This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4107 Views
  • 0 replies
  • 0 Likes

Resolved! Single Interface Trunk Hairpin problem for All traffic traversing Firewall?

Have a site that we want to firewall traffic off into a few segmented zones. I would like to do all of this with 1 management interface, and a single palo alto trunked interface that would carry multiple vlans. To be clear, in this instance, the firewall would already be on the inside of the network and not an edge device.The firewalled networ...

Sec101 by L4 Transporter
  • 4033 Views
  • 1 replies
  • 0 Likes

Address group convert to shared

Running version 9.0.12Moving to a multiple vsys enviroment from a single vsys, we are not running Panorama. Looking to change all of the address objects in the first vsys to "shared" so the others can access them. Thus far I have not found a way to do it and I am looking for suggestions. Thank you in advance!

Wildfire updates chenge

Hi, We have configured to download the "wildfire updates" every minute. So whats is the recommended value for this? Sometimes we face this error, and we are thinking to increase the time for WF updates:

wildfire.JPG
BigPalo by L4 Transporter
  • 3286 Views
  • 5 replies
  • 0 Likes

Session timer getting reset for new syn packet

Hi,I got the following scenario.client -> Paloalto -> Server:1234The client initiates a tcp session to server always using the same source port and same sequence number (verified in packet capture). The session time out is the default 60 minutes. The client sometimes looses network coverage and initiates a new sync (with same source port a...

livewire by L1 Bithead
  • 5502 Views
  • 6 replies
  • 0 Likes

VRRP on routers connected to Palo Alto Firewalls

I have 2 Palo Alto Firewalls each connecting to Peplink Balance 310x routers. HA is configured between the two Balance 310x routers. What I am trying to achieve is communication between these 2 routers via the 2 FWs. The HA (VRRP) interface is in the untagged VLAN on the router. It is Layer 2 between the routers and FW's. I have the FW interface...

nickvardy76_0-1625050522210.png

Seeking palo troubleshooting advice

Im involved in a project to migrate away from old asa firewalls to a palo solution. The process has gone well but myself and peers are stumped with an odd issue and looking for troubleshooting advice.We have a number of https hosts in a dmz, nat'ed to be available to the public internet. systems from all over the world can access these https hos...

MikeB by L1 Bithead
  • 9901 Views
  • 12 replies
  • 0 Likes

Resolved! Failed to fetch ingest/query FQDN for customer (curl failed)

Hi Team, I'm trying to onboard one of our firewals to the Cortex Data Lake. It has the logging service license and when I put in the onboarding PSK and click status, I get: Failed to fetch ingest/query FQDN for customer (curl failed) I've tried - Giving the firewall an NTP server- Removing and re-adding the license- Manually fetching the certifi...

Minemeld - Intune

Hi Can anyone advise if we can use the O365 feeds to incorporate Intune access? Looking at the O365 external lists that the firewall is retrieving from Minemeld, they doesn't seem to cover all the URLs / IPs required for Intune managed device access (as defined in the Microsoft doc). Kind regards Terry

sequence numbers in log forwarging is becoming out of sync

Dear community! From time to time one of our firewalls stops forwarding logs to Panorama. We stop/start the log forwarding process as suggested in this link:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFCCA0 We are the reasons that could cause the Panorama to lose track of the sequence number of the logs being forw...

Carracido by L4 Transporter
  • 3280 Views
  • 2 replies
  • 0 Likes

Workflow LDAP Server profile

Hi Expert , I would like to know when we have multiple-AD-Server on the same domain or multi-forest I would like to know on LDAP-profile when config all server such as limit of 4 server list it will connect all server available list concurrent or following sequence object on LDAP-profile Please suggest me Thank

Resolved! Save named config

I am fairly new to Palo Alto so please forgive me for asking dumb question. With respect to backing up config before upgrade, if I save it as 'mybackup.xml' and something goes wrong with upgrade and I import it back in to restore, does the Palo Alto replace the running-config.xml file with my 'mybackup.xml' automatically ? Also what is the diff...

application any not actually "any"

I have a simple virtual wire installation here, just testing policies. I have a policy that is:source: insidedestination: outsideapplication: anyservice: application default I attempted to connect to gmail through Outlook with IMAP and was being blocked. Logs showed application of "insufficient-data" and "incomplete" with session end reason "t...

2021-06-29 11_24_11-fw1.png
GMTPaul by L1 Bithead
  • 5502 Views
  • 7 replies
  • 0 Likes

Bandwidth limiting - QoS - multiple networks

Good afternoon, please support, I need to configure and limit the bandwidth of the Internet output of a pair of networks coming from a LAN Trust interface. -Interface 1/1 is the outgoing WAN interface to the Internet.-The segments 10.79.25.0/24 and 10.79.26.0/24 come from the Trust interface, LAN 1/13.-Internet access must be limited by securing...

Metgatz by L4 Transporter
  • 4107 Views
  • 3 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks