This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1807 Views
  • 0 replies
  • 0 Likes

OSPF passive interfaces question

What is best practice to advertise connected networks on a single VR where you have OSPF running and neighboring on an Internal Firewall  interface to router, and want to advertise multiple segmented/firewalled networks directly attached the same fir

...

Sec101 by L4 Transporter
  • 4446 Views
  • 3 replies
  • 0 Likes

SSL Decryption: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY

Hi paloalto community,

 

we're currently still testing ssl decryption and discovered a new error, which I can't google to find a solution.

 

If we're visiting the following site, we get an "ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY" error. Site: https://ww

...

2020-01-13 11_42_30-pa-1.png
2020-01-13 11_42_39-pa-1.png
2020-01-13 11_42_56-Anhängerkupplung M240i _ M140i.png
2020-01-13 11_46_30-www.1erforum.de.png
mrkskhn by L1 Bithead
  • 58862 Views
  • 36 replies
  • 0 Likes

Doubt about multiple SAs in IPSEC tunnel

Hi,  

 

We have a tunnel working but looking in the logs we see many installed SAs. So we think it should be a SA for line in proxy ID.

 

So why all these logs about "installed SA"?  Any idea?

 

vpnjs.JPG
BigPalo by L4 Transporter
  • 2204 Views
  • 1 replies
  • 0 Likes

PA-500 fan too noisy

Hi,

 

I think one of our PA-500's fan is always running at 100% speed,

Because it's too noisy than others,  

 

Following is output of environmental, it says RPM is just 1, 

 

Does anyone know solution for this problem?\

 

Thanks,

pa-500 output.png

Resolved! Apps & Threats version 8434-6840 fails to install

Hi 

 

I've had 2 separate NGFW's fail to install Apps & Threats DB version 8434-6840 with this message:

  • Error: Application group 'Wifi_Allowed_Apps' member 'visual-studio-live-share-direct' does not exist
  • Error: This content install has failed because ap
...

ShaiW by L1 Bithead
  • 4555 Views
  • 5 replies
  • 0 Likes

Resolved! Getting GPG error updating

We installed minemeld a year or two ago and have been running apt-get monthly with no issue. Today running apt-get had CRC errors shown below. I looked through this forum but didn't find anything that looked related. Any help would be appreciated.

T

...

CharlesSFG_0-1627405622967.png

TCP Reset being dropped at firewall

 

 

I have a client accessing a Citrix CAG via a firewall at one site on HTTP that I see traversing the FW, exist out towards the internal PA firewall reaches its destination.  The destination server is sending a TCP RST, we are told to redirect the br

...

Resolved! Multicast issue

AE1.1 is the static RP(10.1.1.1/24) and ae1.1 has 10.1.1.1/24 assigned to it. All the 10.0.0.0/8 routes are served by this sub interface and RP configured on switch is 10.1.1.1

AE1.2 hosts the mcast server and AE1.2 has gateway of 172.16.0.1/24.

Multic

...

multicast.png
raji_toor by L4 Transporter
  • 3220 Views
  • 1 replies
  • 0 Likes

Resolved! Static Bi-Directional NAT translation

Hi,

 

Is it possible to have 2 static bi-directional NAT rules configured for the same public IP address e.g. mapping one public IP address to 2 internal servers using the below linked config?

 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/n

...

Ben-Price by L4 Transporter
  • 3171 Views
  • 2 replies
  • 0 Likes

Internal host detection not Working

I have an external Gateway and I wish to setup always-on except when on local LAN. As a test i am doing this on my own username but it seems to always want to connect to external GW regardless of my settings.

 

I have turned on Internal Host detection

...

welly_59 by L3 Networker
  • 10813 Views
  • 11 replies
  • 0 Likes

User-Mapping Server Monitoring

Hi All,

 

Wanted to know the Best Practice for the User-Mapping with Server Monitoring, we have a few Firewall Sites which utilize the server monitoring feature whereas the vast majority others do not and use only windows User-ID agents for probing and

...

  • 24241 Posts
  • 117 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks