This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4126 Views
  • 0 replies
  • 0 Likes

Traffic Deny due to DNS?

Hello, I was given a chunk of IP addresses and domains/urls to update into an existing blacklist on the firewall. I go to objects and create ip-netmask for ip addresses and FQDN objects for domains/urls. Some of the domains i received come in the form of url like "xxxxxx.xxx.com/*" and "https://xxxxxxxx.com/xxxx/xxxx.zip " I decided to create...

dnserror.png
Kenchh by L0 Member
  • 3343 Views
  • 1 replies
  • 0 Likes

Rendezvous Point query

Hi Team, We have already used one interface for RP can we use one more interface to configure RP ??please find below snapshor for reference

GideonKonga_0-1638293621158.png

Commit-All to Specific Device Using API in Powershell

I am using Powershell to make API requests to Panorama which cause various commands to be executed on specific NGFWs. I would like to do a commit-all to a specific firewall, not the entire DG/template stack. The documentation Commit-All (paloaltonetworks.com) lists the following command:curl -X GET "https://<panorama>/api/?key=apikey&t...

Have: old PA-200. Need: firmware 5.x

Hi,I bought a PA-200 new many years ago but support long expired on it. I've been using it simply as a home office firewall since then and have never upgraded PANOS so it's at 4.1.6. Honestly it's running fine, but the old SSL version is forcing me to use old browsers now and really it needs to be upgraded.PA only shows firmware back to versio...

user id group mapping

Hello I have several questions to ask you about the user ID.1)We say that the LDAP does not map between the ip and the user, so who does the mapping between the ip and the user name? 2) then, when we configure the mapping of group. I do not understand the mapping of group in what it consists? To associate the name of the user and his ip or to ...

Sarou22 by L2 Linker
  • 4817 Views
  • 6 replies
  • 0 Likes

Resolved! HIP Notification question

Hi, A question regarding HIP notifications. I have enabled HIP notifications for GP clients connecting in and they trigger when a violation of the HIP profile is detected e.g. firewall turned off, but just wanted to clarify something in the Palo documentation. Palo documentation below seems to indicate that the HIP profile needs to be attached ...

BenPrice_0-1637729906099.png
BenPrice_1-1637729949128.png
Ben-Price by L4 Transporter
  • 11876 Views
  • 7 replies
  • 0 Likes

XML output command of ARP managment in 9.1.11

Hello , I have multiple firewall with running PAN-OS 9.1.11 and above version.i am facing an issue to generate XML output command of ARP managment. When i run the ARP managment command to set XML output on i am getting the below error:- admin@PA-VM-Passive> set cli op-command-xml-output on admin@PA-VM-Passive> show arp management Server er...

License issue

Hello , we have a customer who renewed the premium partner support When we go to License tab , we can see Premium Partner support renewed But when i go to Support Tab, it still shows date of 2020 Is it cosmetic ? We already tried to fetch the license via cli but same status on support TAB

how to configure gre over ipsec?

Anybody know how to configure gre over ipsec ?from the 9.0,pa support gre tunnel and only one word describe about this feature.(Optional) Select Add GRE Encapsulation to enable GRE over IPSec.Add GRE encapsulation in cases where the remote endpoint requires traffic to be encapsulated within a GRE tunnel before IPSec encrypts the traffic. For exa...

Felixcao by L3 Networker
  • 4408 Views
  • 3 replies
  • 0 Likes

Resolved! Static route path monitor shows UP with invalid next hop

I'm running PAN-OS 10.1 on a VM-100. I have DHCP on an interface and use a script to update an address object with the default gateway from the DHCP interface. I have a static route with next hop set to this address object and path monitoring enabled. I've run into a situation where if the DHCP lease expires (something upstream fails with the pr...

palo-next-hop-0.png
palo-next-hop-254.png

Resolved! IPSec tunnel rekeying

Hi all, We are using tunnel monitor on the IPSec tunnels and i am wondering if rekeying childs SA, causes the tunnel monitor to bring the tunnel down. In additon i would like to know if PA stores a log of all the rekeys for each tunnel. TIA

Resolved! Site to site VPN between Azure and VM300 - SQL replication slow

Hi folks, I'm facing some throughput issues with a site to site vpn between my onprem site (vm-300) and azure (VpnGw1).Scenario:- Windows cluster + SQL Always on Availability Groups (async commit)- 2 nodes on premises (sql01 and sql02)- 1 node on azure (sql03).- Link speed 150Mbps- Latency between on prem and azure: 15ms Ipsec tunnel is working,...

Selection_112.png
infrags by L1 Bithead
  • 6493 Views
  • 6 replies
  • 1 Likes

PanOS 9.1.11 (-h2) on PA-3020 cannot drive all physical ethernet interfaces except for management interface.

Does anyone know whether PanOS 9.1.11-h2 runs on PA-3020? I have upgrade PanOS on PA-3020 to 9.1.11-h2, and the PA-3020 now cannot drive physical ethernet interface except for a management interface. When I downgraded to PanOS 9.0.14-h3 or 8.1.20-h1, it came back to work again. Here is a little debug out: hoge@fw02> show interface hardware S...

ohmori7 by L1 Bithead
  • 4626 Views
  • 4 replies
  • 0 Likes

How to Convert Device Specific objects into Shared

Hi everyone, Hope everyone is doing Great. I have one question regarding the shared objects and here is the problem I am facing. I am trying to find the best way to convert device specific objects(addresses, services, tags) into shared objects. I was using Expedition to convert around 9300 objects into shared with the help of multi edit feature...

  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks