This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! How to graph total number of UDP sessions over time

We're looking at setting up Zone/DoS protection and we would like to have a graph in order to establish a baseline. I've seen the ones within Pano health but those seem to be total numbers. We'd like to be able to see UDP separately. Is there something we can setup in ACC, Reports, etc..?

HA1-Backup connection down

Dear Team, We got the below error continuously, Crosschecked HA configuration is good only. Pan os: 9.1.3 Device: 3020 2021-09-07 08:30:32.699 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2870): Ending monitor increase holdup on commit end2021-09-07 08:30:32.699 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_stat...

VishnuPS by L3 Networker
  • 3834 Views
  • 1 replies
  • 0 Likes

Vpn in Thailand and Asia

Is there anybody working from Thailand using Global Protect vpn?I heard that the country can block vpn connection. While my company's configurations allow me working from Thai.I'm planning to relocate and want to make sure i can work from there.Would be grateful for any information, maybe you heard anything from somebody concerning Thailand or n...

Elena89 by L0 Member
  • 3968 Views
  • 2 replies
  • 0 Likes

issue if there is a one certificate profile for Windows User-ID agents and Terminal Services (TS) agents

As per below image You can only assign one certificate profile for Windows User-ID agents and Terminal Services (TS) agents. We want to enable secure communication only between User-id agent and firewall , so we will import server certificate only in user-id agent. If we apply certificate profile under Device > User-Identification > Connec...

Deepak25_0-1630874133815.png
Deepak25 by L3 Networker
  • 2773 Views
  • 2 replies
  • 0 Likes

CPS calculation per server

'Log at Session End, captures the number of connections at the session end." I am little confused by this statement. How does 'Log at Session End' help in calculating CPS for a server.https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresho...

raji_toor by L4 Transporter
  • 6330 Views
  • 6 replies
  • 0 Likes

High Availability question

Hi all, This is my first post on this forum. I am also a brand new Palo Alto customer and we just purchased a pair of 3220 firewalls. As the subject says my question revolves around HA as I would like to start putting together a plan for design and deployment. My question is probably really stupid but I just want a bit of clarification on how an...

Mushussu by L0 Member
  • 5264 Views
  • 2 replies
  • 0 Likes

Anyone have issues with 10.0.6

Just kind of a broad general question, but has anyone had any issues going from 9.1.x to 10.0.x in a large environment? Or would the preferred 9.1.x version be the way to go?

Show Shadow Rules 2021 Post

Hello -I saw a post about this from 2012 and the answer was basically no. Well, it's been nine years now and I'm hoping there is a way to view shadow rules without doing a commit.

Resolved! HSCI Port

Hi, I finally received my pair of 3250s and noticed there is the HSCI port used for HA. I didn't realize this before purchasing, so I do not have the cable. Is there a reason why I can't just dedicate an interface for HA to use for HA2? In case it matters, these firewalls will be located on internet edge.

ce1028 by L4 Transporter
  • 16222 Views
  • 6 replies
  • 0 Likes

Resolved! Web-GUI certificate not applying

Hello all, After letting my cert expire (duh), I've imported a new one, exactly the same process as before.For some reason the firewall isn't picking it up for Web-GUI, sticking with a self signed cert with the serial number as CN, but uses the intended cert for GP portal with no problem.Running 10.1.0, couldn't find any mention in the documenta...

Block malicious domains at interface level

Hi Team, I have a concern where is there any way to block malicious domain based or malicious ip based traffic ingress through the firewall to trust zone or dmz zone from untrust zone to be blocked at interface level even before it reaches to pbf or policy or processing over firewall.Is there any way to block malicious domain before it is being ...

Resolved! Captive portal URL not working when accessed from inside zone

I have configured Captive Portal with MFA and it works fine when the user traffic is originated from Untrust side of the firewall. When the URL "https://<firewall name>:6082/php/uid.php?vsys=1&rule=0" access from one of the internal zones (e.g.) Trust, it does not work. I have user-identification enabled on all zones. User from outsid...

GlobalProtect breaks internet access

hello guys,Did some of your GP uses complain that they lost the internet after GP connected?It just happens recently and for some users only.GP version is 5.2.7 Thanks

DongQu by L2 Linker
  • 2270 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks