell. Any help you can provide is greatly appreciated.Thanks,Emma

Resolved! Palo Alto upgrade - disk space

Hi with respect to upgrading Palo Alto to new base/versions which filesystem folders shown below are most important so that you don't encounter disk space issues ? Thanks in advance.

PA disk space 190422.png

Palo Alto 440 - Concurrent Global Protect user limit issue

Hi Team, I know PA 440 support up to 1000 user & its the Max tunnel user limit, but we were unable to connect more than 250 users and got this error as "maximum user limit reached" then found that the tunnel limit is [0-250] in Global protect Gateway tunnel settings. I'm using PA 440 (PAN-OS 10.1.4), kindly let me know in which PAN-OS versio...

PaloAltoMV_0-1647057362565.png
PaloAltoMV_1-1647057467563.png
PaloAltoMV_2-1647057650629.png
  • 24378 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks