This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

Decryption GitHub not working

Hi We are trying to run a api from passbolt to Github. In this we are doind decryption in PA. If we add a SSL exception *.github.com is working fine or "no decrypt" policy is working fine. any idea? Here our health check: passbolt]# su -s /bin/bash -c "./bin/cake passbolt healthcheck" nginx ____ __ ____/ __ \____ _____ ____/ /_ ____ / / /_/ /_...

BigPalo by L4 Transporter
  • 4941 Views
  • 2 replies
  • 0 Likes

Resolved! Panorama logs per second

Does upgrading the CPU and memory for panorama increase the logs per second that a single virtual panorama in panorama mode can handle? Link below appears to show that as the case. I always thought that the limits were around 10k per second regardless. Upsizing specs must increase that? https://docs.paloaltonetworks.com/panorama/10-1/panor...

Sec101 by L4 Transporter
  • 4083 Views
  • 3 replies
  • 0 Likes

DNS resolution stops working as long as GlobalProtect connected

hello guys, Some of the users got the DNS issue for the external websites after globalprotect connected, the users are able to ping the external IP address but just the DNS does not work.There was no change applied to the Firewall recently and only a few users got this issue.not sure if someone else got the same issue and how did you fix that? T...

DongQu by L2 Linker
  • 1972 Views
  • 1 replies
  • 0 Likes

Strict IP Address Check after 9.1.12

Customer upgraded to 9.1.12 and after that it was noticed that for some of the zones, traffic was dropped. During debug,it was concluded that reason is Strict IP Address Check in the Zone Protection Profile:"flow_dos_pf_strictip 1 0 drop flow dos Packets dropped: Zone protection option 'strict-ip-check'"In the 9.1.12 release notes it is noted:PA...

nikoo by L3 Networker
  • 9100 Views
  • 8 replies
  • 1 Likes

Why Did Strict IP Address Check Break this VPN?

We have been working with TAC to find the cause of this issue where FTP client could no longer upload to external companies FTP server over the VPN tunnel. After many days, we started a packet filter on the Public Internet (WAN) interface, which is a different zone from the tunnel interface, and were still seeing drops due to "flow_dos_pf_stric...

ms.jzam by L2 Linker
  • 23526 Views
  • 30 replies
  • 0 Likes

Resolved! refresh external dynamic list real time with cli

Hi,I need to update in real time the external dynamic list IP. Looking for this doc https://docs.paloaltonetworks.com/pan-os/9-0/cli-reference/pan-os-9-0-configure-cli-command-hierarchy.html and cli command "find command keyword",didn't see any command help me to do the issue.I think take a cli command and execute them with api request solve my ...

Resolved! FIPS Failure upon boot

One of devices was not properly shut down due to a power outage in a building. When the device started back up, it appears that it entered maintenance mode. The reason is FIPS failure. I have attempted to reboot the device from maintenance mode and appeared to work (was able to get to the normal prompt for asking password when attempting ssh)...

BryanSG by L0 Member
  • 10726 Views
  • 2 replies
  • 0 Likes

QoS max egress, no effect

Hi there, I'm playing with QoS in our lab. I have a simple setup with two queue, first for SMB traffic, second for RDP traffic.The max egress value is set, but when I transfer data, then both queues get bandwith values. What I am doing wrong here?

PA QoS Monitor.png
PA QoS Profile.png
PA QoS Policies.png
Netzer by L3 Networker
  • 2658 Views
  • 2 replies
  • 0 Likes

active-directory-base application isn't match traffic when services/URL Category is set to "application-default" in security rule

Hello,I use a Firewall at version 10.0.8-h8. I wrote a rule to allow the application "active-directory-base" (which contains several ports) in the application section then "application-default" in the services/URL category section as recommended by PA. The observation I made is that the flow never matches this rule. It is even dropped by the int...

Ouattara by L0 Member
  • 3434 Views
  • 1 replies
  • 0 Likes

site to site VPN on TP-link --- PALO ALTO ---- AWS

As of now STORE router/POS1 able to reach the head office(PALO ALTO) via site to site VPN and HeadOffice(PAN) to AWS also working via site to site VPN. But our main goal is that POS1/Store able to reach the AWS network. As of the momment POS1 not able to reach the AWS networks. I already tried to add a route on the PAN from Store network going t...

IPSEC S2S store to HO to AWSrev1 .jpg

global protect connectivity issue (version 5.2.10)

Hi Team, We have facing the connectivity issue on GP Agent 5.2.10. After turning off the windows firewall, it's connecting. Please let us know how we can achieve this without disabling the windows firewall. Because in earlier versions of GP client we have never asked users to follow this method and it’s not recommended to turn off the windows fi...

VishnuPS by L3 Networker
  • 3009 Views
  • 2 replies
  • 1 Likes

User-ID Agent not mapping users

Hello, Im trying to configure User-ID Agent. Dedicated users is created, with details acroding to: Create a Dedicated Service Account for the User-ID Agent (paloaltonetworks.com)Agent version: 10.0.4-23Agent is installed on Windows Server 2019.DC's are on Windows Server 2019.All is up to date. This is the status of the agent: But still this is...

mgwozdz_1-1644489742592.png
mgwozdz_2-1644489787346.png
mgwozdz by L1 Bithead
  • 2604 Views
  • 1 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks