This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Enable global setting preserve-prenat-feature for prenat user-id

Hi. I have GP and userid configured at Pan OS 11.1. I'm getting the message. Warnings: . vsys1 . Warning: please enable global setting preserve-prenat-feature for prenat user-id to be effective. I can not find anywhere in menu the mentioned global setting. What else should be done for the correct configuration?

userid.JPG

Ha2 is going down every 5 6 days .. .my palo version is 10.2.9.h11

I am facing this issue in my current palo alto where my palo alto firewall keep on flapping after evry 5 6 days like suddenly seconday device is getting active and after sometimes it is coming back to normal not always it is coming to normal sometime we have to reboot the primary firewall, when checked thew system logs and ( description cont...

Resolved! How to add/delete host keys

Hello,I was testing out different SCP servers to export logs from the PA firewall, but I got this message after my third SCP server:<user>@PA2050> scp export logdb to <user>@10.200.168.158:logdb@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @@@@@@@@@@@@@@@@@@@@@...

sonet by L2 Linker
  • 11945 Views
  • 2 replies
  • 0 Likes

Resolved! IKEV2 w Cert - Wildcard peer for DN does not work.

Can someone please give me the format you are using for the peer id using DN with a wildcard. CN= ?? I try CN=* CN=lab-fw-vyos-* The DN in the logs coming in from the peer is lab-fw-vyos-testsite when I try CN=lab-fw-vyos-testsite it works but I want to terminate all peers on this IKE gateway so I need a wildcard. Any ideas? Thanks, Nathan

NSutfin by L2 Linker
  • 1752 Views
  • 4 replies
  • 0 Likes

building a lab with PA-440 or VMs

Hello everyone, I have some knowledge about PaloAlto NGFW but now I intend to focus and get some certifications. For that I bought a PA-440 which runs 11.2.5 and I intend to buy a second one which doesn't have an active license and running 10.2.3-h2. Both are from ebay, so second hand. Looks like I'm gambling if I want to buy a lab license b...

No internet after changing ISP

PA-440, OS 10.1.14, Standalone We just changed the ISP, the static IP in interface (WAN), updated the Virtual Router as well, NAT, PBF, Security Policy was checked, IKE Gateway. But we couldn't browse the internet. The firewall management GUI is also accessible by the WAN interface Before (from the allowed host), but not now. If i revert the s...

Dars_Em by L1 Bithead
  • 2069 Views
  • 7 replies
  • 0 Likes

Resolved! Transferring assets from one CSP Tenant account to another

We have previously purchased and licensed a VM series firewall using our parent company tenant (Company A) and email. However, when comes to license renewal, we have purchased it under our child company (Company B). We would like to transfer the assets from our parent company (Company A) to our child company (Company B) so that we can manage t...

Resolved! how to whitelist Akamai downloads ?

How do yuo configure a correct FW rule to only allow downloads for a specific user from a specific URL, but the content is hosted on akamai networks ? I configred a FW rule with the URL of the server as FQDN in the destination field and allowed downloads but since the content is hosted on akamai, the FW rule is ignored.I don't want to give the u...

DaxVC by L2 Linker
  • 14758 Views
  • 6 replies
  • 0 Likes

Resolved! Proper "outside" interface configuration

Hello all!I'm facing an issue which brings me to ask what the proper configuration should be for an outside interface. Given the attached diagram and captures, do I have the correct outside interface (vlan.100) configuration? diagram Outbound traffic from the local users is being NATed to 194.204.1.6 Inbound web traffic from the Internet ...

if-cfg-question_202504151350.jpg
2025-04-15_14-15-22.jpg
2025-04-15_14-04-22.jpg
2025-04-15_13-52-51.jpg
relayer by L1 Bithead
  • 3089 Views
  • 5 replies
  • 0 Likes

ACME and SSL decryption

So i recently got wind of this: https://www.thesslstore.com/blog/47-day-ssl-certificate-validity-by-2029/ acme.sh and/or certbot takes care of the servers, but won't this break existing SSL decryption rules? Any strategies/workarounds for this? tia

Resolved! Clarification on http2 traffic and decryption

Hi all, I was hoping to get some clarification on http2 and firewall interaction. I understand that generally http2 works without issue as long as it's being decrypted. I also understand disabling inspection/decryption (Strip TLS ALPN) on http2 traffic can cause it to be downgraded to http1, thus defeating the purpose. But what if there's simp...

KGDrake by L0 Member
  • 3566 Views
  • 2 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks