This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4220 Views
  • 0 replies
  • 0 Likes

Resolved! Client-to-Site IKEv2 IPSec without GlobalProtect

Hello, I am totally new to Palo Alto and trying to set up VPN connection from Android Strongswan VPN Client app to Palo Alto without GlobalProtect. I have requirement so client's IP is unknown and can be any public IP. At the moment IPSec tunnel is UP but I always setting error on client side: "setting up TUN device failed, no virtual IP found...

kemeris by L1 Bithead
  • 3484 Views
  • 6 replies
  • 0 Likes

Resolved! LDAP auth for the WEB UI access clarification

Hi All, Why do we need step 3 mentioned in the KB below for the WB UI authentication with LDAP?:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGuCAK Why do we need to create a local user? Won't Palo be an LDAP proxy (grabbing username/password and verifying it against LDAP server database)?

LDAP.PNG
myky by L3 Networker
  • 9380 Views
  • 8 replies
  • 0 Likes

PVLAN

Hello. I've been trying to use PVLAN with palo alto. I have two isolated host which are on the same subnet and wanted them to communicate through palo alto. I was able to manage with a switch using local proxy arp but from what I've searched palo alto doesn't have that feature. I see the arp packets from host A going to palo alto but since the d...

Custom Logs / Path Monitor Alert

Hello! I may be trying to do something impossible, but it seems like the configuration elements are all there. We have a static default route to our ISP that is set with path monitoring so that we failover to a backup route when the gateway is unreachable. We are trying to figure out a way to be emailed when the path monitor fails. I have ...

ECMP breaks secure email access.

Hi all, while using ECMP for the last 2 years without any issues using 3 ISP's with different weight and enabling Symmetric Return and Strict Source Path, I found that some sites with authentication access and Proofpoint secure emails access are being timed out because of their sensitivity of the source ISP change during the session. In most of...

SShnap by L3 Networker
  • 2170 Views
  • 5 replies
  • 0 Likes

The PA-220 is unable to boot into the system.

As stated in the subject, I encountered an error during boot-up. The details are as follows:SPI ID: ef:40:18:00:00header found at offset 0x1d80Image 1.2: address: 0xffffffff81000000, header length: 192, data length: 8160Validating data...Starting next bootloader at 0xffffffff81000000SPI stage 1.5 bootloaderSPI ID: ef:40:18:00:00Header 1 found at...

Custom URL Issue

Hi all, I had an issue where a client created a Custom URL category with multiple of URLs and added it in a Security Rule, all of the URLs specified in that custom category is matching except one URL with wild card such as *.sometechnologies.com. I'm using the command >test custom-url url <MyURL> to check the match but for only one url ...

Creating tunnel monitoring profile between PA-3220 to Meraki SDWAN Cisco

Hi Friends, Our end customer wants to set up tunnel monitoring profile between a PA-3220 firewall and a Cisco Meraki SD-WAN device. Although an IPsec tunnel has already been established between the Palo Alto and the Meraki SD-WAN, we need to determine whether failover will occur automatically if one tunnel goes down, or if tunnel monitoring ne...

GlobalProtect 6.3.3

Our vulnerability scanner for the last couple weeks has been reporting vulnerabilities for GlobalProtect that are remediated with an upgrade to 6.3.3, but other than the vulnerability acknowledgement from PA mentioning it I do not see any evidence of 6.3.3 being released. The latest version I see in the "Software Updates" section of the customer...

C.Osborn by L0 Member
  • 8796 Views
  • 6 replies
  • 2 Likes

Other Administrators are holding device wide commit locks

Hi Guys, i have actually the problem that i cant do any commit, there are two pending commits and if i try to commit the following message appearing: "Error Other Administrators are holding device wide commit locks". Even when im logged in as the administrator who did the commit the same message appears. The Administratoraccounts are supperusers.

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks