General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Policy base routing for internal trafique

Hello everyone, I have two ISPs wan1 and wan2, for lan 1 it must go out through wan1 and lan2 through wan2. in the event of a problem with one of the wans, the associated lan will have to exit through the other wan temporarily. To do this, configure them two default routes with different metrics: 0.0.0.0/0 =wan 1 with metric of 10 0.0.0.0/0 = wa...

Capture.PNG

PA-3020 - Error: Threat database handler failed - Commit failed

Hi,Our Palo Alto has been rock solid for years, but last friday we realized we are unable to commit changes. We're pretty sure it started happening with the release of content package version 8462-6955. We hoped this was a one-off and the next upgrade would solve the issue. But all further upgrades have failed & we still can't commit chang...

dmetcalfe_0-1633077153050.png
dmetcalfe_2-1633077302969.png
dmetcalfe_3-1633077547586.png

One IPSec SA Stops Passing Traffic

I have a B2B tunnel with a business partner. There are 22 proxies, all defined host-to-host. The VPN peer is a Cisco firewall, I'm not sure of the model. Phase 2 lifetime is 8 hours. One particular SA stops sending and receiving traffic at each Phase 2 re-negotiation. When this happens the SA shows active on my PA-3250, PAN-OS 9.1.10 and on...

pnelson by L2 Linker
  • 4888 Views
  • 3 replies
  • 0 Likes

PA500 boot error with message "unable to connect to Sysd" and NIC in dataplane does not worked.

The firwall PA500 had a poweroff and boot,and after reboot the PA500 get a error with "Error: sysd_construct_sync_importer(sysd_sync.c:328): sysd_sync_register() failed: (146) Unknown error codeError: unable to connect to Sysd"When the device boot finished,the NIC port on dataplane did not power up and did not work.We could connect PA500 using c...

songjixian_0-1633214175896.png
songjixian_1-1633214215318.png
songjixian_2-1633214453435.png

Resolved! One session is utilizing 5-12% of CPU of my 5220 firewall

One session is utilizing 5-12% of CPU of my 5220 firewall. Session ID: 2155872259 show session id 2155872259 Session 2155872259Bad Key: c2s: 'c2s'Bad Key: s2c: 's2c'index(local): : 8388611I am not able to check the session information. Getting bad Key error. This session causing me extra 5-12 CPU utilazation. I tried clear the session but still...

NijithPN by L1 Bithead
  • 5692 Views
  • 3 replies
  • 0 Likes

X-VPN not getting decrypted

Hello, We would like to block the application X-VPN (used on apple iOS system as a VPN app). Using PAN-OS 8.0.1The firewall sees the traffic as either SSL, web-browsing or google base traffic and doesn’t appear to be decrypting it.The session ID says the URL is for bing.com in the session but the destination is 104.156.232.205.vultr.com which is...

1.png
2.png
Farzana by L4 Transporter
  • 13271 Views
  • 7 replies
  • 0 Likes

Resolved! Failed to download dynamic updates

Hello, I haven't been able to download any dynamic updates to our Palo VM-100 for a little over an hour. The message Failed to download file appears and in the system log I see connection to update server closed.For example, I also tried to download an older version of Global Protect, but this download also fails. Interestingly, for example, cur...

Inline ML always shows "unknown"

I'm trying to figure out if the "Inline ML" feature is working. A quick search of my logs for "dynamic-classification-verdict neq unknown" returns zero results. I found a support article with a sample file, but it says I have to host it on my own webserver. Does anyone have another way I can test it?

Maxstr by L1 Bithead
  • 2218 Views
  • 1 replies
  • 0 Likes

Block from old Browser Version

Hi Community, I work to create a role that should block old browser versions. But I have not found out this special point how you can say from a certain version that these are blocked and only allowed from the safe status. Is there a solution? Many thanks for your help

holmegan by L0 Member
  • 4840 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels