This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4437 Views
  • 0 replies
  • 0 Likes

procedure to clear logs of M200 disk-pair

M200 is in HA with local log collector configured on both panorama and log redundancy enabled. We want to disable redundancy to gain additional space for logging. We want to clear logs of Secondary Panorama M200 disk-pairs and use it for logging from scratch. No procedure found in Panorama Admin guide.Please suggest best way to clear the stored ...

Deepak25 by L3 Networker
  • 3707 Views
  • 3 replies
  • 0 Likes

Resolved! Does Global Protect VPN has Two-Factor Authentication - Looking at VM-100/300 virtual PA and Physical PA-820

Team, Customer is looking for Multi-Factor authentication for VPN client, currently they have GlobalProtect, but they need to enable MFA for remote users, does Palo Alto has any feature or solution to achieve this? Need to check if both VM-Series and Physical has built-in MFA for remote VPN users (Global Protect) VM-100/300 virtual PA and Physi...

Connecting 3rd-Party VPN Device to PA-3220

Hi. Wanted to ask for opinions, suggestions, and experience on this. We have a Cisco ASA VPN Device from our vendor and we'll need to connect this to our PA-3220 FW. So basically, Internet --> PA3220 ---> ASA VPN --> LAN. This ASA will be inside our network and NOT remote. I would like to know if there is a way to connect this and make ...

Mitel decrypt error

Hi all,we have a open ticket with TAC, but wanted to ask if anyone's seen this, we're in the testing phase of it, and one of the phone's traffic shows up in the logs as decrypt error in the end result, so that phone is not able to login to the mitel portal, tac also disabled the user-id policy to narrow it down(I have tried to add a app override...

cdcirexx by L3 Networker
  • 7729 Views
  • 8 replies
  • 0 Likes

AWS x PAN 2 tunnels PBF backhaul internet static routes?

Anyone run into this before? I have 2 x AWS tunnels (No BGP) and I want failover to occur and I want to backhaul internet traffic from AWS out through the PAN. I have connectivity between AWS and on-prem with no static routes configured. However, if I try to backhaul internet traffic from AWS across the s2s vpn tunnel (attached to TGW) it fai...

drewdown by L4 Transporter
  • 5706 Views
  • 6 replies
  • 0 Likes

User not able to access one site

Not able to access the site is on another location I can ping the site it's responding I check session-id packet capture nothing was found.I create a policy for that user without any restriction still not able to access the site. In monitor its shows the application no sync TCP I did the zone protection thing from kb Paloalto article still no l...

Does Active-Active HA supports more users?

Hi Guys,My company bought a PA firewall a few months back. At that time we had around 85 users and PA technical person suggested that it will handle up to 100 users in our environment. Now, we have around 70 more people who joined our company, so total employees will be around 160. Now I have few questions -1) If we buy one more firewall (same m...

Satyam by L1 Bithead
  • 3025 Views
  • 2 replies
  • 0 Likes

Resolved! Threat ID 35823 is exempted then also it is blocking the traffic

Hi, HTTP SQL Injection Attempt threat id: 35823. we have exempted this threat id but it is blocking the traffic. on the traffic log, the session end reason is showing threat and in the threat log, it is showing reset-both. Want to know why it is still blocking and how can I troubleshoot this further.

Resolved! Apple Software Updates Issue with Palo Alto

Hi,If we try to update apps on a iPhone they don’t update but if we remove the security profiles the apps update with no issues. When you click update it attempts to do the download and just fails We are using following security profiles(image attached). We think this may actually be a bug. The update is only successful if the rule has NO profil...

1 (7).png

PPPoE Disconnection frequently.

Facing PPPoE session disconnection issue. As per ISP, this is a Firewall issue as from Laptop or Computer (directly connected to ISP Router) no disconnection being observed.Palo Alto PA-3020 Following logs and capture packet are below 2021-07-15 11:27:25.969 +0400 debug: log_write(ppp/utils.c:678): No response to 5 echo-requests2021-07-15 11:27:...

Email Gateway External IP

Good afternoon, currently for sending and receiving mails with Office 365 is using a Cisco CES ( Cisco Email Security ). This device only has a couple of public IPs, it is external to the organization. In Palo Alto, when configuring the SMTP Gateway. Is it possible to set a Public IP? The CES should allow the IP of the Palo Alto (MGT Interface E...

Metgatz by L4 Transporter
  • 2258 Views
  • 1 replies
  • 0 Likes

Resolved! Firewall Replacement/Upgrade

Hello,I am rather new to the Palo Alto FWs, and I am looking to replace 2 existing PA3020's in an HA pair with two PA3220 also in an HA pair. I've never done a full swap like this so is there any Best Practice recommendations and/or upgrade checklist for steps needed to perform this type of an upgrade? Also, I'm curious if I can swap one firew...

GreenA by L0 Member
  • 5235 Views
  • 1 replies
  • 0 Likes

Data Redistribution: If a PAN has it's self defined as an Agent - will it redistribute to it' self?

Hello Live Community,We want to create a template "base_config" which will program all PANs with the same User-ID, Group Mapping, configurations.Part of that would be defining the all PAN's Serial numbers as Data Redistribution agents.So my question is this:If PAN Serial 1234567890 has a Data Redistribution Agent for Serial 1234567890 on port 50...

Fusco by L0 Member
  • 2721 Views
  • 1 replies
  • 0 Likes

More information about SSL Decryption and PAN-OS 10.0

Hey guys, I just wanted to let you know that I have just blogged about "What is SSL Decryption" and wanted to call your attention to it. Please read it here if you have not already seen it: https://live.paloaltonetworks.com/t5/blogs/what-is-ssl-decryption/ba-p/342598 But I wanted to create this thread about that blog if you wanted to sit and...

jdelio by L7 Applicator
  • 4587 Views
  • 2 replies
  • 3 Likes
  • 24374 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks