This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Testing during Palo Alto 3000 cluster upgrade from 8.1.15-h3 to 9.1.11

Hello, I would like to know if an upgrade that traverses multiple major versions requires testing after an upgrade to each major version? Our upgrade path is: 8.1.15-h3 -> 8.1.20 -> 9.0 -> 9.0.14 -> 9.1 -> 9.1.11 Ideally, we would only upgrade one appliance in the cluster all the way to 9.1.11, though I know this is not recommend...

landoa by L1 Bithead
  • 3702 Views
  • 4 replies
  • 0 Likes

PA L2 interface ARP problem

Hi, I have a PA with two switches connected to the PA via L2 interface, in trunk. The same switches have a trunk between them. PA---SW1| |SW2--| So far so good, STP works and the network is stable. If one of the links between switch and PA falls (exemple PA to SW1) everything works too, all the traffic is redirect to PA via SW2, but as ...

DiogoFG by L0 Member
  • 4065 Views
  • 3 replies
  • 0 Likes

QOS on tunnel interface

Hello Bro, We are in process to configure QOS rules to control SMB over VPN.The tunnel interface can't be set as a destination interface, does that mean to use the interface that serving the tunnel?if I use the interface as the destination interface I receive error states that "destinaton interface must be a subif".SSL VPN configur...

PA3020 Replacement

I am planning to replace my HA pair of 3020 with PA-460s...what are you thoughts on this? I feel like the 460s are for branch offices and not data center although the specs are better or similar to 3020...they don't support LACP and they don't have dedicated HA ports...thoughts?PA-4605.2/4.7 Gbps firewall throughput (HTTP/appmix)2.4/2.6 Gbps thr...

Anees10 by L1 Bithead
  • 8103 Views
  • 7 replies
  • 0 Likes

Resolved! Terminal Server agent internet not working

Hi Team, We have configured the terminal server agent and tested it out for few agents and it was successful. But, for the same user's internet was not working some times. Agents version is the latest version. Have checked the source port allocation and their count is not exceeded. But still, somewhere it's misbehaving in mapping the IP-user-por...

VishnuPS by L3 Networker
  • 6851 Views
  • 8 replies
  • 0 Likes

Resolved! How to identified the APP on APP ID

Hello, I would like to know how to identified the application of the paloalto APP ID. When this application is using the ssl encryption, how this PA identified the APP name?

PA-3020 - Error: Threat database handler failed - Commit failed

Hello,We have a PA-3020 running FW 7.1.24 on an end of life infrastructure to be shutdown by the end of year. This PA-3020 has no longer any subscriptions/support. We are in need to enable a Security Policy for a few hours and found we can't commit due to the Threat Database Handler failed message.I see several posts and KB Articles regarding th...

tir7436 by L0 Member
  • 2563 Views
  • 1 replies
  • 0 Likes

2 OSPF process

Dear Community, I have 2 OSPF process on AsA, now I wont to replace Asa with PA, as I know PA only can run one OSPF process. Is it possible to solved this? Thank you in advance.

Dadonis by L0 Member
  • 1895 Views
  • 1 replies
  • 0 Likes

Hiding Global Protect version

Hello , for one of our customer , they did some pentest and came back with a report that our Global Protect Portal shows the version of GP They advised if is it possible to hide GP version info . When a user opens the GP Portal , version info is not displayed . But could be with pentest/VA tool it is So is there a way to completely hide version...

PBF Without Gateway

PBG without gateway Good afternoon, is it possible to configure a PBF, without specifying the gateway IP address, just apply the outgoing interface and that's it? is this possible ? I remain attentive, thank you very much. Best regards

Metgatz by L4 Transporter
  • 1957 Views
  • 1 replies
  • 0 Likes

Resolved! BGP Loose Route

Dear, good evening, can someone please help me. I have two Palo Alto configured by BGP and I am sending some routes via bgp and they appear as "loose ?" what can I do in this case, how do I solve this problem? Thank you in advance for your support. Best regards

2021-11-05 23_47_22-PA-VM.png
2021-11-05 23_47_02-PA-VM.png
Palo Alto_BGP.png
Metgatz by L4 Transporter
  • 8151 Views
  • 3 replies
  • 0 Likes

2 VM series HA Setup in Azure with ELB

Hi all, I've setup 2 VM series in a sandwich topology and want to know the following in terms of the setup:How to configure the 2 virtual routers being trust and untrust for the static routes that point to the ELB?How to configure the NAT for outbound traffic?What are the advantages of having a ILB, if there's no applications that require LB, th...

Dynam0 by L1 Bithead
  • 2206 Views
  • 1 replies
  • 0 Likes

Renewing a Subordinate CA Certificate for firewall, issued by MS Server Enterprise CA

Hi, I've been looking all over for some guidance on this, without much joy. I am trying to renew a subordinate-CA certificate on a firewall, that was issued by a Windows Server Enterprise CA. Obviously there is no Renew function on the firewall for that cert as it was externally issued - and it appears on Windows server you can only renew Subord...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks