This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4444 Views
  • 0 replies
  • 0 Likes

Resolved! Modify System Alerts

I'm wondering if it's possible to modify alerts in PAN-OS. We've enabled email notifications for critical alerts and I'd like to change one type in particular. Our firewalls begin sending alerts related to license expiration 30 days in advance. Is it possible to change it to 60 days? Example Alert:SYSTEM ALERT : critical : License for feature wi...

IpSec VPN Phase1 negotiation problem

Hi All, I have two 4G router and two ipsec vpn tunnel. Routers are exactly same.VPN configs are exactly same (except Ips) one tunnel up and running but other one failed at Phase1 It gives me "IKE phase-1 negotiation is failed. Peer\'s ID payload 192.168.225.100 (type ipaddr) does not match a configured IKE gateway." error. I global search on Pal...

Lacrymae by L1 Bithead
  • 10029 Views
  • 5 replies
  • 0 Likes

Resolved! Certificate question when importing configuration to a different model

I know you can import configuration snapshot from one model to another but what happens to the certificates? Does the certificates gets imported and still work just fine or do I need to generate a new CRS and import new certificates. Side note, the new box will have a different name then the old box. Going from a PA-850 to PA-1410.

Hue by L0 Member
  • 1012 Views
  • 1 replies
  • 0 Likes

UIA user normalized issue

Hi, We have 2 cluster firewalls with the same config for UIA and Group mapping. If i look for an IP. show user ip-user-mapping all | match IP I cant see a different behavior. One cluster shows user as use@domain and groups where this user belongs -> GOOD BEHAVIOUR Another cluster shows thee user as domain/user and this user donest belong ...

BigPalo by L4 Transporter
  • 721 Views
  • 1 replies
  • 0 Likes

SCIM directory only shows old user data when I change the new SCIM directory domain.

We previously had an SCIM integration with an old Azure AD tenant. Recently, we migrated to a new Azure AD SCIM connection, using the same user data (i.e., usernames and attributes remain unchanged).However, we have observed that logs are still showing references to the old SCIM source.I suspect this may be an issue related to User-ID mappings i...

Palo alto interface DHCP

I have configured DHCP on 4 interfaces, each DHCP on a different subnet. I connected each Palo alto port to a unique switch with the understanding that all devices connected to particular PA port will get ip addresses only from the corresponding DHCP but unfortunately the ip addresses are leased randomly. Scenario: port 1: DHCP pool (192.168....

PA440 HA failover not working

I'm having an issue with a HA failover with 2 PA440s. When I finished setting up the HA for both firewalls the first time, I was not able to sync them, it threw me a strange error and after some research, I found documentation where it stated that I had to clone both firewalls from firewall 1 to 2. I did that saving the device state from the act...

Active-Active NAT Rule Binding

I can't find anything which goes into enough detail on Active-Active design around NAT and more importantly ARP. The easiest way to explain the current deployment is as follows: Site 1 / Firewall A Site 2 / Firewall B Each firewall is connected to unique networks and routers internally and externally. The expectation is to provide redundancy...

CHammock by L2 Linker
  • 7594 Views
  • 4 replies
  • 1 Likes

Python: panos opstate

I'm having tremendous success automating security policy updates with the panos Python library, but I'm currently stuck on obtaining the hit counts of rules programmatically. I'm able to access all attributes of the SecurityRule objects, but the opstate hit_count attributes all come back as None. Relevant code; if type(rule) is SecurityRule...

dawonk by L0 Member
  • 1107 Views
  • 1 replies
  • 0 Likes

Configure SAML for GloblaProtect and use groups to filter

Hi, I would like to configure SAML for my GP authentication and I would also like to be able to assign IPs by user groups and configure rules for these remote users by user groups. Does anyone know if this is possible? how can match users received from SAML with LDAP mapping?

BigPalo by L4 Transporter
  • 1612 Views
  • 3 replies
  • 0 Likes

ACC not displaying

PANOS version: 11.0.3-h3 We are experiencing a recurring issue with the Application Command Center (ACC) on our Palo Alto firewall. Every 2–3 days, the ACC becomes unresponsive or stops updating properly. The only way to restore functionality is by manually executing the following commands: 1. set logrcvr offline-logpurger percentage-threshold...

Action of allow  but of Type policy deny

Hi panos 11.2: I am using SSL Inspection for all inbound traffic on my web sites. Certain TLS connections with TLS inspection enabled did not work. Looking at the traffic log the connections shows an Action of “allow” but of Type “deny” with Session End Reason of “policy-deny”. No decryption logs issues (even the log flag for decryption prof...

chens by L3 Networker
  • 6410 Views
  • 13 replies
  • 0 Likes

I cannot move the vlan interface IP to new vlan 10 interface

Hi, can anyone help me? I keep receiving this error even after I removed or changed the IP on the VLAN interface. I also tried pushing VLAN interface 10 (without an IP) first along with the subinterface. It was successful, but when I try to deploy the IP change, the error still occurs. I am deploying from Panorama. In router default: address 192...

  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks