This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Resolved! Is the Cloud Identity Engine required for filtering by Group when using Entra without LDAP?

I feel like I've read every document on this forum but I can't seem to find a solid answer to this question. I'm sure someone will link 4 other posts..... 🤦‍♂️ I am using SAML Auth to Entra for GlobalProtect. I can auth to the Portal if I specify the user directly (using domain.com\username - username@domain.com does not work). I can also ...

KSaucier_0-1748887583212.png

Shutting down/disabling subinterfaces

I am very new to the PANOS world so I will apologize in advance if this is obvious, however my search of documentation and knowledebase did not yield anything. I have been looking for a way to administratively shut down sub interfaces. Is this possible? While it's easy enough to shutdown a physical interface by assigning it's link-state we're no...

scourge by Not applicable
  • 33282 Views
  • 15 replies
  • 0 Likes

Join RQL query throwing Failed to execute RQL search . Illegal Argument

Hello team, I am trying to execute the below join query in achieve the below output- 1. Only Service accounts that has have elevated roles (e.g., roles/owner, roles/editor) 2. Service accounts that have atleast one user-managed key config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-projects-get-iam-user' AND json.rule =...

Thoughts and experience with the Prisma secure browser

Hello Community, I'm looking for general feedback on those who have or had used the secure browser for DLP. Things that work well, things that didnt, etc. Just looking for non sales honesty on it. The purpose of its use would be to use the DLP feature when users utilize AI prompts etc. To help prevent PII or PHI leakage. Thanks in advance!

Resolved! Clone a Device Group?

Hi Guys, I have Panorama with a few device groups; how do I clone one of them from GUI so I can do testing without impacting a production device group? Thanks

tinhnho by L3 Networker
  • 10990 Views
  • 5 replies
  • 0 Likes

Resolved! PA-200 Stuck in Maintenance Mode, attempting factory reset

I'm attempting to factory reset a PA 200 that was on the spares shelf. The unit appears to be stuck in Miantenance mode, every reboot command boots in maintenance mode. I attempted to execute the factory reset and the message I get is: "No current image found, please use advanced options" So I click on advanced options and it asks for a pa...

Resolved! Redistribution UIA not working...... INTERNAL ERROR

Hi, I configured a PA in order to redistribute UIA mappings to another FWs. All the config is OK but its not working. I can see this in the FW redistributing: (active)> show redistribution service status Redistribution info:Redistribution service: downReason: internal error i tried to restart process UIA MGMTServer.... any idea about ...

BigPalo by L4 Transporter
  • 2088 Views
  • 3 replies
  • 0 Likes

Resolved! Modify System Alerts

I'm wondering if it's possible to modify alerts in PAN-OS. We've enabled email notifications for critical alerts and I'd like to change one type in particular. Our firewalls begin sending alerts related to license expiration 30 days in advance. Is it possible to change it to 60 days? Example Alert:SYSTEM ALERT : critical : License for feature wi...

IpSec VPN Phase1 negotiation problem

Hi All, I have two 4G router and two ipsec vpn tunnel. Routers are exactly same.VPN configs are exactly same (except Ips) one tunnel up and running but other one failed at Phase1 It gives me "IKE phase-1 negotiation is failed. Peer\'s ID payload 192.168.225.100 (type ipaddr) does not match a configured IKE gateway." error. I global search on Pal...

Lacrymae by L1 Bithead
  • 9653 Views
  • 5 replies
  • 0 Likes

Resolved! Certificate question when importing configuration to a different model

I know you can import configuration snapshot from one model to another but what happens to the certificates? Does the certificates gets imported and still work just fine or do I need to generate a new CRS and import new certificates. Side note, the new box will have a different name then the old box. Going from a PA-850 to PA-1410.

Hue by L0 Member
  • 910 Views
  • 1 replies
  • 0 Likes

UIA user normalized issue

Hi, We have 2 cluster firewalls with the same config for UIA and Group mapping. If i look for an IP. show user ip-user-mapping all | match IP I cant see a different behavior. One cluster shows user as use@domain and groups where this user belongs -> GOOD BEHAVIOUR Another cluster shows thee user as domain/user and this user donest belong ...

BigPalo by L4 Transporter
  • 656 Views
  • 1 replies
  • 0 Likes

SCIM directory only shows old user data when I change the new SCIM directory domain.

We previously had an SCIM integration with an old Azure AD tenant. Recently, we migrated to a new Azure AD SCIM connection, using the same user data (i.e., usernames and attributes remain unchanged).However, we have observed that logs are still showing references to the old SCIM source.I suspect this may be an issue related to User-ID mappings i...

Palo alto interface DHCP

I have configured DHCP on 4 interfaces, each DHCP on a different subnet. I connected each Palo alto port to a unique switch with the understanding that all devices connected to particular PA port will get ip addresses only from the corresponding DHCP but unfortunately the ip addresses are leased randomly. Scenario: port 1: DHCP pool (192.168....

PA440 HA failover not working

I'm having an issue with a HA failover with 2 PA440s. When I finished setting up the HA for both firewalls the first time, I was not able to sync them, it threw me a strange error and after some research, I found documentation where it stated that I had to clone both firewalls from firewall 1 to 2. I did that saving the device state from the act...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks