This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4167 Views
  • 0 replies
  • 0 Likes

Resolved! VPN from two PAs to Azure with asymmetrical routing using BGP

We have two on-prem data centers connected with dual L3 EVC links between them on our core switches and we are using OSPF for routing. We also have PA firewalls deployed in each location and we are extending OSPF up to them. We are then connected to Azure over each of the PAs over an IPSEC VPN and using BGP and injecting the OSPF routes. If I di...

Session End Reason Unknown and Aged out for SSH traffic passing through IPS

Issue is:SSH establishes fine but once new attempt of a connection is made it cannot establish new connection. This disrupts the workflow of a automated application that sends files over SFTP throughout the day with the random disconnects. Packet captures on client/server do not show anything compelling but I do see TCP retransmits during the c...

martid28 by L0 Member
  • 4827 Views
  • 1 replies
  • 0 Likes

Resolved! Disable/Remove HA

We currently have a HA pair configured in a data centre and will soon be moving to a new site. For a seemless migration, we were wondering if there are any issues with or considerations we'd need to make if we were to disable HA and remove the HA config, reset and move the passive device to the new site to get it up and running, then move the de...

Ash2k by L2 Linker
  • 22173 Views
  • 13 replies
  • 0 Likes

Resolved! Migration from Physical to VM series firewall

Hi All , We are planning to move from on-premises to cloud .Currently we are having physical devices and we are checking possibilities how we can migrate to VM series firewall ? Do we need to do config manually ? or is there anyway we can export/import the config .If yes.. will it rake care pre-shared keys as well ?

deepak12 by L3 Networker
  • 6988 Views
  • 5 replies
  • 0 Likes

Resolved! Export traffic log form Panorama via CLI

Hi,We're using Panorama 5.0.x for collecting traffic log (which store the log at NFS Server), which I would search (or export) some old logs (around a year before).I get time out via WebGUI, and tried scp but it only return the log headersscp export log traffic max-log-count 1048576 end-time equal 2013/10/10@04:45:00 start-time equal 2013/10/10@...

Koala by L2 Linker
  • 7381 Views
  • 6 replies
  • 0 Likes

Users disabling GP through services.msc

Hi,We run always-on VPN. Our users have found they can disable GP by going to services.msc and disabling the service, then killing GP from task manager. Especially with everyone working from home at the moment this is quite a big deal and we need to find a way to prevent them from stopping the GP service (some kind of tamper protection similar t...

SARowe_NZ by L3 Networker
  • 13694 Views
  • 7 replies
  • 1 Likes

Resolved! IPSec tunnel initiation from specific IP

I need to have my IPSec tunnel initiate from a specific IP address on my outside interface. In the IKE gateway | local IP address field I can only select the outside interface IP/subnet and then the tunnel uses that default interface IP as the source. My outside interface has a whole subnet of IP addresses and I want to use a specific one not th...

Syslog listener to python script possible??????

Does anybody know how, or can offer some clues, as to how I could get the platform to call a python script to use an external API as a result of a syslog message. I know the syslog daemon passes the messages to Minemeld in JSON format, but what would be required to get minemeld to make an outbound call - ideally via script. The use case is s...

Resolved! Reason why the GlobalProtect session is disconnected

Hi Guys, Some of our users experience disconnects from our GP VPN. When it happens it always impacts a partial set of the clients not everyone. I would like to know a method in which I can determine the reason of the disconnection. In the Monitor-Logs-GlobalProtect tab I can only see the fact if a user is logged-out or logged in and authenticati...

olloczky by L1 Bithead
  • 17862 Views
  • 7 replies
  • 0 Likes

Resolved! PBF and ipsec

HQ Network and Remote Network location are always through MPLSPBF is configured with path monitoring for forwarding via MPLS and if mpls failstraffic will be through ipsec_1 tunnel according to pbf created in palo alto.How to configure in palo alto if both ipsec1 and mpls down so that traffic should pass through ipsec_2@jdelio @Remo @BPry

bit_byte by L2 Linker
  • 3984 Views
  • 3 replies
  • 0 Likes

Resolved! PA-3320 Session's Setup Alerts for session limits reached

Today we had a networking issue that was random and hard to track down. Turns out to be DDOS attack to our Citrix. Since the Dashboard on the GUI doesn't show the BIG RED OMG Light when your maxed we missed it for sometime.does anyone know how to setup Email alerts for sessions over a certain load. 20%.. 30%... 40%... AND 99%

PAlmart_0-1610051721540.png
PAlmart by L1 Bithead
  • 3538 Views
  • 1 replies
  • 0 Likes

Cortex XDR mismatch between version of agent and cloud console

Dear community, For some of the XDR agents there´s a version mismatch between the software installed on the endpoint and the one displayed on the console in the cloud. Example: I installed 7.1 and the agent´s window is showing the right version but in the console in the cloud the agent version for this endpoint is showing 7.2. Does anyone else h...

Carracido by L4 Transporter
  • 2298 Views
  • 1 replies
  • 0 Likes

delete ikemgr.log without impacting existing VPN tunnels

This file is getting too big for me and it takes forever to search for things in that file. I would like to purge/delete this file WITHOUT impacting existing VPN tunnels. I want to be able to debug VPN tunnels later on as well. 1- delete debug-log mp-log file ikemgr.log2- debug software restart process ikemgr Is this going to impact EXISTING V...

dtran by L4 Transporter
  • 5266 Views
  • 4 replies
  • 0 Likes

Resolved! Routing problem

I am configuring a new AP-850. MGT port works fine and I can access the Internet. Now, I configure ethernet1/1 to access the Internet. I also configure the routing. But can't ping 8.8.8.8. Do I miss something or how do I troubleshoot it?

pa-5.JPG
pa-6.JPG
boblin by L2 Linker
  • 6789 Views
  • 7 replies
  • 0 Likes

Resolved! Add production firewall to panorama

Hi All,We are using PAN Firewalls on 9.1.5We have 2 HA pairs both in production with around 100 policies on each and Global Protect on 1 pair. We have purchased Panorama VM and want to add the firewalls to Panorama. Now I did find some previous articles on this but not sure whether there is a tried and tested way. And would that work for firewal...

  • 24343 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks