This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4448 Views
  • 0 replies
  • 0 Likes

IPv6 and IPv4 addresses in same security rule?

is there an issue with doing this - I have a rule set to match any address except one particular IPv4 subnet (ie using the negate function) - works fine.I added an IPv6 prefix to the rule (still negated) - now the rule negatively matches the v6 address, but no longer the v4 address. Remove the v6 address from the rule and the v4 address negativ...

Resolved! Can someone describe the load balancing algorithm used for Aggregate links?

Reading the documentation and forum posts, it doesn't appear that the PA is using LACP, therefore, it's not using one of the 3 common LACP load balancing algorithms.Could someone describe how it's making the decision to send traffic down a particular link? Also, am I able to modify the behavior? (it doesn't seem like I can through the web inte...

austad by Not applicable
  • 13606 Views
  • 8 replies
  • 0 Likes

Resolved! Renewing Certificate for GUI from External CA

We have followed the below document. After importing the newly signed certificate into the firewall it does not replace the pending csr containing the private key. PAN OS 9.1.11-h3, any one else experience this issue?Obtain a Certificate from an External CA (paloaltonetworks.com)

clewis1 by L3 Networker
  • 4099 Views
  • 2 replies
  • 0 Likes

Resolved! Downgrade panorama ha managed device.

Hi, I have the following situation, a HA cluster managed by panorama. For testing purpose I would like to downgrade it to an 8.1.21 release. Coming from 9.1.12 release.Couple of question:Should I always perform upgrades / downgrades from Panorama, I they are panorama managed?(upgrading cluster I did without panorama using Ansible script and ma...

GOMEZZZ by L2 Linker
  • 2979 Views
  • 1 replies
  • 0 Likes

QoS / WRED

Hi All, Just wondering, is WRED configurable on PA firewalls?If the models matter, I'm using 3000's and 3200's. Thanks!

Luke_R by L2 Linker
  • 2087 Views
  • 1 replies
  • 0 Likes

SCCM : Clients to DP communication

Following is the one of prerequisites to set up a SCCM infra, is there any existing app-id that can be used to cover this port requirement. Will it need an explicit rule based on port/service range only or any changes needed in VR (IP multicast perspective) as well. Prerequisite :Client --> Distribution point configured for multicast, bo...

Dip741 by L0 Member
  • 2560 Views
  • 1 replies
  • 0 Likes

Resolved! Palo Alto Packet Capture Vs Monitor Vs Session Browser

Hi for a beginner why what does the packet capture enable me to do that the Monitor and Session Browser do not ? If possible please could someone give me a scenario for packet capture that identifies a problem which the other two would not pick up - is it the way traffic conversations are shown ? With the capture obviously you would be able to s...

MineMeld on Ubuntu 20.04 LTS

Hi Community, since April 2021 is getting nearer, Ubuntu LTS 16.04 is getting nearer to end of life. Is there any version successfully tested for Ubuntu 18.04 LTS or 20.04 LTS? Last time I tried installing it, installation failed due to dependencies or "bad gateway" errors when logging in to MineMeld. Is there a roadmap in general? Looking...

Chacko42 by L4 Transporter
  • 7914 Views
  • 7 replies
  • 1 Likes

Any chance of an Automated Rollback on Palo Alto firewalls?

Hi- Im familiar with Juniper equipment which all have the option to 'commit confirm' which automatically reverts the config change if a 2nd commit is not made within a certain period (default 10 mins I think). Its a life-saver if you have to administer remote devices, bbvsince if your change broke connectivity for any reason, in 10 minutes time,...

Resolved! Azure Palo Alto - ARP Not Found

Hello, Im having a problem with my PA deployment in Azure where i get ARP Not Found counters increase. I can normally resolve the issue by manually adding an ARP entry to the interface with the MAC of `12:34:56:78:9a:bc` but its really not a solution, rather a workaround. The architecture is similar to the above. My Azure PointToSite Gateway giv...

arch (2).png
ashleyk_0-1593612662816.png
image.png
image.png
ashleyk by L1 Bithead
  • 10716 Views
  • 2 replies
  • 1 Likes

Resolved! QoS Class Numbers

Hi Everyone! Just a quick question about classes in PanOS. I can see that there are eight classes named Class1 - Class8.As we use QoS profile rules to assign bandwidth and priority to a class, is the class I choose somewhat arbitrary? For example, I want to assign voice and video traffic to a class, and make it a high-priority class.Can I choose...

Luke_R by L2 Linker
  • 3978 Views
  • 2 replies
  • 0 Likes
  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks