This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4131 Views
  • 0 replies
  • 0 Likes

Newbie: VPN on PanOS 10

Hi everyone, This is probably trivial, but I am fairly new to this so bear with me:I would like to set up the PA firewall as a VPN server for users to connect to (ideally, using only the built-in windows client). After authentication they should have access to a couple of servers connected to a single network port on the firewall, but they shoul...

PANOS 9.1 know issue PAN-83610 network processor

PAN-83610In rare cases, a PA-5200 Series firewall (with an FE100 network processor) that has session offload enabled (default) incorrectly resets the UDP checksum of outgoing UDP packets.Workaround: In PAN-OS 8.0.6 and later releases, you can persistently disable session offload for only UDP traffic using the set session udp-off load no CLI comm...

VLim by L2 Linker
  • 4187 Views
  • 1 replies
  • 1 Likes

Maintenance mode

When we try to access maintenance mode keeping "M" press the device just stop booting and nothing appears on console. Then if I press the M after some seconds just normal boot. We also try typing "maint" but no luck

v-ealva by L0 Member
  • 3352 Views
  • 2 replies
  • 0 Likes

VWire Radius (NPS) via Mgmt

Happy 2022 ! We've just setup VWires for our branches firewalls (A/A Layer 2), no ip address on any interfaces except :- Mgmt (routable and managed by Panorama)- HA1-3 (non-routable address) Most of the device management (SNMP, NTP and etc via Mgmt IP) works fine except for Radius authentication, we did some troubleshooting :- tested on the fir...

annielee by L2 Linker
  • 3186 Views
  • 4 replies
  • 1 Likes

Downgrade from 9.1.12.h3 version to 9.1.9

Hi All, I have decided to upgrade my Palo Alto 850 from version 9.1.9 to 9.1.12.h3 but after the secondary Palo Alto upgrade facing an issue where interface are not getting up so my team decided to roll back to version 9.1.9. Should my configuration completely wiped out if i downgrade my device ? or if no then what are the precaution i have to t...

PANOS 8.0.x restart IPSEC tunnels from GUI

Dear all, we found out that we are not able to restart VPN tunnels in PANOS 8.0.x from GUI because its grayed out and it is an expected behavior as you can see the message "Restart disabled because OK". The conclusion is that on version 8.0.x it's not possible anymore to restart the tunnel from GUI if the tunnel is up and running, but you can st...

Rboehme by L2 Linker
  • 5652 Views
  • 3 replies
  • 0 Likes

Remote backup issue

I am trying to backup the config from a remote backup server. The backup file is generating but no config showing in the file. Instead when I open the xml file, I can see this " <?xml version="1.0"?> -<response code="403" status="error"> -<result> <msg>Type [export] not authorized for user role.</msg> " The st...

Kerberos SSO for Captive Portal

Been working through options for gathering userID data on non-domain-joined machines lately, so here's another complete option using Kerberos (krb) SSO. Create a user in AD (my example, username: krb.palo), check the boxes for:User cannot change passwordPassword never expiresThis account supports Kerberos AES 256 bit encryptionNOTE: this account...

jbworley_0-1641995839136.png
jbworley_1-1641995839170.png
jbworley_2-1641995839174.png
jbworley_16-1641997811010.png
jbworley by L1 Bithead
  • 5608 Views
  • 1 replies
  • 5 Likes

Resolved! Best practice to write an application based policy whith some ports different from standard

Hello,I would need to write a policy to allow Oracle connection on specific servers.Unfortunately I have some Oracle instances that don't use the standard TCP 1521 port.How can I handle this problem writing just one rules that matches all my destination Oracle servers even if there are different port used? Thanks for your reccomendations Regards

MGatti by L1 Bithead
  • 3586 Views
  • 2 replies
  • 0 Likes

Resolved! user-id not mapping

Hello community, I'm facing an issue with user-id agentless. i did the following configurations Create LDAP Server Profile LDAP/Group Mappings configured on FW User-ID Group Mapping Settings. server monotoring is connected Include network set User ID on the source Zone enabled account service on AD with the differents rights : events log read...

Resolved! about session offload

Hello the purpose is to minimze the cpu consomption but in wich way ?how the offload work exactly?thank's

Gregoux by L4 Transporter
  • 21906 Views
  • 7 replies
  • 0 Likes

Resolved! Log collector drive bays question

Hey all,I need to replace a disk on a Palo Alto M600 log collector There are no disk labels on the device. Could anybody here confirm which bays are A1/A2 and B1/B2? I've attached a photo. I'm guessing A1 starts the top left but I' not sure. #m600

Screenshot 2022-01-12 at 11.09.51.png
Modo2016 by L1 Bithead
  • 3164 Views
  • 3 replies
  • 0 Likes

Resolved! Missing PANGPS Virtual Ethernet Adapter

When launching Global Protect for the first time, the computer will prompt for the portal to connect to. The portal information will be enter and when hitting connect it will only display "Connecting...". It will not get to the username and password login screen. While working on the computer, it was identified that the PANGPS Virtual Ethernet A...

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks