This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4244 Views
  • 0 replies
  • 0 Likes

delete ikemgr.log without impacting existing VPN tunnels

This file is getting too big for me and it takes forever to search for things in that file. I would like to purge/delete this file WITHOUT impacting existing VPN tunnels. I want to be able to debug VPN tunnels later on as well. 1- delete debug-log mp-log file ikemgr.log2- debug software restart process ikemgr Is this going to impact EXISTING V...

dtran by L4 Transporter
  • 5298 Views
  • 4 replies
  • 0 Likes

Resolved! Routing problem

I am configuring a new AP-850. MGT port works fine and I can access the Internet. Now, I configure ethernet1/1 to access the Internet. I also configure the routing. But can't ping 8.8.8.8. Do I miss something or how do I troubleshoot it?

pa-5.JPG
pa-6.JPG
boblin by L2 Linker
  • 6828 Views
  • 7 replies
  • 0 Likes

Resolved! Add production firewall to panorama

Hi All,We are using PAN Firewalls on 9.1.5We have 2 HA pairs both in production with around 100 policies on each and Global Protect on 1 pair. We have purchased Panorama VM and want to add the firewalls to Panorama. Now I did find some previous articles on this but not sure whether there is a tried and tested way. And would that work for firewal...

VPN Problem - Ping from Loss

Good afternoon; Currently I have a PA-820 device which is updated to the latest version 9.1.1 of PanOS. Every time I am connecting to the VPN, the ping is lost after a few minutes. I'm checking and the VPN is still connected, even if I connect to a remote desktop before it goes down I keep the connection even after. But if I want to connect to a...

04-01--2021_17-01-57.png
04-01--2021_16-57-55.png
04-01--2021_17-06-09.png

Resolved! Change management ip of cluster nodes.

Hello, We have 3200 series HA cluster . The requirement is to change the ip addrrss of management interface of both the nodes.( Note we are not changing the ip address of panorama ) All the required rules and routes are in place .Can we change the ip address remotely while still logging through the management interface ( old ip). Via the command...

Problem accessing internet when install globalprotect Mac

Hi.I've updated my macbook to MacOS Big Sur. After that, I had internet issues. So, I uninstalled the globalprotect and the internet returned normally.Now, I installed globalprotect again and my internet is not working again. This problem occurred when I allow "System software from Palo Alto Networks was blocked from loading" in security and pri...

Condina by L0 Member
  • 2717 Views
  • 1 replies
  • 0 Likes

Migrating from 5060 to 5220

Hi, We are planning to migrate from 5060 to 5220 both should be in PAN-OS 8.0.7 releases.As per article at https://live.paloaltonetworks.com/t5/Management-Articles/Hardware-Migration-from-PA2000-to-PA3000-or-PA5000/tac-p/156354#M4307 taking device state from older platform and importing to the new one should work.Has any one done it and experie...

IKEv2 - Unexpected ipsec key delete event

Hi All, I'm a medior network engineer who just got into a new position where I deal with PA FWs. I face the following issue now: There is an IPSEC site-to-site VPN between my PA-850 (ver. 9.1.3) and a remote FW (I'm not sure about the remote device type). I see strange behaviours. Yesterday 3 pm the rekey happened. It finished with ikev2-nego-ch...

olloczky by L1 Bithead
  • 7340 Views
  • 2 replies
  • 0 Likes

I'm looking for a device concurrent connection number adjustment function through session management

HelloI'm using PA-5050 now. I am looking for ways to prevent multiple users from accessing the equipment at the same time through session management.I thought I could do it on the Device-session tab of the WebUI, but I don't think there are any related functions.If you haven't found it, I'd appreciate it if you let me know which menu you can tak...

Resolved! Don't see HA1 and HA2 ports

I am following this article "How to Configure High Availability on PAN-OS" to configure HA on our new PA-850. I don't see HA1 and HA2 ports. Or where I can configure HA interface?

ha1.jpg
boblin by L2 Linker
  • 7866 Views
  • 6 replies
  • 0 Likes

Kafka is using port tcp 9093 for private communication

I see Kafka streaming is using port 9093 but in the PA 5220 does not identify it as kafka (unknown TCP). the app-id DB is showing kafka with tcp port 9092. is there a way for PA to append it to kafka app ID ? I already added as a custom app but i think i am missing something since i still see it as a unknown tcp.

Resolved! Ubuntu connected with PA firewall (AWS instance) trusted network can't ping untrusted network

My PA-VM is AWS EC2 instance using software version 10.0.2. 10.20.10/24 is VPC's public subnet, 10.20.61/24 is VPC's private subnet. Ubuntu10.20.61.81 can ping 10.20.61.61, but can't ping 10.20.10.0/24 network. Ubuntu 10.60.0.100 can ping 10.20.61.61, but can't ping 10.20.61.81. I have allow 10.60.0.0/24 in the ubuntu10_20_61_81 Security Group.W...

Susan_Avxt_1-1608101823548.png

Panorama backup query

Hi Team Currently we have two Palo Alto Firewall & one "Panorama" but we are getting only Panorama backup. we want to confirmation whether Panorama having only panorama devices backup( Excluding Palo alto Firewall ) or its having including Palo alto Firewall. RegardsMohammed

Resolved! Using Python to perform a Commit/Commit-all on Panorama

I am trying to use a Python AWS Lamdba function to commit/commit-all changes after the lambda function has made the appropriate updates to the Panorama. My problem is that the commit-all API call happens too soon after the commit API call and the commit-all does not have any committed changes to process. How can I wait for the commit job to com...

Resolved! Remove devices form the customer portal

Hi there, We have several older model devices that we no longer use in production so I wanted to remove them from the customer portal. I don't see an obvious way to do this so I wanted to put the question out there. How do I/ can I even, remove devices from the customer portal?

Jamesy by L2 Linker
  • 7225 Views
  • 3 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks