This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4447 Views
  • 0 replies
  • 0 Likes

Data Filtering timers and inner workings

Hello, Live Community! I've been using Data Filtering profiles for a while now and they work really well, but it has come to my attention that I don't really know some of the inner workings of it, specially today when someone asked me about it, so... Does DF work with timers? I mean, what's the time range for detecting a data pattern/regex/file ...

CMachado by L2 Linker
  • 3076 Views
  • 1 replies
  • 0 Likes

SolarStorm attack - Share your thoughts

Hi everyone, we know there is a lot of news about the SolarWinds supply chain attack (SolarStorm Attack), and we want to let you know that we are here to help and want to make sure you have all the resources and information you need. We put together a blog sharing all the different ways Palo Alto Networks can help you navigate during this time....

agalindo by L1 Bithead
  • 9607 Views
  • 7 replies
  • 7 Likes

active/passive BGP - Data plane VLANS

Hello, I'm doing an active/passive set up with BGP. I will have a router to a the active FW. I will have different router to the passive FW. The second FW will only have BGP peers up when the active FW fails. I am going to have VLANS for the HA 1 and HA2 links. Do I need to have the data planes (data port dmz interfaces) spanned across the FWs...

Jedi_D by L2 Linker
  • 2370 Views
  • 1 replies
  • 0 Likes

Resolved! Can't get traffic to GP VPN clients

I'm trying to figure out how to get traffic from my internal network to my GP VPN clients. At the moment I can't even ping the remote users. They can access all corporate resources without issue I just can't seem to get any traffic out to them. It seems I have this issue with any tunnel.xx interface. Is there something obvious here that I'm miss...

Resolved! CLI - view pending changes by user from CLI

Hi all - if I have a user account that is submitting changes via the CLI, is there a way to see all the changes made by a certain user? Also, is there a way to commit changes for a certain user only? The only "commit" operation I see from the CLI is 'commit-all' and it looks like I can specify what to commit by object type - template, template-...

Resolved! What is the best way to import a device state to an old device

Recently we faced an issue with one of the firewalls so we thought to replace with a spare one. we took the device state backup and imported it into the Spared firewall. It was running the same OS and same hardware. But It was NOT factory reset, it has the configuration and we didn't do it factor reset and uploaded the device state backup. but t...

vsingh by L2 Linker
  • 10147 Views
  • 8 replies
  • 0 Likes

How do I remove diffie-hellman-group1-sha1 from SSH on mgmt port? And how to push it via Panorama?

Hi,How do I remove diffie-hellman-group1-sha1 from SSH on mgmt port? I've removed the CBC ciphers, but my vulnerability scanner is still showing that diffie-hellman-group1-sha1 is still available for SSH. I'd also like to know how I enforce SSH server ciphers or other parameters on management ports via Panorama. I have about 60+ firewalls of var...

User ID v. UPN

We are moving to Office 365 and standardizing on UPN for identification. This required that we create a new UPN suffix for our AD domain. We decided to have our UPN match our email address format. Below are samples of each attribute format: FQDN for AD Domain: foo.domain.com NetBIOS Name: FOOImplicit UPN: username@foo.domain.comExplict UP...

mchaffin by L0 Member
  • 6376 Views
  • 2 replies
  • 0 Likes

Resolved! Palo Alto 7000 heartbeat backup icmp fail

Hello to All, From time to time the ICMP fails for the management connection between two firewalls model 7000 with 8.1.x version. The issue causes a failover but the 7000 firewalls have dedicated interfaces for HA and the management should be used only for Heartbeat Backup as described in https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-ad...

new Validation Check feature introduced in PAN-OS 8.1

Hello,We use centreon as monitoring tool and I get the next alert from palo alto devices PALO ALTO NETWORKS CONTENT VALIDATION CHECK SKIPPED BY USER 'CENTREON USER' FOR [CONTENT VERSION]" I found the next documentation about thishttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNs4CAG but I have some doubt about this che...

Resolved! M200 raid disk pair status stucked at 0%

To enable the disk A ,we have run the below commandrequest system raid add A1and after 5 min run below command :request system raid add A2 But disk is not enabled. Status is stuck at 0% since last 6 hours. How we can resolve this issue ?

Deepak_K_0-1612969567576.png
Deepak_K by L3 Networker
  • 3417 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect clients experiencing latency delays

Hello, Clients who are connected via GlobalProtect VPN are experiencing slowness with all their traffic traversing the VPN (ie.. Internet and Server access traffic).The latency is between 200-400ms for all the traffic regardless of whether its Internet based (to google) or server based (to our corporate servers). Can you suggest any troubleshoot...

Farzana by L4 Transporter
  • 16220 Views
  • 12 replies
  • 0 Likes

Resolved! GlobalProtect Gateway: can it share an IP used in NAT/Security Policies?

I have a working GlobalProtect setup right now using a single Portal on the district firewall, and a single Gateway on the firewall for the location I want to have access to. Currently, these are using dedicated public IPs that are not used for anything else, assigned to the public interface of the two firewalls. What I can't figure out from sea...

fjwcash by L4 Transporter
  • 11955 Views
  • 9 replies
  • 0 Likes

AE Interface down during failover

We recently had a failover event during a normal upgrade of the firewall (10.0.1 -> 10.0.4). The LACP aggregate interface on the Cisco switch / Firewall did not come up during this time, which resulted in a longer than expected outage. Powered down firewall to restore original firewall connection. We are using Active/Passive pair with PA-820....

Service route in panorama.

Dear Team, I have two interfaces configured in my panorama:1-management interface2 -ethernet1/1. for software and dynamic updates by default, my traffic is going via management interface. I want to change the service route through ethernet1/1 but I am not able to see any option to change the service route. below is the snapshot. can anyone help ...

Jafar_Hussain_0-1593346305511.png
  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks