This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! Cannot Access Web Server External Only Internally

Hello, I am trying to deploy a new PA850 and I am unable to access any web servers externally. I can access internally using the public IP using I believe the u-turn policy. Any help would be appreciated Thank You, MJF  

Screen Shot 2021-10-29 at 10.14.43 AM.png
Screen Shot 2021-10-29 at 10.15.04 AM.png

Disable weak cipher suite in SSH

I would like to disable weak cipher suite in SSH for over 100+ Firewalls with the following commands. The firewalls are running in High-Availability (H/A) mode, version 9.1.10: configureset deviceconfig system ssh ciphers mgmt aes256-ctrset deviceconfig system ssh ciphers mgmt aes256-gcmset deviceconfig system ssh default-hostkey mgmt key-type ...

dtran by L4 Transporter
  • 6317 Views
  • 7 replies
  • 0 Likes

User mapping not happening properly

We have recently added a user in the server list.We are able to see the user in LDAP but when it comes to firewall we are not able to see the user in security policy.When i checked the user with following commandshow user ip-user-mapping all | match user nameI am not able to find that user as well.As a trouble shooting can i restart the user map...

Resolved! Globalprotect Portal same IP w/ management interface

Hello,Before setting up globalprotect portal, I could access the management interface using the public IP externally. Once I configured globalprotect portal for VPN, the IP now directs you to globalprotect welcome login page. Which is normal, cause I remember reading that, and you can access the administrative interface with the same IP and addi...

icap by Not applicable
  • 10406 Views
  • 5 replies
  • 0 Likes

Generated traffic logs showing weird information

I have a VM-500 panos-8.1.18. I am seeing traffic logs with below flagsSession End Reason- policy-deny (means traffic denied as per policy)Action -Allow ( how can action be allowed when traffic is denied via policy)Type- deny We also have ssl decryption enabled.

How do I set bgp auth-profile secret in XML?

<auth-profile><entry name="BGP"><secret>-AQ==9wW2MMYTyjIArw6U5IgQlTHDTnc=zwKe7XpB+qQLdlenAO8tkg==</secret></entry></auth-profile> The configuration appears to be encrypted, maybe using the master key or something. Is there anyway to set this in XML config to a *new* value using cleartext or some other encoding?

Resolved! IKE Error

In my system logs I'm seeing the following error: "IKE phase 1 negotiation is failed. Couldn’t find configuration for IKE phase-1 request for peer IP x.x.x.226[500]." The bizarre thing is that the tunnel IS working despite this error!!! The reason for the error appears to be that the IP address listed "x.x.x.226" is the wrong IP address! It sho...

Can we use SFP+ with PA-820?

Hi, Guys. I plan to use the PA-820.The PA-820 has only two HA ports.I am planning to substitute the HA ports with SFP ports.Can I use the PAN-SFP-PLUS-CU-5M with the PA-820?The PAN-SFP-PLUS-CU-5M is cheaper than the PAN-SFP-CG, so I would like to use the PAN-SFP-PLUS-CU-5M if it is available.I would appreciate it if you could tell me. I am a b...

Lisa_35 by L0 Member
  • 3001 Views
  • 1 replies
  • 0 Likes

Palo Alto IPV6 configuration for firewalls running in active-active HA

Hello All, We have a customer planning to enable IPV6 firewalling in their current data center firewalls. The firewalls are currently running in active-active HA mode. I have the below queries. 1. When I configure IPV6 address on the interfaces, is there any possibility that the HA will break or it will have flaps?.2. When I configure floating ...

shabeeb by L1 Bithead
  • 3701 Views
  • 4 replies
  • 0 Likes

antivirus not able to update

we have recently renew our license of thread prevention . As application and threats are update but the antivirus is not update from Palo alto server. We downloads the AV from support portal and manually install in FW and run this command still antivirus is not able to update. Please suggest. 2021-01-19 13:10:30.791 +0500 Error: pan_get_curren...

Joshan_Lakhani_1-1611061626483.png
Joshan_Lakhani_2-1611061703048.png

Properly routing IPv6 across site-to-site IPSEC tunnel

Configuration: I have two /56 IPv6 prefixes, one which is used in our Bay Area office, and one which is unused. I have taken a /64 from the unused /56 prefix and assigned it for use by our office in The Netherlands. They will use DHCP to assign the addresses to a small set of workstations that need to send IPv6 traffic across our site-to-site tu...

Resolved! Log interface configuration under PA FW

Hi folks, We have PA 7050 firewall chassis and after upgrade to version 9.1.11, we got a sync HA issue, the TAC told us that it's mandatory to configure the log card interface. So we created a log interface to resolve the issue, the sync HA issue was resolved but the log traffic is no more sent to the syslog server. TAC told us that the log traf...

URL with port

Hi, Wondering if someone can help me out. I've done some searching and have not come up with with much I have a user who needs to access a few webpages on a custom port. The link for example is something like: https://custom1.config.fake:2546/info but there are a few more like https://custom2.config.fake:2546/info , and https://custom3.config.fa...

FW_Newb by L0 Member
  • 4270 Views
  • 3 replies
  • 0 Likes

Resolved! Transitioning from a physical interface with sub interfaces, to aggregated interface with sub interfaces

Hello Everyone, I have a well developed PA based network, with a single interface and many sub interfaces, trunking to my switches. I need to change this to an aggregated interface, with all the same sub interfaces I currently have.What options do I have to convert everything over from the current interface with TONS of sub interfaces, zones, p...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks