This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

real time interface monitor

I have an interface connected internet line with bandwidth 10MB can i monitor B.w utlization real time , meaning can paloalto draw a graph time and b.w at every moment i can see ultization may 5 MB ..5.1MB 9MB or something like that . or i must use a netflow from paloalto and third party to draw this graph

PBF over VPN tunnel

Hello, I try to create a route forwarding from a Palo Alto in one AWS account to a Palo Alto in another AWS account.The Palo Alto in account A is creating a VPN to a Virtual Private Gateway in account B. THe VPN is up and we can manage the firewall. When creating a PBF the traffic arrives on the Palo Alto in account A (in the monitor I can see ...

pbf.jpeg

lacp neg failed for sec then came up

got email alert SYSTEM ALERT : critical : LACP interface ethernet1/21 moved out of AE-group ae1. Selection state Selected system log shows ( severity neq informational ) and ( eventid eq nego-fail ) and ( description contains 'LACP interface ethernet1/21 moved out of AE-group ae1. Selection state Selected' ) and ( receive_time leq '2019/03/01 11...

MP18 by Cyber Elite
  • 5381 Views
  • 6 replies
  • 0 Likes

IPv6 BGP issue: bgp peer ISP_IPv6_Peer local address 0:0:0:0:0:0:0:0 does not belong to interface

I had been troubleshooting the following error message when trying to add an IPv6 BGP peer to my PA:bgp peer ISP_IPv6_Peer local address 0:0:0:0:0:0:0:0 does not belong to interface ethernet1/1(Module: routed)Configuration is invalidFor some reason our configuration had IPv6 configured on all interfaces of the firewall but only the Trust interfa...

bspilde by L4 Transporter
  • 5031 Views
  • 2 replies
  • 2 Likes

PA-220 is not allowing inbound traffic

HI PA Community! I have a very odd issue. My Palo will not allow any inbound connection. I was setting up GP and wondered why I can't hit the portal. Then realized I can't even PING the public IP. I am using a dynamic PPoE connection to my ISP. I created a special rule to allow my testing external computer and can see the rules being hit. I ca...

DJ_Palo by L1 Bithead
  • 2044 Views
  • 1 replies
  • 0 Likes

Resolved! possible to unblock for one website - Block sessions with untrusted issuers?

Hello,On my "no-decrypt" policy - I couldnt find a way to exclude only a specific site from having an untrusted CA issuer. The only way to solve the problem and to be able to connect the device on our LAN to the website was to uncheck the box on the no-decrypt profile " Block sessions with untrusted issuers" - but now that opens up all of them.

roma by L2 Linker
  • 2835 Views
  • 1 replies
  • 0 Likes

No way to unsubscribe?

The unsubscribe link at the bottom of the newsletter takes me to a page that only has a "Subscribe" button. An unsubscriber should not have to agree to Terms of Use and a Privacy Statement.

Easiest way to find and replace Interfaces

What is an easy way to find and replace Palo Alto interfaces? Let's say for example I am combining a bunch of interfaces such as ethernet1/9 and ethernet 1/10 into an aggregation group (i.e. ae1) and adding these as tagged VLANS i.e. ae1.123, ae1.456 Q: Is there an easy way to migrate over replacing the Interfaces for all the NAT rules, IKE Gate...

birkhojk by L2 Linker
  • 2814 Views
  • 1 replies
  • 0 Likes

Resolved! Wildcard certificate for management interface access

Hi, A client is trying to install a wildcard certificate on their firewall for management access, but is receiving a certificate error in the browser. Is the below the correct way to generate the required CSR for the firewall for a wildcard certificate? Can a certificate with the attributes shown be uploaded to the firewall and work, witho...

BenPrice_0-1646699239332.png
Ben-Price by L4 Transporter
  • 6007 Views
  • 5 replies
  • 0 Likes

SDWAN Failover issue

Dear Team, We Are facing issue in link failover and internet SDWAN we are unable to get the internet using SDWAN so pls align the engineer

Pan Commit Changes By User

An intriguing feature of PAN OS 8.0.9 is the ability to commit your own changes as opposed to all candidate config. This would be great because it's often that two or more engineers will have changes that overlap pending the approval chain. But if I click on Commit Changes Made By (my user ID) - and then try to Preview Changes, I get an error li...

Resolved! GP / PA GUI fault

Hi, I currently have Palo running within a EVENG environment.I have set up Global Protect, the problem seems to be every time I try to log into GP using an AD account. I am automatically logged out of the Palo GUI. Furthermore, the username/password does not even authenticate, even though the un/pw is correct, Has anyone had this problem ? Tha...

Vimz888 by L1 Bithead
  • 3747 Views
  • 3 replies
  • 0 Likes

Pan-OS 10.0.0 series version WebGui working slow

PA-850 model. From last 2 months its working slow we upgraded it to 10.0.6 version. If any have reason behind this please share.Or any one have details from TAC then please share in comment.Our PA 220 and PA 850 model we upgraded with 10.0.6 version and facing slowness issue WebGui page of any tab we click it take time to open. If we click on an...

SurajN by L2 Linker
  • 2373 Views
  • 1 replies
  • 0 Likes

URL Category of Security Policy with destination "Any"

Dear All, I created a security policy as below. However, I find all traffic will go through this policy. Do you have any idea? Thanks Source: AnyDestination: AnyService: 443, 80 and specific portURL Category: Custom (*.s3.amazonaws.com) Peter

PChow4 by L1 Bithead
  • 4155 Views
  • 4 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks