This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Routing Table size on PA appliances

Hello All, We are looking into use PAs as routers on some of the sites. This will entitle us to accept BGP routes from Prisma and OSPF from internal routers. That's the reason I would love to find out if there's a limit (I am sure there is) for ammount of prefixes per each model of PA appliances? I think I've found a post here from 2013 regardin...

SAML Login to local firewall certicifacte

I am getting a SAML error after renewing a few certs that expired. eventid eq saml-certificate-errorCan you use the same IDP xml file across multiple Device SAML profiles? IDP is Microsoft azure.and ( description contains 'Failure while validating the signature of SAML message received from the IdP "", because the certificate in the SAML Messag...

How to Setup IP Helpers on PAN Firewall for PXE Services

I'll start off by waving the "I'm not as strong in networking & network security as I probably should be" flag so I apologize in advance for my lack of expertise in these areas and products.In short, I need assistance getting PXE to work on devices connected to a PA-820. In this particular case the PA-820 is the DHCP server which is differen...

Techdocs Subject not matching content when arriving via search engine link.

When using the following link the header of the page states "Download and Install the GlobalProtect App for Windows" but the text is about "How to install the GlobalProtect App for Linux". The way I arrived at this page was the following:I searched for "download global protect agent" using the search engine Startpage.com One of the results (in...

Resolved! DNS Security

Hi, We are getting warning message (Warning: No valid DNS Security License) when we commit every time. currently we are using PAN OS 9.0.5. Is it possible to disable this warning message. Regards,Logesh S.

Logesh by L1 Bithead
  • 31166 Views
  • 24 replies
  • 1 Likes

Resolved! Inbound SSL decryption

I am trying to set up a TLSv1.3 / TLSv1.2 webserver behind a palo firewall with ssl inbound decryption.However i seem to get a lot of ssl errors and the website does not work if specific ciphers are not listed first...For one I would like to understand why that is and even ciphers listed here have issues: https://docs.paloaltonetworks.com/compat...

CLIq by L3 Networker
  • 15161 Views
  • 9 replies
  • 0 Likes

Resolved! Upgrading PANs in Serial Question

I have two PAN 3220s operating as Virtual Wires behind a pair of ASA 5525s. Normally in upgrading a pair of PANs you upgrade the standby, then suspend the primary (secondary takes over), upgrade the primary. Repeat as necessary to get to your target version. But since these are behind another HA pair, I'm concerned I could end up with a situatio...

palomed by L3 Networker
  • 2610 Views
  • 2 replies
  • 0 Likes

Resolved! Licensing in active passive cluster

Hi there, we plan to replace an old firewall cluster against an new one from PA. It will be an active-passive cluster of 2 PA-850 boxes, we plan to use threat prevention + dns security license.There is only one box active, the other one is on standby. Is it enough to have the licenses only for the active system, or do we need a license for the p...

Netzer by L3 Networker
  • 5016 Views
  • 1 replies
  • 0 Likes

Advanced URL License not showing in Panorama?

I recently renewed some licensing on firewalls. The URL Filtering subscription changed to Advanced URL Filtering. On the firewall, under licensing, everything shows fine. In Panorama, for those firewalls, I noticed after doing a refresh, Pano shows them as not having any URL Filtering license. Is anyone seeing something similar?

MikeC_0-1640794406956.png

Restrict Google Domain login

Hello,I have been using a header insertion to restrict login to an approved list of Google Domains for a couple of years now. However, I have now encountered an issue and was wondering if anyone else had a similar experience or has any idea what to do.On one of our domains, there is a regular but seemingly random occurrence of login failures wit...

Network segmentation via nexus using VRFs and virtual router Palo alto with BGP peering

Requirement: have to make firewall config based on network configuration done on Nexus. My challenge is Communication is not posoble with network guys coz they are Chinese, customer speak different language as well. OBJECTIVE: we want DC firewalls to be used for filtering or traffic only and nexus to do the core routing.. In the config I can se...

IMG-20220208-WA0012.jpg
Sukhmeet by L1 Bithead
  • 7097 Views
  • 1 replies
  • 0 Likes

flow_fpga_ingress_exception_err and high latency

Recently deployed several PA-5250s Running 10.1.3 and there is a issue that randomly comes and goes.Latency for traffic going through the firewalls spikes to 100-500ms. I was able to capture one thing that looked peculiar and that was flow_fpga_ingress_exception_err counts were high (8169388322) and the rate was high (12468). But I can't seem to...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks