This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4106 Views
  • 0 replies
  • 0 Likes

Traffic takes different routes depending on application

Hi community,I am facing a weird behavior that is driving me nuts.I have 2 sites linked by a Leased Line (zone L3-GW-InterDC) and an IPSec tunnel (zone L3-VPN) as a backup. 2 static routes are therefore configured, with different weight and path monitoring. I don't use PBF in this setupEverything works fine, except for this traffic between 2 hos...

FlowBank-IT_0-1610986904030.png

Resolved! Clientless VPN not displaying page content when using any browser

Hi, We have set up a clientless VPN trying to access a server with AIV Hub on it (this provides a customer portal). The VPN works fine and we can log in and see the application.The URL for the application is http tcp port 8080 so it has been written as http://x.x.x.x:8080/aivIf I click on the app a new browser tab opens but the page does not loa...

Detect ipsec vpn tunnel down with remote palo alto peer

PA5020/PAN-OS 7.1.10 I am trying to develop a NAGIOS check to get an alert , when a vpn tunnel between PA's at different locationsis down. So far I have been looking at the ifup-status of the corresponding tunnel interface at the local firewall. It turnsout that this is still up , even if the vpn tunnel is down. From the local firewall, this c...

Default interzone deny rule showing Allow traffic logs.

Default inter zone deny rule showing Allow traffic logs. There are expected deny logs but some requests are getting allowed by hitting default interzone deny rule.Very Strange behavior and we have already verified the Rule and its actions, it is configured to deny traffic from any to any. Please share if any thoughts on this....

Unable to connect to pool.ntp.org

HiI have a problem with the NTP sync. When i make a "show ntp" NTP state:NTP not synched, using local clockNTP server: asia.pool.ntp.orgstatus: rejectedreachable: noauthentication-type: noneNTP server: pool.ntp.orgstatus: rejectedreachable: noauthentication-type: none But my mgmt interface is alow via policy rule to use ntp. I am able to ping th...

shared folder in clientless VPN

Dears, Is it possible to configure the shared folder in clientless VPN?Example:- I have one file server and i want to give access to users via clientless VPN. please share any documents for configuration.

Resolved! Active Active BGP AS Number

Have a Active/Active spit data center solution and question has been brought up if it is possible to use different AS numbers on each of the Palo's. My thinking is why have Active/Active, just use each Palo as a separate individual firewall at each DC. I'v never seen Active/Active Palo's having separate BGP AS numbers. It looks like it is possib...

Resolved! SSL Decrypt does NOT work with TLS 1.1 or TLS 1.2

Hello,I'm running a cluster of PA (4.0.8) with SSL Decryption configured.SSL Decryption is not able to decrypt SSL traffic if the HTTPS session is using TLS 1.1 or TLS 1.2.Test with www.gmail.com Chrome : OK (see gmail application in the traffic log)Firefox : idemIE 8 or 9 with TLS 1.1 or TLS 1.2 DISABLED : idemIE 8 or 9 with TLS 1.1 or TLS 1...

licenselu by L4 Transporter
  • 21127 Views
  • 21 replies
  • 0 Likes

Palo Alto PA-3020 Won't Boot

I have a Palo Alto PA-3020 that I got from work a few months back, it was pulled in working condition a few weeks ago, but when I power the unit on the power LED lights up and the fans spin, but no other lights are on. I tried connecting to the unit via console but I can't seem to get console output, I've tried multiple USB to serial adapters bu...

Resolved! SSL Decryption and Security profiles

Hi I have a question . Currently PA 3020 cluster we don't have ssl decryption enabled . We plan to do it in March However , if we enable all other security features like AV,Antispyware File blocking , Vulnerabilty Protection , Wildfire etc , it wont be fully effective as all these Security profiles cant see what is going inside SSL unless we ...

add new local log collector in collector group

We are using standalone M-200 for 5 locations firewall and created collector group with single local log collector of M200. We are deploying our new M-200 at another location and it will be in HA with our existing M-200.This new M-200 will be Active-Secondary panorama and we will add local log collector of it in existing collector group. So in e...

Deepak_K by L3 Networker
  • 1824 Views
  • 1 replies
  • 0 Likes

Layer 2 sub interface with vlan is not working

Hi all, I am trying to configure palto interface in layer 2 mode as trunk and Vlan interface as SVI. Interface interface type IP address Tag Vlan Sucurity zoneethernet 1/10 layer2 none none none Mgmt-Trust-L2I need t...

Resolved! IpSec Tunnel Up but not passing traffic

Hi all, I have "Inhand Ir611" Industrial Cellular Router and Palo Alto in office. I have configured Inhand router and i have reach to internet. Than i setup Ipsec Tunnels to my Office Palo Alto. Everything looking good after configuration and restart the device. I have check PA side. Tunnel Up and Ike Up i have two green dot in PA. But i can't r...

Lacrymae by L1 Bithead
  • 8462 Views
  • 3 replies
  • 0 Likes

Techdoc resources not appearing in Live Community search.

Hello, First, my assumption is Technical Documentation is the same as Techdocs. Here's my scenario. I'm working in Prisma Cloud testing a workflow. I click the help (?) at the bottom right corner of the page and navigate to Other Resources - Get Help. It takes me to Live Community. At the Live Community page I want to find two resources:Integrat...

JBrooks by L1 Bithead
  • 5635 Views
  • 4 replies
  • 0 Likes

alert action or default(alert) - No logs seen

Hello , I have created an Antivirus Profile The action i have set is Alert and not default(alert) . Similarly Wildfire Action in AV profile is also "Alert" However when i see Threat Logs and filter by ( subtype eq virus ); i cant see any log I can however see logs for subcategories spyware and vulnerability Also , i cant see anything Wildf...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks