This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Internet Traffic

Hi Community, This is my first message and hope I am in the right place. I am tasked with taking our single internet connection (4Gbps) and carve in two lanes. One lane will service normal traffic; internet, vpn, remote access, telephony, etc. The second lane would be dedicated to send backups data to the cloud. I'd like to take a 75/25 approa...

Resolved! S2S VPN between PA-3020 and Cisco ASA 5525

Hi All, 1st Post so hopefully i'm doing this correctly. I am trying to setup a VPN tunnel to a 3rd Party. We have a PA-3020 and they have a Cisco ASA. They do have another Cisco in-between both our devices which is performing NAT. Hence we have enabled NAT-T. The main issue I am having is that the tunnel is not coming up. The error message I get...

CPS doesn't work

Documentation says we should measure CPS for creating baseline. I have done this for last 20 days collecting CLI output every 3 seconds and have Panorama data to back it up. Below is last 7 days data, CPS never peaked beyond 20K and on average is below 4K.Using Syn-Cookie Max Threshold is 35K and activate as Zero. So it should start dropping pac...

image.png
raji_toor by L4 Transporter
  • 5805 Views
  • 5 replies
  • 0 Likes

Resolved! Scripting offline updates.

I would REALLY like to find a way to automate offline dynamic updates. I’ve been trying to script the process with a bat file and plink. I can get it to login with SSH but nothing after that. I found a post, link below, on here from about 5 years ago, that suggests what I’m trying to do may not be possible. Hopefully something has changed. ...

Bad_Goat by L1 Bithead
  • 7938 Views
  • 7 replies
  • 0 Likes

GlobalProtect Portal - No certificate profile configured, but prompt for certificate

Hi Community,I got a strange problem and want to hear, if someone got the same.We got a Panorama managed PA-3220 PAN-OS 8.1.7 with GlobalProtect portal, external gateway (which share the same IP) and an internal gateway.The external gateway got a certificate profile defined, the portal not.If I open the Webpage, the Portal prompts for a certific...

Chacko42 by L4 Transporter
  • 10740 Views
  • 5 replies
  • 0 Likes

ha2 keep alive

Hi,I am getting the below message ,there is no specific interval (around 30 min) it countinously happens from three days .What is the action need to be taken HA Group 1: Local HA2 keep-alive up04/15 14:57:47HA Group 1: All HA2 keep-alives are down04/15 14:57:39HA Group 1: Local HA2 keep-alive down04/15 14:57:39 How do i begin the troubleshoo...

simsim by L4 Transporter
  • 19429 Views
  • 16 replies
  • 0 Likes

Convert VM-Series Perpetual to Flexible License (Credits)

Hi All, I have a number of VM-Series perpetual licenses with subscriptions that are due for renewal and would like to migrate to flexible licensing so I can purchase credits to add new subscriptions. I've found the process to do this as follows however I'm looking to understand what happens to the perpetual license entitlement that I have for VM...

Resolved! PAN-OS for the PA3020

Hi All, We have a range of PAN models and try to upgrade them all to 10.0.7 but find out the PAN 3020 does not have 10.0.7 available yet.Either in CSP web site or software update on the firewall. Do i miss a step somewhere ?Please help.ThanksLeQ

Qui by L2 Linker
  • 6366 Views
  • 4 replies
  • 0 Likes

Suspicious TLS Evasion Found(14978)

Dear Team, I have configured the web service behind PA. and attached the security profile . i can see in the thread logs the thread is generating "Suspicious TLS Evasion Found(14978)".i have gone through the below KB but didn't understand https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBwCCAW&lang=en_US%E2%80%A9 mo...

Jafar_Hussain_0-1631539667011.png

RDP with another account deleting the local mapping

Hi, We use GP to connect to our company. So when i open a RDP to internal server using administrator user, my local mapping change also to administrator. We are using agentless for userid. What option do we have in order to keep the local mapping? i read about adding to "ignore user list" but i can not click OK when i add a user.

BigPalo by L4 Transporter
  • 2217 Views
  • 1 replies
  • 0 Likes

WildFire EU connection timeouts

Some of the customers are experiencing following errors with PAN devices (updates OS 8.x) that use WildFire EU (about 5-10 per day at random times): Event: 'wildfire-conn-failed'Severity: 'medium'Description: 'Failed to perform task multiple times resulting in connection timeout with WildFire Cloud eu.wildfire.paloaltonetworks.com' If they chang...

VVlada by L1 Bithead
  • 10390 Views
  • 6 replies
  • 0 Likes

IP for Cluster HA Active Pasive

Hello,We have a 3200 series HA cluster active/passive version 9.1.10.The requirement is to access through a single ip always to the active node.That is, I have an IP for the active node and another for the passive node but I want to configure a single IP to access the active node either one or the other.Can anyone help me to configure it? How do...

Alpalo by L4 Transporter
  • 3628 Views
  • 2 replies
  • 0 Likes

GOOGLE MAPS WHILE BLOCKING OTHER GOOGLE SERVICES

Does anyone have any ideas on how to permit access to Google Maps but block access to all other Google services? I have tried using a rule matching the Google-Maps application however it requires google-base which allows many other Google services. I have also tried using custom URLs for maps.google.com and www.google.com/maps; however, Google m...

j.moore by L2 Linker
  • 15937 Views
  • 12 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks