This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4222 Views
  • 0 replies
  • 0 Likes

Users and group mapping

Hello everybody!Sometimes users' group memberships are not recognized by the firewall integrated user id agent. In the useridd.log we see this message:2019-03-29 10:12:45.317 +0100 Warning: pan_user_group_user_prime_uid_lookup(pan_user_group_multi_attr.c:1314): For tierkonet\adisfo user, domain tierkonet does not exist in group-mappingIt says th...

Help needed for odd situation: Expired licenses interfering with commit?

Here's my situation: We were planning a new firewall installation, but that got some major delays after the start of the pandemic. Now I've noticed that we no longer have a support contract for our PA-5050 cluster (no doubt not renewed because we expected the new installation to be online by now). I wouldn't be too concerned, since we could prob...

mds by L0 Member
  • 2653 Views
  • 1 replies
  • 0 Likes

Resolved! Policy base routing for internal trafique

Hello everyone, I have two ISPs wan1 and wan2, for lan 1 it must go out through wan1 and lan2 through wan2. in the event of a problem with one of the wans, the associated lan will have to exit through the other wan temporarily. To do this, configure them two default routes with different metrics: 0.0.0.0/0 =wan 1 with metric of 10 0.0.0.0/0 = wa...

Capture.PNG

PA-3020 - Error: Threat database handler failed - Commit failed

Hi,Our Palo Alto has been rock solid for years, but last friday we realized we are unable to commit changes. We're pretty sure it started happening with the release of content package version 8462-6955. We hoped this was a one-off and the next upgrade would solve the issue. But all further upgrades have failed & we still can't commit chang...

dmetcalfe_0-1633077153050.png
dmetcalfe_2-1633077302969.png
dmetcalfe_3-1633077547586.png

One IPSec SA Stops Passing Traffic

I have a B2B tunnel with a business partner. There are 22 proxies, all defined host-to-host. The VPN peer is a Cisco firewall, I'm not sure of the model. Phase 2 lifetime is 8 hours. One particular SA stops sending and receiving traffic at each Phase 2 re-negotiation. When this happens the SA shows active on my PA-3250, PAN-OS 9.1.10 and on...

pnelson by L2 Linker
  • 4727 Views
  • 3 replies
  • 0 Likes

PA500 boot error with message "unable to connect to Sysd" and NIC in dataplane does not worked.

The firwall PA500 had a poweroff and boot,and after reboot the PA500 get a error with "Error: sysd_construct_sync_importer(sysd_sync.c:328): sysd_sync_register() failed: (146) Unknown error codeError: unable to connect to Sysd"When the device boot finished,the NIC port on dataplane did not power up and did not work.We could connect PA500 using c...

songjixian_0-1633214175896.png
songjixian_1-1633214215318.png
songjixian_2-1633214453435.png

Resolved! One session is utilizing 5-12% of CPU of my 5220 firewall

One session is utilizing 5-12% of CPU of my 5220 firewall. Session ID: 2155872259 show session id 2155872259 Session 2155872259Bad Key: c2s: 'c2s'Bad Key: s2c: 's2c'index(local): : 8388611I am not able to check the session information. Getting bad Key error. This session causing me extra 5-12 CPU utilazation. I tried clear the session but still...

NijithPN by L1 Bithead
  • 5599 Views
  • 3 replies
  • 0 Likes

X-VPN not getting decrypted

Hello, We would like to block the application X-VPN (used on apple iOS system as a VPN app). Using PAN-OS 8.0.1The firewall sees the traffic as either SSL, web-browsing or google base traffic and doesn’t appear to be decrypting it.The session ID says the URL is for bing.com in the session but the destination is 104.156.232.205.vultr.com which is...

1.png
2.png
Farzana by L4 Transporter
  • 12861 Views
  • 7 replies
  • 0 Likes

Resolved! Failed to download dynamic updates

Hello, I haven't been able to download any dynamic updates to our Palo VM-100 for a little over an hour. The message Failed to download file appears and in the system log I see connection to update server closed.For example, I also tried to download an older version of Global Protect, but this download also fails. Interestingly, for example, cur...

Inline ML always shows "unknown"

I'm trying to figure out if the "Inline ML" feature is working. A quick search of my logs for "dynamic-classification-verdict neq unknown" returns zero results. I found a support article with a sample file, but it says I have to host it on my own webserver. Does anyone have another way I can test it?

Maxstr by L1 Bithead
  • 2185 Views
  • 1 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks