This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

IKE SA negotiation is started as initiator, non-rekey

Hello :),I have a problem with VPN from PA-220 to Azure. The logs show this information : "IKEv2 IKE SA negotiation is started as initiator, non-rekey. Initiated SA " Every change I made it always is this same error. Is there any way to resolve this issue ? Thanks in advance 🙂

Lukaszm1 by L1 Bithead
  • 52826 Views
  • 9 replies
  • 0 Likes

System Logs

Hi, Do we have any list of critical and high severity system logs? Like what are the examples of hardware failures, serious issues etc...

user-id-agent-sequence is invalid.

Hi Team, I'm seeing configuration invalid when I remove user-id agent from palo alto firewall and not able to commit. PA-220 PANOS version 8.0.3. Same model firewall I have removed I can able to commit. Only in this firewall, I'm seeing this issue.

Screenshot (500).png

Total number of profiles

Hi, We have the problem with the total number of security profiles.As you can see in attached screenshot the maximum number of profiles is 100, for now we have 84, but when I tried to add new one I get the capacity error. Maybe someone had the same problem.Model - PA-820

Resolved! Packet Flow Query - FW Inspection

Hi Everyone, I've been madly studying the Packet Flow Diagram that outlines the different checks/stages that a Packet goes through via a PA FW and I had a question with the 3rd check in the Ingress phase called 'FW Inspection applicable'. If Inspection is applicable then it carries into the IPSec/SSL VPN tunnel check but if Inspection is not app...

Resolved! implement the PA External Dynamic List (EDL) IP/Domain blocklists

Hello, we have an existing opened case PA case (01865541) but having trouble and delays in getting connected with PA engr. Hence, am trying my luck here in Live community. My customer is preparing to implement the PA External Dynamic List (EDL) IP/Domain blocklists on our PA, but it is not able to retrieve the EDL from server URL. QUESTIONS:...

User ID and AD

Hi,I am trying to configure User ID with Active Directory. But stuck with some errors, listed below :1) Unable to retrieve the Userid IP mapping information from Active Directory (win 2003 Sp2).2) After installing the User ID Agent and configuring... when i click the commit button in User-ID Agent the Agent is not responding and hanging. (In Wi...

Resolved! VPN CLIENT GLOBAL PROTECT, MANAGED WITH LDAP GROUPS

Hello, I have a problem.I just inherited a palo alto firewall.I noticed that given a specific certificate and given the global protect client, every user of the ldap server can connect to the vpn.I would like that only users in specific ldap groups could enter.Let's say the groups come from active directory."domain"\user_group_allowed"domain"\us...

No Source User

After the .NET/User ID agent issue last week we upgraded the agents and managed to get our UserID mapping back so our firewall policies would work again. At this point I have user > IP mapping, all of my agents are connected and my user based firewall policies are working. The issue we see now is even though UserID is working the firewalls ar...

mmeehan by L2 Linker
  • 3095 Views
  • 2 replies
  • 0 Likes

Resolved! Global Protect pre-logon and user IP Pools

I'm wondering if anyone can help. We have global protect setup and i want to use the same IP Pool for pre-logon user's, and once authenticated have that same IP pool used for the user. So when i am setting this up in the client settings area of the Global Protect gateway area, i would like to add a pre-logon profile with a pool, then add the use...

Active Active High Availability

Hello Group, I have done migration from Cisco ASA Firewalls to Palo Alto Firewalls. In Cisco ASA Firewalls, I was using multi-context (there were two contexts, Context-A and Context-B). Context A was active on Firewall-1 and Context-B was active on Firewall-2. Once Firewall-1 goes down, Firewall-2 will be active for both Context-A and Context-B....

Resolved! Access to Internal Web Site Through pfSense VPN

Hey Community:I am in the process of rolling out GlobalProtect, but until I do, i have to continue to use a pfSense OpenVPN that was already in place before the Palo was deployed. The problem I am running into when i connect to the pfSense VPN i cannot browse to a web server that sits on server 192.168.130.221. I can ping the host just appears t...

collector group with redundancy not working properly

we have configured Panorama M200 in HA , configured managed collector with local log collector , configured collector group and added local log collector of both panorama, redundancy is enabled in collector group (log forwarding preference is not configured. Above configuration we have done to store same logs on both local log collector and ena...

Deepak25_0-1623763316613.png
Deepak25_1-1623763766133.png
Deepak25 by L3 Networker
  • 6413 Views
  • 8 replies
  • 0 Likes

Resolved! disable redundancy in collector group

We want to disable redundancy in existing collector group configuration due to less available space for logging one year logs. In our setup we have M200 in HA and configured local log collector in both Panorama. Configured collector group and added both local log collector in same collector group. Enabled redundancy to store copy of same logs i...

Deepak25 by L3 Networker
  • 3974 Views
  • 2 replies
  • 0 Likes

WF-500 Can custom Image

Hi Expert , I Would like to know about WF-500 can customer Image and Import to Appliance? Because the predefined image is not related to versions on the existing environments such as office and adobe. Thank you

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks