This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience.

General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 489 Views
  • 0 replies
  • 2 Likes

Resolved! Password Profile

Hi Experts

 

We need to setup a password profile with the no expiry condition for the service accounts which has read only privileges. Version is 8.1

 

1. If we set the Required Password Change Period (days) to 0 days, does it mean it's expired (with 0 d

...

Live Community members - we want your feedback!

While we may operate the community from day-to-day, the Live Community is really YOUR community. Sure, we may have ideas about what might be helpful or interesting but since the community is yours and exists to help you, we ALWAYS welcome your ideas,

...

Resolved! Office 365 App-ID

Hi, 

 

We are in the process of implementing office 365. May I know what is the correct APP-ID for the below services? Please share if there is any best practice document for this. 

 

Microsoft Stream
Audio Conferencing
My Analytics
Azure Active Directory
Az

...

Resolved! HA Cluster Network Topology

Hi Everyone,

 

I'm new to Palo Alto and now I plan to deploy 2 Palo Alto 5250 in HA Cluster mode, each firewall take place in a Data Center. This two Data Center is in same City. That why I think HA Cluster suitable in this situation. These 2 new firew

...

QuangLe by L1 Bithead
  • 9020 Views
  • 8 replies
  • 0 Likes

Lot of non-syn-tcp

Hi Experts,

we have a lot (I mean a LOT :-)) of non-syn-tcp traffic on our PA5220 cluster. The PA is in an enterprise company. 

 

Are we sure that the non-syn-tcp means that there is an asymmetric flow? Let me give you an example:

 

1) Host A sends a SYN

...

paboy1 by L0 Member
  • 6913 Views
  • 2 replies
  • 0 Likes

Resolved! PA 5220 aho and dfa offload

Do i need to enable  aho and dfa or not ?

 

Running 8.1.9 on PA 5220

 

debug dataplane fpga state

aho offload not ready

dfa offload setup
Use software only

 

MP18 by Cyber Elite
  • 5733 Views
  • 7 replies
  • 0 Likes

PA and ASA n route mode

Hi,

I have the below topology  

PA and  ASA are in routed mode . 

The first question is the design is valid? 

I am facing a problem in this design 

ASA says the secondary is failed  ,primary asa says the secondary and dmz zone interface failed 

 

 

 

Thanks

pa-cisco.jpg
simsim by L4 Transporter
  • 1954 Views
  • 2 replies
  • 0 Likes

Secure web-GUI access for managment

Dears,

When i log in my firewall it is showing the connection not secure.

 

 

For secure connection login, i have gone through these documents and try to configure a secure connection for web GUI access.

 

How To Configure A Certificate For Secure Web-GUI

...

Jafar_Hussain_0-1606198282984.png

Panorama HA

Hi Experts, 

 

We've Panorama in HA mode running on 8.1 and due to some reason, secondary is now active. Once the primary is back, with the preemptive checked, primary is still passive. 

 

Can someone please assist why primary is still passive?

 

Note: pls

...

Global Protect issue with Windown server 10

The issue is that when I connected to a server through Global Protect, I can't connect to another server.
I have to disconnect from Global Protect and then connect to the desired server. So basically he can connect to one server at a time.

However, wit

...

Resolved! PA-2020 Update PAN OS 7.1.11 possible?

Good morning,

we have a PA-2020 with sw-version: 7.1.11

Can I update the software version to latest PAN OS?

We want to use SAML 2.0.

is there a way to achieve this?

 

kind regards,

Roland

 

warten mit Login admin / admin show system environmentals ----Thermal...

SD-WAN internet link (DIA) monitoring

I have a PA-220 with dual ISPs (WiFi and LTE). I tried to configure SD-WAN for direct internet access (DIA). Both gateways (routers from both ISP) are localy connected via ethernet. As far as I know, SD-WAN pings the gateway IPs to calculated the lin

...

Problem with routing of NATted reply packets over IPSEC tunnel

I have an IPSEC tunnel to another organisation, they have two endpoints at the other end on addresses which conflict with our networks.  We can just focus on one to keep it simple.

 

  • We have an IPSEC tunnel set up and passing traffic fine (tunnel.3 int
...

djr by L4 Transporter
  • 4102 Views
  • 3 replies
  • 0 Likes
  • 23715 Posts
  • 110 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks