This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Change speed/duplex on 10G SFP port for PA-5220

Hello, Is it possible to hardcode speed/duplex for 10G SFP port on PA-5220 device? i am getting below error: >set network interface ethernet ethernet1/5 link-speed 10000 link-duplex full Error: Server error : ethernet1/5 -> link-duplex 'full' is not a valid reference ethernet1/5 -> link-duplex is invalid I have gone through the article...

skanani by L2 Linker
  • 13900 Views
  • 4 replies
  • 0 Likes

Policy not matching actual traffic

Hi All, I have a security rule to allow ip "A" to ssh to ip "B". I can see the traffic actually hitting the fw but it gets dropped with interzone-default. The test policy match also verifies that it matches the traffic. IP "B" is actually the firewall. And IP "B" is nated like this: original packet source IP "C", original packet dest ip "A", tr...

olloczky by L1 Bithead
  • 5654 Views
  • 3 replies
  • 0 Likes

Why tcp aged-out?

Hi all,Our developers are connecting from Zone1 to Zone2 with tcp (on ports between 2000 and 3000)The tcp session timeout on firewall is 3 hours.The security policy allows any application, any port from Zone1 to Zone2. But there are all default security profiles applied on that rule.When going to Zone2, the source IP is NATted to the firewall in...

Global protect Notification

Hi, When I connect global protect Gateway. Once is connected I received this notification.I have check the internet connectivity it's working fine. Can you please let me know how to avoid this notification

Joshan_Lakhani_0-1614493398995.jpeg

Need help with logging in case of App-Id

Hi, I have below rule in my Palo Alto and another default rules which are Intra-zone and Inter-zone.Source: 10.0.0.0/8Source Zone: TrustDestination: AnyDestination Zone: UntrustApplication: ssl, web-browsing, dns, Facebook-base, YouTube-base, etcService: Application-defaultAction: AllowLog: At session endI am trying to understand behaviour of Pa...

Resolved! IKE and IPsec Encryption and Authentication Parameters for Site-to-site IPsec VPN

I was configuring a Site-to-site IPsec VPN and I was having a hard time matching my Encryption and Authentication parameters. The remote end device is Huawei Eudemon 1000E and my local device is PA-800. I have finished the configuration both sides by picking the closed parameters(I suppose) which I presume would work to get the tunnel up and run...

PMO-Side.JPG
MOFA-Side.JPG
sisayfe by L1 Bithead
  • 8410 Views
  • 2 replies
  • 0 Likes

Resolved! FWs not sending logs to Panorama, logs show constant disconnect

Woes with RMA M-100 continue. Sometime yesterday logs stopped showing up on our m-100 and no idea why. It was working after we restored the configuration but stopped yesterday. I can push policies to the FWs and as far as they can tell they are forwarding logs to Panorama but I simply don't see them there. I cannot manage the firewalls from...

drewdown by L4 Transporter
  • 8431 Views
  • 4 replies
  • 0 Likes

GlobalProtect and RDP

Hi All, I have made a change to our GlobalProtect app config to cater for RDP connections by amending the "User Switch Tunnel Rename Timeout" value to 60 seconds. I was hoping to be able to confirm this setting had been applied to the GP clients via the registry as I understand this value can be added manually mentioned hereApp Behavior Options...

IanBroadway_0-1614336060587.png

Resolved! Is it possible to write a rule matching any IP ending in .xx

Hi all,I have a question, is it possible to write a rule that matches only a part of the IP address? For example match any IP ending in .51? Using wildcards this would be *.*.*.51Put another way, i would like to match all IP's that are x.x.x.51 where x is any number. Someone in our teams suggested using 0.0.0.51/32 but this does not work, altho...

Saqib by Not applicable
  • 8111 Views
  • 8 replies
  • 0 Likes

How to add static routes on panorama M-600

Hello , We have M-600 Panorama device and we need to get 2 seperate networks :MGT : for firewalls administration and to receiving logs ( this network is isolated from internet)Ethernet 1/2 : a new interface just to make panorama reach internet for updates. the problem is that i can't specify route to internet through ethernet1/2 next hop. any id...

Elwess by L0 Member
  • 2315 Views
  • 1 replies
  • 0 Likes

opcmdhistory log missing in PanOS9.1

I noticed that the “opcmdhistory” log disappeared in Panorama after upgrading to PanOS9.1.It was there in 9.0 and previous versions. Do you know why it changed and if the information is in another log file? I was using it for troubleshooting and detecting cli commands executed by other users.

batd2 by L4 Transporter
  • 1894 Views
  • 1 replies
  • 0 Likes

Min. required PAN-OS version on Firewalls with PANORAMA 9.1

Hi, I found the knowledge base article which PAN-OS versions are compatible to which PANORAMA version. For the newer PANORAMA 9.1 the informations are missing which PAN-OS versions are supported. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRrCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArt...

maxthoma by L0 Member
  • 3016 Views
  • 2 replies
  • 0 Likes

Resolved! Getting LDAP Error

Our client is having issues with LDAP connectivity.We are trying to configure "Group Include List" in the Group Mapping Settings in User Identification but when we click on the Base DN to browse available groups, we get "Connect error". Same thing showing on CLI: PA-850-1(active)> show user group-mapping state allGroup Mapping(vsys1, type: ac...

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks