This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Device groups out of sync for multiple firewalls

After importing a new firewall into Panorama all of the other firewalls are now showing out of sync. I believe it's because the box was checked that says "import devices shared objects into panoramas shared object context". When I tried to push to devices, it fails on all the devices. It's unable to parse the policies. It's saying an object is m...

Slade34 by L0 Member
  • 2576 Views
  • 1 replies
  • 0 Likes

SYSTEM ALERT : high : Not enough space to load conent to SHM after upgrading PA820 to PanOS 10.0.3

Dear all. I upgraded last night to PanOS 10.0.3 and this morning I'm getting error messages from the firewall: SYSTEM ALERT : high : Not enough space to load conent to SHM admin@xxx> show system disk-spaceFilesystem Size Used Avail Use% Mounted on/dev/root 9.5G 2.7G 6.4G 30% /none 2.0G 68K 2.0G 1% /dev/dev/sda5 19G 4.1G 14G 23% /opt/pancfg/de...

Tunnel interface show "Red"

Hi,As iam facing the issue with Passive firewall as interface status show "Red" Moreover Tunnel monitoring is already disable still it's show red. As on the active firewall the it's show green,Can you please advise.

Joshan_Lakhani_0-1616928688768.png

User-id redistribution not working

I have user-id successfully configured on a fw, and i am trying to redistribute these mappings to panorama We are using the integrated Panos agent, i have created the the user-id collector name/pre-shared key on redistribution tab of the User-id Agent Setup; and configured those credentials on the Panorama's User-ID agents tab, via port 5007 B...

Will DoS Protection Block IP or Block Service of IP when Max Rate Threshold is Exceeded?

For the following scenario, will DoS block destination IP or block service of the destination IP? If a DoS protection policy include destination IP and Services to protect an internet facing server, for example source any destination 1.1.1.1 service UDP port 80, then action protection, address destination-ip-only and a DoS security profile whic...

Shiling by L0 Member
  • 3335 Views
  • 1 replies
  • 0 Likes

Resolved! API call to panorama how to register DAG?

When registering IP's to Tags on panorama, do you have to specify a target or device-group or serial number in your call? How does that match/registration actually occur? Do you have to specify a "location device-group" in the call? <uid-message><version>2.0</version><type>update</type><payload><regist...

Sec101 by L4 Transporter
  • 5729 Views
  • 5 replies
  • 0 Likes

What is "'service':Off" in chassis.leds on PAN-OS 9.1?

Hi,I found out a new item in 'chassis.leds' on PAN-OS 9.1.There is not shown on PAN-OS 8.1.Anyone know what does it mean 'service':Off ?- v8.1>show system state filter chassis.ledsChassis.leds:{'alarm':Off, 'fans':Off, 'ha':Off, 'log':Off, 'status':Green, 'temp':Green, }- v9.1>show system state filter chassis.ledsChassis.leds:{'alarm':Off,...

Mt_103 by L2 Linker
  • 2308 Views
  • 1 replies
  • 0 Likes

NAT issue for accessing ICMC service from google

We have 4 production servers are accessing ICMC service which is hosted in following URL “pubsub.googleapis.com”, If all 4 servers in common NAT rule then there is a time-out error observed which caused ICMC service failure. We have tried change the rule from FQDN and category based rule but still time-out noticed , Application team escalated to...

gasin1 by L1 Bithead
  • 3134 Views
  • 4 replies
  • 0 Likes

Do PA have size limit for AV scanning (not size that upload to WildFire)?

Hi, I'm looking for reference document that clearly answer below question:1/ PA have file size limited for AV or not?2/ What file type that PA support or not support in AV scanning?3/ When PA need to forward file to scan on WildFire? Please give me the document related to those 3 topic.I try google for a long time But I can't find clear answer. ...

Global Protect Users Experiencing Telnet Disconnects

I wanted to see if I can get some help with some session termination problems that I am experiencing for Global Protect users. Our remote users connect to an on-prem ERP systems through telnet, tcp/23. I recognize that this protocol has inherited performance and security problems, but unfortunately that's what we are given to work with. The bo...

CCullhaj by L1 Bithead
  • 4594 Views
  • 3 replies
  • 0 Likes

Resolved! Convert VSD Juniper(Screen OS) configuration to Palo Alto

Hi team,We have a Juniper firewall configuration with 4 VSD(virtual security device) and we want to migrate that kind of configuration on Palo Alto.We have tried to migrate that configuration but we didn't find this capability on palo alto firewall.Does exist any similiar capability in palo alto?Thanks ,Regards.

Fjrubiab by L0 Member
  • 4121 Views
  • 3 replies
  • 0 Likes

Resolved! VPN Best Practices

I'm looking to make some modifications to Site-to-Site VPN IKE-Gateway/IPSec profiles and GlobalProtect IPSec Crypto Profile. For GlobalProtect IPSec, I'd like to switch from aes-128-cbc to GCM. I know GCM is more secure and has better performance but what I'm unsure about is if I need aes-256-gcm or is aes-128-gcm acceptable. For the site-t...

ce1028 by L4 Transporter
  • 7133 Views
  • 5 replies
  • 0 Likes

BGP configuration

I am looking to see the commands to check bgp configuration on palo alto 5050 Software version 8.1.14 We have that PA in our organization but i am new and trying to check why i am not able to learn a route 10.104.55.0/24 in BGP in PA 5050 I am learning 10.104.55.0/24 in the routing table.admin@SHA-FWPA01A(active)> show routing route virtual-r...

Need to export policy rule in excel format.

Hi, While exporting all policy backup in excel sheet as we need this all policy details with all fields in rules.As when I tried to export directly via console it gives only object name, not real ip address. So it is difficult to know which object has which ip address inside it.Please help us to get this all rules details in excel sheet.

PA-3220 Power Supply Air Flow Direction Optional?

As I have encountered and many others may also, when this unit was installed in a data center, the person did not follow hot and cold isle standards. Is there an option to replace only the power supply or type of fans to reverse the air flow? This would be much easier than unracking and recabling everything.

  • 24379 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks