This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4231 Views
  • 0 replies
  • 0 Likes

Not able to view threat log on both GUI and CLI of the firewall

Hi Folks, We have PA-220 running on PAN-OS 10.0.6. Upon checking the Threat logs via GUI no threat logs are visible . So we had checked on the CLI of the firewall for any threat logs but no luck. The firewall have all the required licenses. 13 percent disk space quota is allocated for the Threat logs. The disk space utilization is also healthy. ...

Clientless VPN getting worse with each PANOS ver

Timeline of my struggles: Somewhere between 10.1.0 and 10.1.4 the clientless VPN stopped showing icons for each app not super big deal because the apps still worked but after trying a couple upgrades... 10.1.5: brings the icons back! but now the apps themselves do not work at alltrying by IP to rule out DNS issuestrying with https in case its so...

hshawn_0-1648251082166.png
hshawn_1-1648251180854.png
hshawn_2-1648251223066.png
hshawn by L4 Transporter
  • 4913 Views
  • 4 replies
  • 1 Likes

Resolved! View debug status

Hi,I come from Cisco background and getting familiar with Palo Alto firewalls. My query is about checking any debug running on the box and how to turn it off. In case of Cisco, show debug will show any active debug(s) and undebug all would turn it off. Please advise the equivalent in PAN-OS. In PAN-OS few debug commands that I am aware of are he...

enable rules for MS Teams

Hello to everyone! This is my first topic))Gents, need your help to enable MS Teams for user w/o internet access.Need for users w/o authentication could start video conference in teams. I added teams.microsoft.com to enabled address, also created MS Teams group in application groups, but Teams still working only after authentication on PA. P.S. ...

Palo Alto Configuration Change

Hi, Long time lurker here.I need some directions with a project I am preparing.The project adapts the way we communicate with the internet. This means preparing PBF rules, NAT rules, quite some objects(100+) and groups (10+) and also adapting the way the security rules interact with the zones. All this is quite some configuration change and I wa...

sopa by L0 Member
  • 2037 Views
  • 2 replies
  • 0 Likes

PAN-OS 9.16 SMB Issues - mapped network drives.

Hello all,Please be advised, there is a current issue with PAN-OS 9.1.6 which seems to break anything SMB related, e.g. mapped network drives. Sessions have an end reason of "incomplete" and go into state "aged out" in the session table. After doing a packet capture, i found firewall dropping packets with info Negotiate Protocol request - SMB R...

FQDN security in policy

Hi All, I am quite new to palo alto. can anyone explain me what happened if we configured object as a FQDN, IP and URL..I have created one security policy where I have implemented destination as a FQDN (nslookup results into 1 IP address) but user is reporting that it's not working..For that, FQDN default TTL is 5 mins, refresh time is 6 hours.....

Resolved! PAN-OS 8.1.0 SMB Issues

Hello all, Please be advised, there is a current issue with PAN-OS 8.1 which seems to break anything SMB related, e.g. mapped network drives. Sessions have an end reason of "resources-unavailable" and go into state "Discard" in the session table. Upon speaking with a TAC engineer, this is a known issue and they are working towards a fix. Edit: T...

QoS and IPSec

Hi All, I would like to enable QoS on an IPSec tunnel. The tunnel is carrying mostly voice and signalling traffic.If the voice traffic has a marking, eg EF, will this marking be copied to the outer IP header (the IPSec tunnel header)? Or, will I have to create a separate QoS policy, which prioritises IPSec traffic as it egresses the physical int...

Luke_R by L2 Linker
  • 2006 Views
  • 1 replies
  • 0 Likes

After Apply SELF-SIGNED ECDSA CERTIFICATE IN SSL/TLS PROFILE Cannot Access to Management Interface

I have a HA Firewall Active/Passive. Due to certificate is already expired I have exactly follow below guide to create my Self Sign ECDSA Certificate and apply it to my Passive firewall. The issue is when the passive firewall is in HA mode that time I`m unable to access to the management interface. When I make it as standalone mode that time the...

JiaXiang by L4 Transporter
  • 2738 Views
  • 1 replies
  • 0 Likes

Resolved! Expedition: Export - Base Configuration Output

Export in base configuration output screen Device-Groups does not show arrows to expand organizational groups and sub groups. When trying to import from Panorama 10.0.Currently running Ubuntu 16.04.6 and the Expedition shows 1.2.15 but had error messages when performed the install but it seems to work. Does any know how to fix the device group n...

Gol4 by L0 Member
  • 2430 Views
  • 1 replies
  • 0 Likes

PA Firewall Performance Chart

Spoiler (Highlight to read)Looking at the comparison chart, if I was interested in the 3430 and I use SSL decryption, threat prevention\wildfire\URL filtering and IPSEC vpn does that mean I would get roughly 9/2 Gbps or 12.2 Gbps?Looking at the comparison chart, if I was interested in the 3430 and I use SSL decryption, threat prevention\wildfire...

roma_0-1648500614096.png
roma by L2 Linker
  • 1984 Views
  • 1 replies
  • 0 Likes

WMI On server 2022 for USER-ID

Hi There, Have a pair of PA-3220s. User-ID was working swimmingly. Recently upgraded our DCs to Windows Server 2022 and WMI is routinely failing and showing "Not connected" under server monitor. Doing some reading on WMI and Server 2022, and it sounds like Microsoft did something under the hood in 2022 that required updates or changes from 3rd p...

kaumell by L0 Member
  • 4167 Views
  • 1 replies
  • 0 Likes

Resolved! SSL certificate for passive firewall

There is an active passive pair having SSL certificate (management only) with different CNAMES (its own management IP). While the CSR generation and certificate import (signed by ECA) is successful on active peer, the CSR generated on passive peer is getting erased whenever commit is done from active peer. How to generate CSR and install SSL cer...

  • 24357 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks