General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

HIP Check for Machine Certificate

Hello,I've been unable to get my HIP check to work when checking for attributes in a machine certificate. Other HIP checks do work. I'm using my root cert for the Certificate Profile. I don't have/use a intermediate cert as this is a lab. Some of the things I've tried.1. I configured a certificate profile with the root cert.2. Portal > Ag...

Sofware Upgrade broken? "An active license is required for this feature"

I have a bunch of PA440s and some of them cannot be upgraded as I keep getting an "An active license is required for this feature" message when clicking on Check Now under Device > Software. Device is correctly licensed and activated on the support portal, NTP is activated and sync'd. Dynamic Updates can be retrieved from the Cloud but PAN-OS...

pcolomes_0-1653273748081.png
pcolomes_0-1653273908206.png
pcolomes_1-1653273972495.png
pcolomes by L0 Member
  • 25060 Views
  • 13 replies
  • 1 Likes

QOS Not Working Propely

Hi Friends, We have a customer experiencing issues with QoS. After enabling QoS, a noticeable reduction in internet bandwidth was observed. Although QoS was configured correctly, the bandwidth dropped from 25 Mbps to 14 Mbps on a 30 Mbps link.To test this further, we removed the QoS configuration and performed a speed test using an online tool...

Virtual routers Impact

Hi Team, if we create extra virtual routers does it impact CPU/RAM utilization i paloalto?Also do we need manually assign CPU/RAM allocation for newly creating virtual routers in paloalto ?

Resolved! Unable to launch application when terminal server agent is installed

We recently installed the terminal server agent onto our Citrix environment. As soon as I installed it, we had reports that users were unable to launch our VoIP software called Avaya One-X Communicator. It crashes immediately after launching it. As soon as I disable the PAN Terminal Server Agent service users are able to launch it without issue....

kegeorge by L0 Member
  • 5325 Views
  • 3 replies
  • 0 Likes

PCI Compliance - 86476 Web Server Stopped Responding

First time in years, getting this failed result to a PCI scan. 86476 Web Server Stopped Responding. Their tech suggests it has something to do with my PAN WAF/IDS and they have a bunch of IP addresses/ranges that I can whitelist. I find this odd as I've never had to whitelist them before and I've passed many many scans prior to this. How do ...

cenders by L3 Networker
  • 1681 Views
  • 3 replies
  • 0 Likes

Resolved! block the tiktok application

Dears, I want to block tiktok traffic in my environment. i observe in the traffic logs the firewall is not detecting the tiktok application traffic even i applied SSL forward decryption also the firewall is detecting application as a SSL and web browsing.For this I block the tiktok application but still users are able to access tiktok. Is there ...

upload and download speed issue

Hi, We are using PA820i have a isp connection of 700mps up/down.and i have an internal server that can access from public and the domain is pointed to the public ip.the internal server is in my dmz zone and isp is in untust only untrust interface is configured with Qos.and dmz interface has no Qos configured.when i check the speedtest i see it s...

I cannot delete a virtual wire interface

Hello, I've already looked at similar topics here, but it did not help me. I'm supposed to set up a DHCP server on ethernet1/2 and to do it, I need to set up ethernet1/2 as a layer3 interface on the CLI first. Initially, I tried these commands: Set network interface ethernet ethernet1/2 layer3 ip 10.xxx.yyy.zzz set network virtual-router...

Moving interface configuration and sub interfaces to another interface on same firewall

Hi, I want to move all interface from a 1gb port (1/2) to a 10gb port (1/8) what is the quickest way to do this. Is there a bulk move or clone interface option within the GUI? Model PA-5220 Software Version 10.1.14-h10 Not using Panorama. Have just tested but unable to configure the new 10gb interface as it uses the same IP details as the 1gb....

Resolved! proxy-id information through CLI -IPSEC Tunnels

To all, I have multiple tunnels on PA 850. It was difficult to see through which tunnel specific traffic was sent. I tried "show vpn ipsec-sa" it gave me only Peer IP addresses but not proxy-IDs ( interesting traffic permitted through tunnel). is there any CLI command which can tell not only local peer and remote peer but also permitted encrypti...

DNARNI by L0 Member
  • 15819 Views
  • 6 replies
  • 0 Likes

Problem with dynamic update Failed to download file

Hi, I have a problem with dynamic updates. I see new content version or antivirus, but I cannot download it with message Failed to download file. Ping to updates.paloaltonetworks.com and downloads.paloaltonetworks.com is working.Service route is Use managment interface for all.

Resolved! Traffic hitting policy rule it shouldn't

Hi, PanOS 9.1.0I need to block traffic to certain websites and domains.I created a URL Category object and put just one site inside (example.com).I then created a firewall rule like this: Source zone: LANSource address: anyDest Zone: WANDest address: anyApplication: anyService/URL Category: my URL Category ObjectAction: ALLOW (I put it on Allow ...

TACACS authentication with Cisco ISE not working

Hello, I would like to ask currently I have two firewall that needs to be configure TACACS. One of the firewall is working fine and I'm able to login using my credentials from ISE. However, another firewall is not working for the TACACS authentication. I have followed the same steps based on the working firewall. Below here is the error I got ...

fhassan by L1 Bithead
  • 2098 Views
  • 1 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels