This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Is there CLI - Enable and Commit Policy

Dear all, Since my WebUI is not responding even with a system reboot and management restart by CLI, SSH works fine, Is there a way by CLI to enable and commit Policy? Any help would be greatful. Thanks, Sean

Resolved! RADIUS And Open LDAP Integration.

Hi team, I have come through as a requirement from one of my clients, They are using RADIUS Server for RSA authentication for globalprotect, but in USER ID they are using OpenLDAP, So in the ip-user-mapping, Whenever user connecting to globalprotect, I can see the user detecting from the GP and the only as "username", but the customer has config...

PA blocking windows updates?

Howdy, Trying to figure this out. It almost seems that our pa220 is blocking windows updates. See my first pic, does session end reason threat mean it stopped the connection? I ask because I cannot get this update to download on any windows 10 pc in my environment see pic 2, it starts to download and stops at 2% then errors out. . Yet it will do...

fw1.JPG
fw2.JPG

Resolved! IPSec tunnel creation issue

Hello all, one of our customer is trying to create the IPSec tunnel between PA and Fortigate. When phase 1 is initiating in main mode negotiation failed error and we find error in system logs: 2020-02-18 14:55:18.010 +0200 [PERR]: { 12: }: Expecting IP address type in main mode, but FQDN.2020-02-18 14:55:18.010 +0200 [PERR]: { 12: }: 197.157.129...

Logesh by L1 Bithead
  • 16877 Views
  • 9 replies
  • 0 Likes

Resolved! High Availability for Firewalls in diferent locations over Layer 3 network

Is it possible to configure high availability between Palo Alto VM series Firewalls that are located in different buildings over a network to connect both firewalls? I have two VM-300 Firewalls that are Active/Pasive with Global Protect in the same physical Server, which will result in a single point of failure. Recently there was an electrical ...

Resolved! MP CPU is a lot higher in GUI than what CLI shows

We have a pair of PA-VM, vm300 in Azure. it's got 16vCPU and 65G of RAM. When I look at the "System Resources" in GUI, it is consistently above 85% and peaked to 100% from time to time. In CLI, "show system resources" shows it's hardly doing anything, 80%id. I do believe GUI is telling me the truth because I get kicked out GUI when 100% is re...

gangqu by L1 Bithead
  • 2883 Views
  • 1 replies
  • 0 Likes

SSL Inspection for Chromebooks

I was having some trouble with SSL decryption on my chromebooks and after a bit of Google searching I came across this Google article and I wanted to share with others since there was nothing like this in the community. If I didn't exclude these when my chromebook booted I would just end up with a blank box and you could not login or anything. Y...

bbilut by L3 Networker
  • 8138 Views
  • 2 replies
  • 6 Likes

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, and stop touching your face (I see you doing it now). One of the things that is happening all ...

jdelio by L7 Applicator
  • 54802 Views
  • 43 replies
  • 33 Likes

Resolved! PBF is working, but I want to exclude GP

Hello everyone, New here and fighting with my new PA-820. I have 2 ISP's and I want to make the best use possible of those two.So I created a PBF which reroutes HTTP and HTTPS traffic over the 2nd modem.Now I have speeds over 350mbit/s for clients and not bothering other important server data which I have only 40mbit/s for. So this is all workin...

traffic drop for website for some time

im facing issue when accessing website which is hosted on cloud.i have created object of website and called in policy . this issue occurs when i have called object in destination and im trying to access website . if i have access this website as destination put any then it will accessible.

SurajN_0-1629302616883.png
SurajN_1-1629302708937.png
SurajN by L2 Linker
  • 1982 Views
  • 1 replies
  • 0 Likes

Resolved! Single DNS_Proxy Interface serving multiple networks

Hi Sirs/Mesdames, I have a Paloalto with DNS-Proxy activated and serving the LAN interface, let's say: 10.0.0.1 (dns_proxy) Is it possible to point clients from networks on interfaces/networks to use the same dns_proxy configure for LAN (10.0.0.1) Example:client 192.168.0.10 on eth2 could use dns_proxy 10.0.0.1 previously configured for LAN on e...

Resolved! PA upgradation from 9.1.4 to 9.1.9

Hello All, Need my upgrade my PA 850 Series Firewall from 9.1.4 to 9.1.9. Is it supportable or can i do it directly without concerning about Content updates. Please help.

Knowledge sharing: Troubleshooting and investigating full hard disk and full partitions (logs, config, root, etc.) issues on Palo Alto devices.

When the Palo Alto partition is full depending on which partition is full differen issues may happen. The Palo Alto versions like 9.1.x and newer have much less issues with disk space like the 8.1 version, so an upgrade to newer version may help in many cases. 1. Generally I have seen issues becase of full disk where the HA communicaton is im...

Destination Nat using ISP Pool address

Hello All, Need to configure destination Nat with Nat Pool Provided by ISP. Below are the ip details : 182.72.150.0/30--Wan IP Pool182.72.150.2/30--Configure at Palo Alto Interface182.72.150.1/30--ISP gateway IP 182.80.48.176/29--Lan IP Pool Provided by ISP.182.80.48.177-182.80.48.177-182--Usable IP Basically i want to do destination Nat using...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks