This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

NPTv6 seems bugged (PAN-OS 9.1.9)

Hi,we're running into an issue with IPv6 NPTv6 which we use to route traffic through IPS on PA.The address isn't translated as expected.We tried NPTv6 in 2 configurations, both translate the same. We either used:xxxx:xxxx:xxxx:ffe0::/60 -> xxxx:xxxx:xxxx:fff0::/60orxxxx:xxxx:xxxx:ffe3::/64 -> xxxx:xxxx:xxxx:fff3::/64In both cases we sent t...

Freaky by L0 Member
  • 2909 Views
  • 3 replies
  • 0 Likes

Knowledge sharing: Palo Alto checking for drops (rejects ,discards), slowness (latency) and counters using captures, global counters, flow basic etc.

Hello To All, I will create a short summary about how to do basic checks if the palo alto drops or slows down the traffic. 1. First the pcap capture on the drop stage will show if the firewall drops the traffic and after that we check why the firewall drops the traffic. If the issue is slowness doing a pcap capture in transmit and receive stat...

NikolayDimitrov_0-1619596411072.png

User-ID not populating after Microsoft patching - Warning

Hello All, Just wanted to post this in case anyone else ran into it. Microsoft release patches as they normally do, however there is one that might break user-id, June 8, 2021—KB5003671 (Monthly Rollup). There is a warning in the notes: After installing this or later updates, apps accessing event logs on remote devices might be unable to conn...

Using Authentication Policy and GlobalProtect with AAD SAML to prompt MFA authentication for Admin access to resources

We have new requirements to require MFA for administrative access to just about everything and have to put into place in very short order. “In addition to remote access, multi-factor authentication is required for the following, including such access provided to 3rd party service providers:1 All internal & remote admin access to directory se...

Split Tunnel Routing Config Help

Looking for some help on split tunneling.We are on PAN os 9.1.9 GP client 5.26, for our LAN we also use Cisco Umbrella to block sites.What I want to do is when GlobalProtect connects I want all LAN traffic going through the VPN traffic, and all Internet traffic from the client going through their end, not the VPNWhen I try and configure split tu...

PA-5050-Data plane showing high

Dear Team, Our Core firewall Data plane CPU reaching to 99% , When we checking the traffic logs some MS-SQL application getting high usage, and system logs are showing "dataplane under severe load palo alto". Pan os : 8.1.15-h3 ,Device : PA 5050. Kindly let us know any solutions for this. Reagrds,Vishnu.

VishnuPS by L3 Networker
  • 4806 Views
  • 6 replies
  • 0 Likes

Palo Alto Globalptotect intermitant PanGPS error 'network type is unknown network' that causes the HIP report to not be send every hour

Has someone seen an issue where the PanGPS log is saying "network type is unknown network" before failing to send the HIP report every hour? For info we don't use or have enabled Internal Host Detection as there no internal gateways and I see that there are no logs before that for DNS resolution, so the Globalprotect app does not try to trigger...

Resolved! IPSec VPN certificates

I’m very new to Palo Alto and testing things out on a home virtual lab on local computer. I’m trying to configure IPSec vpn between 2 sites using certificates. My problem is that when I export the certificate from PA-1, I cannot import it to PA-2 because I don’t know where FW-1 has saved it on the windows 10 pc being used to manage the firewal...

ldapjazz by L0 Member
  • 3892 Views
  • 2 replies
  • 0 Likes

Knowledge sharing: restarting palo alto processes , reboot , shutdown, factory default reset

In palo alto like any some things are fixed with an restart. 1. If the managment plane in the masterd log (for more about the Palo Alto logs and their meaning you can check https://live.paloaltonetworks.com/t5/general-topics/knowledge-sharing-palo-alto-general-logs-and-log-files-that-are/m-p/410110#M92552) you see there are issues with a process...

Storage V-Motion

Hello, Our Virtualization team Storage vmotioned all the VMs on a specific host and that included VM-Series Firewalls for NSX as well. Resulting that the firewalls pass 0 kbps of throughput and dropping all the packets. We were able to identify this by looking at the throughput of the firewall which was 0. Does anyone know why storage vmotion br...

ayazdani by L1 Bithead
  • 3171 Views
  • 2 replies
  • 0 Likes

Resolved! Unable to export certificates

PanOS 7.0.1 Tested with Google Chrome and Firefox v56 When trying to export a certificate from Device tab --> Certificate Management --> Certificates, no matter which export format I choose, nor which certificate I choose, nothing happens. Browser window just refreshes and reloads the certs page. Nothing is downloaded.Has this ever happe...

Incoming traffic being not logged on external IP

Hi Any help greatly appreciated. I have 4 internal IPs w x y and z that need to route out on one of my external IPs (1.2.3.4). And then I need the ingress traffic on 1.2.3.4 to be routed to w x y and z based on the incoming port number. I am also changing the incoming port to a standard internal port number.The out going NAT rule seems to fin...

Resolved! IPSec VPN routing across multiple tunnels

Hi folks/. I have a situaiton that is doing my head in, and I need some help. I have an installation which looks like this "A" end - Palo Alto Active/Passive cluster, public IP for IPSec VPN termination "B" End - Juniper SRX cluster, Active/Active with TWO IP addresses (separate links) for IPSec VPN initiation I have configured two tunnels from ...

darren_g by L4 Transporter
  • 16961 Views
  • 8 replies
  • 0 Likes

MAC addresses for HA interfaces

I have 2 virtual instances of PA-8.0 on a laptop in a home lab for learning purposes. High Availability is configured in Active/Passive mode with HA1 using the management interface and it is working but HA2 is failing to sync and complete initialization. The HA2 interface is red in the GUI and will not go green. I think this may be a problem ...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks