This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4222 Views
  • 0 replies
  • 0 Likes

DHCP Server Does Not Lease Reserved IP Address from 2nd Time

Hi, I'm currently doing DHCP server migration from Windows server's DHCP server function to Palo Alto PA-3200 series, with PAN-OS 9.1 series. I copied over all the configurations from Windows server to Palo Alto including the IP address reservation. After migration, what happened was that, for an IP scope that corresponds to a VLAN with 802.1X d...

Putty cursor is stuck there after PA-VM starts

Hi, Palo-alto PA-VM-KVM-9.1.0.qcow2 is installed into GNS3 version 2.1.21 based on the below link. I try every configuration is same as the link. Two vCPU, 4G RAM and 8 interface. but after it start, it shows below message and then stop at the end of the below message. Anyone can give some suggestion? Thank you https://www.gns3network.com/how-t...

PAFrank by L2 Linker
  • 5434 Views
  • 3 replies
  • 0 Likes

Resolved! IPSEC ikev2-send-p2-delete

Hi all, I have a IKEv2 IPSEC from PA to PA Firewall with tunnel monitoring enabled on one end. The tunnel suddenly went and the peer with no tunnel monitor is sending every 4 seconds a ikev2-send-p2-delete. What could be the reasons behind this behaviour? Regards

Uninstall Global Protect 5.2.5 via Intune Scripts

Good day, I need to uninstall Global Protect from bout 100 user devices. We deploy and remove application using Microsoft Endpoint Manager (Intune). I have created a script using this uninstall command:This command reported that it ran successfully on the devices and uninstalled Global Protect as intended, however when I logged into the devices,...

Jabulani15_0-1639402078994.png

Vulnerability wrong action Palo

Hi, We are having a weird issue in Palo. We have a FTP server and we can not access because Palo detects this vulnerability: Name: SSH User Authentication Brute Force AttemptUnique Threat ID: 40015The Palo action is "alert" for this vulnerability but its being blocked "block-ip". I attach the screenshots: why Palo is detecting a normal access a...

pic1.JPG
pic2.JPG
BigPalo by L4 Transporter
  • 2523 Views
  • 1 replies
  • 0 Likes

Resolved! JSON Miner with basic auth and an API key

I would like to have a miner to connect to the Pingdom API to pull a list of their US node addresses. The Pingdom API uses basic auth and requires an "app key". Their documentation references two HTTP headers, authentication and app-key: > GET /checks HTTP/1.1 > Host: api.pingdom.com > Authentication: Zm9vQGV4YW1wbGUuY29tOnBhc3N3b3J...

Resolved! GlobalProtect portal data collection available in logs?

Starting with PAN-OS 9.0 there is the ability to assign specific agent configurations based on software and app settings on GlobalProtect portal configuration.It's possible to collect registry data from Windows endpoints under the new tab "Portal Data Collection". Now my question. Is it possible to see somewhere in the logs what data was collect...

portal-data-collection-custom-checks-windows
Tobi by L2 Linker
  • 7662 Views
  • 6 replies
  • 0 Likes

Encryption mode between 6.0 and 9.1

My company are going to migrate upgrade one firewall from 6.0 to 10.1.And I found below KB points out the supported payload options above and below PANOS 7.0.Several IKE/IPSec profiles are using aes128 for ESP encryption, is it aes128 equal to aes-128-cbc?https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYtCAK PAN-OS 5....

TonyTam by L1 Bithead
  • 2704 Views
  • 3 replies
  • 0 Likes

Spare-Device / OSS appears as normal Device with expired licence in CSP

Dear all, I tried to register a device as spare via "Assets -> Spare" in the CSP, but instead of appering as Spare it is now listed under "Assets -> Devices" with an expired licence. I tried to open a support case via "Get Help", but because the device-licence is expired, i can't select the asset and im never able to finish the support for...

x0NeLo by L0 Member
  • 2202 Views
  • 1 replies
  • 0 Likes

CTD usage and commit and update errors

VM-300, 10.0.8-h4 on KVM.At one point issue with commit showed up:Error: Error reading signature DFA datafailed to handle CONFIG_UPDATE_STARTAlso updates for Wildfire & Apps/Threats were not being installed. HA sync started to fail.It was concluded that CTD resource usage is high - show system setting ctd state, Content Allocator Usage was 1...

nikoo by L3 Networker
  • 3964 Views
  • 1 replies
  • 0 Likes

Does Palo Alto support URL rewrite option ?

I have a query is When any user (OUTSIDE/INSIDE) accessing the URL or application like JIRA and CONFLUENCE which is hosted on the AWS server on the internet. that user's traffic hit into the ON- Premises data center instead of the internet and should be inspected by the ON-Premises DLP server. Also, to make this possible on the basis URL rewrite...

sagjoshi by L0 Member
  • 3268 Views
  • 1 replies
  • 0 Likes

Resolved! Allow streaming media of news category.

Hi everyone, One of our customer Has a requirement to block all streaming media but wants to allow streaming from news category,eg suppose any news channel is redirecting to youtube or any streaming sites it should be allowed but if user is trying to reach directly to youtube or any other streaming it should be blocked. streaming sites redirect...

KashifSh by L1 Bithead
  • 3816 Views
  • 2 replies
  • 0 Likes

ESXi deployment question for Palo -VM series (L3 Mode)

I'm having trouble interpreting this link for deployment scenarios of the vm series Palo Firewalls. Looking for clarification...https://docs.paloaltonetworks.com/vm-series/10-1/vm-series-deployment/set-up-a-vm-series-firewall-on-an-esxi-server/supported-deployments-on-vmware-vsphere-hypervisor-esxi.html We have an ESXi cluster with 3 hosts runn...

geewiss by L2 Linker
  • 5838 Views
  • 10 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks