This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Dynamic Address Group (DAG) PAN-OS / DAGPusher prototype

Hi guys, I'm trying to use the the DAGPusher prototype but, unhappily, I'm dealing with some problems. May be some of you could help me with it. My scenario: I use a generic miner to extract IPv4 (/32) from a specific location (that is working). Then it is sent to the DAGPusher node (that is working). Now I want to push them to Firewall/Panorama...

How work App-id when trafic is not inspected

Good morning all,I have a question regarding the relationship between Appid and Ssl Decryption. How can the Fw recognize an application when the traffic is not inspected?Example user request https://www.youtube.com/watch?v=2zB2jiCxxuQ. What is the Fw going to see? The source ip, the destination ip for www.youtube.com 142.250.74.238 the Fqdn www....

IPSec SA rekey failure

Hello,I am not an expert on IPSec and its terminology, so I apologize if I write something inaccurate, but I try to do my best. I have an IPSec s2s tunnel between Palo Alto PA-220 and Mikrotik RB4011. The RB4011 is behind NAT so it initiates the connection, Palo has a public IP. The tunnel works, but from time to time the rekey of IPSec keys pro...

ipsec_failure_1.png
ipsec_failure_2.png
jjurica by L0 Member
  • 16387 Views
  • 2 replies
  • 1 Likes

Traffic logs not shown the recent logs for particular source IP

Hi Guys One of our customer facing issue that unable to see recent traffic logs for particular source and destination in gui. But we could see the live session on cli by the command "show session all filter source 192.168.x.X destination 172.17.X.X". Session working as expected. but we need to see the traffic logs on gui. restarted the mgmt serv...

Issue with traffic on specific proxy id

We have VPN between Palo Alto and Cisco FMC/FTD.There is user and server traffic on VPN. VPN status is stable. I don't have any user complaining about disconnection.But I am seeing disconnection on specific proxyid. All of sudden I am getting ICMP request time out on working connection.Facing request time out when ping is from Server which is be...

yshaikh by L1 Bithead
  • 5724 Views
  • 5 replies
  • 0 Likes

Resolved! Way to see hardware type installed on 7080?

Is there somewhere in the GUI (or more likely a CLI command) that will show me the hardware type of the cards I have installed on my 7080? Specifically, I am trying to see if I have an SMC or SMC-B. Thanks.

Resolved! Path Monitoring for Alerting Only

Hi, I'm interested in using path monitoring for alerting. I'm aware that it can be used with PBF, static routes, HA, etc, but that's not quite what I'm after. I have BGP to manage that side of things. I would like to monitor the path to the internet. Perhaps pinging the provider's gateway IP and looking for responses. If the link goes down or if...

Luke_R by L2 Linker
  • 3786 Views
  • 2 replies
  • 0 Likes

SD-WAN OSPF

Hello Team, I just wanted to know that does PA SD-WAN supports OSPF ??Or it only supports BGP. My use case is as below Branch and a Hub to SDWANI have Internet links and Orange MPLS links and I have OSPF on OBS router and on the firewall After config of sd-wan i have Internet links and the SDWAN Tunnels (on the branch) ad also Internet links, t...

Swetang by L1 Bithead
  • 4190 Views
  • 2 replies
  • 0 Likes

URL Block / Continue on SSL - doesn't continue, page just refreshes.

I have a "continue" policy set on newly registered domains category. If I visit a site with https I see the continue page but upon clicking continue the block page just refreshes (the guid in the address bar changes). If I visit the site without SSL, the block page appears, and clicking continue will correctly take me to the site. What have I...

cenders by L3 Networker
  • 2770 Views
  • 1 replies
  • 0 Likes

Apps/Threat out of Sync on Passive Panorama.

On one set of panoramas I noticed that the Apps/Threats are out of sync. The passive device downloaded, but did not install the update like the active device did.The active device is set to sync with peer during the scheduled update. The trouble is that I cannot update the passive panorama because that is considered a policy change. I was wonder...

Resolved! Using public range of IPs

I have a bit of a silly question to ask but my mind is drawing a blank on this. If you have a connection from the ISP, say the static IP range is 14.1.1.0/30....their router is 14.1.1.1 and the PA FW will be 14.1.1.2. Simple enough but what if they also give you a usable range of IPs to use, say 15.1.1.0/27. To use these IPs , would you need...

ce1028 by L4 Transporter
  • 6508 Views
  • 6 replies
  • 0 Likes

File blocking

Dears,I am not able to block msi file via file blocking profile.I have created a file blocking profile to block msi and different types of file extensions to block by the policy.Then I tried to open exe file in the chrome browser which is working fine means block as expected. However, when i try to block msi file. It is blocked at the first time...

Jafar_Hussain_0-1606461774177.png
Jafar_Hussain_2-1606462014421.png
Jafar_Hussain_1-1606461839870.png

Resolved! Interzone Static Routing

Hi all, I'll preface this as I'm the sole networking guy at my job and I'm still green. Apologies for any dumb questions, I've tried to read the manual for relevant info and used my google-fu to no avail. I'm using a PA-3020 on firmware 8.0.6. I've been asked to integrate a new Cisco ASA for a financial system that allows a tunnel between my sit...

Resolved! Status Incomplete

Hello,what does this mean and how to solve it?When doing an show arp all:No MAC is displayed at an IP address. Any help is welcome, thanks in advance 🙂

Davevanwijck_0-1606816998706.png
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks