This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1998 Views
  • 0 replies
  • 0 Likes

Radius Authentication Failure: Timeout

Issue: Authentication failure when using AD Account 

Log: Authentication Timeout to server 

 

Setup:

PanOS Version: 10.1.1

Panorama is not used 

NPS Installed on Windows Server 2016

Radius Server Profile Created

Authentication Profile Created 

Admin Role Crea

...

X-Auth IPSEC tunnel for Mobile doesn't work

Hello there:

Recently I enabled IPSEC and X-Auth for the GlobalProtect Gateway, hoping to let my mobile users could use remote IPSEC access VPN. But it didn't work as my iPhone kept showing "user authentication failed'. I am pretty sure the configs on

...

FelixXia by L0 Member
  • 3786 Views
  • 3 replies
  • 0 Likes

Resolved! How to graph total number of UDP sessions over time

We're looking at setting up Zone/DoS protection and we would like to have a graph in order to establish a baseline. I've seen the ones within Pano health but those seem to be total numbers. We'd like to be able to see UDP separately. Is there somethi

...

HA1-Backup connection down

Dear Team,

 

We got the below error continuously, Crosschecked HA configuration is good only.

 

Pan os: 9.1.3 Device: 3020

 

2021-09-07 08:30:32.699 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2870): Ending monitor increase holdup on

...

VishnuPS by L3 Networker
  • 3629 Views
  • 1 replies
  • 0 Likes

Vpn in Thailand and Asia

Is there anybody working from Thailand using Global Protect vpn?
I heard that the country can block vpn connection. While my company's configurations allow me working from Thai.

I'm planning to relocate and want to make sure i can work from there.

Would

...

Elena89 by L0 Member
  • 3506 Views
  • 2 replies
  • 0 Likes

CPS calculation per server

'Log at Session End, captures the number of connections at the session end." 
 
I am little confused by this statement. How does 'Log at Session End' help in calculating CPS for a server.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-pr
...

raji_toor by L4 Transporter
  • 5834 Views
  • 6 replies
  • 0 Likes

High Availability question

Hi all,

 

This is my first post on this forum. I am also a brand new Palo Alto customer and we just purchased a pair of 3220 firewalls.

 

As the subject says my question revolves around HA as I would like to start putting together a plan for design and d

...

Mushussu by L0 Member
  • 4727 Views
  • 2 replies
  • 0 Likes

Anyone have issues with 10.0.6

Just kind of a broad general question, but has anyone had any issues going from 9.1.x to 10.0.x in a large environment? Or would the preferred 9.1.x version be the way to go?

Show Shadow Rules 2021 Post

Hello -

I saw a post about this from 2012 and the answer was basically no.

 

Well, it's been nine years now and I'm hoping there is a way to view shadow rules without doing a commit.

Resolved! HSCI Port

Hi,

 

I finally received my pair of 3250s and noticed there is the HSCI port used for HA.  I didn't realize this before purchasing, so I do not have the cable.  Is there a reason why I can't just dedicate an interface for HA to use for HA2?  

 

In case i

...

ce1028 by L4 Transporter
  • 15255 Views
  • 6 replies
  • 0 Likes

Resolved! Web-GUI certificate not applying

Hello all,

 

After letting my cert expire (duh), I've imported a new one, exactly the same process as before.

For some reason the firewall isn't picking it up for Web-GUI, sticking with a self signed cert with the serial number as CN, but uses the inten

...

Block malicious domains at interface level

Hi Team,

 

I have a concern where is there any way to block malicious domain based or malicious ip based traffic ingress through the firewall to trust zone or dmz zone from untrust zone to be blocked at interface level even before it reaches to pbf or

...

  • 24216 Posts
  • 117 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks