General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

BGP Session Establishment Troubleshooting on Palo Alto?

Hi Folks....requesting anyone's Palo Alto FW troubleshooting expertise: In one of our implementations, we ran into some BGP session establishment issues and that delayed the change a lot as we couldn't figure out the issue. The issue was the BGP authentication failed. Once we disabled BGP authentication, BGP session got established. Is there a w...

Timeout while exporting a device state into a TFTP server

Hi, I'm trying to export a device state from the Panorama CLI into a remote TFTP server, but I get a timeout.Both the Panorama and the TFTP sever are on the same network, so the traffic does not pass the firewall.Also, there's over 200 GB of free space on the TFTP server, so the problem is not a lack of space. What's the reason of the timeou...

Connection_timed_out.png

Variables is DNS Proxy rule?

Hi, My question would be, is it possible to use template variables to set primary end secondary dns for DNS proxy rules in Panorama? I can set a static entrys' IP address value to a variable defined in the template, but can't find the way to do the same for proxy rules. Context: Our branch offices each have their on subnet, doman controllers an...

Resolved! global counter tcp_case_2

I am running a set of vm-series VMs on Azure. From time to time there is packet loss for traffic going through one of these VMs, I am trying to find a metric to monitor that. I could not find a metric exposed through SNMP, but looking at the global counters that increase during TCP retransmission, I found "tcp_case_2" global counter seems to mat...

frigault by L1 Bithead
  • 1587 Views
  • 2 replies
  • 0 Likes

Resolved! A question about ECMP

Hi, I saw a function named ecmp on palo alto NGFW, I think that it can make outbound traffic load balance on two or more physics line or logic line. And I also saw there was a inbound interface information in the session table of firewall. So I want to know if there are two out line on the firewall and connect to outside network named por...

Resolved! SNMPv3 read-only permission

hello all, i'm trying to create snmpv3 user account with read-only permission but when i went through the option on GUI there was nothing about specifying the permission whether it's read-only or read & write. i would really appreciate the help.

How can I search a particular source&destination address in lots of security policys?

Dear all: I have a question about search security policys. We have lots of security policys on our pa ngfw. some of them use a address group as a source& destination condition, some are not. The content of address-group may be a range or a subnet, but now I want to search security policys that relate a pariticular address, this add...

Question regarding Signal messaging application

Currently have a PA-440 at home and trying to setup Signal messaging application. I know the application is cert-pinned and therefore cannot be decrypted. To get it to work, I added to the SSL Exclusion Decryption list the following hosts/domains per the Signal website: https://support.signal.org/hc/en-us/articles/360007320291-Firewall-and-Int...

How to onboard passive PA440 firewall to Panorama using dataplane interface

I need assistance integrating Palo Alto firewalls in an Active/Passive HA setup with Panorama. Below is an overview of the setup: At customer sites, we have Palo Alto firewalls configured in Active/Passive HA mode, and they are currently managed locally. We are now planning to integrate them with Panorama, which is hosted in the AWS cloud. An ...

Ramesh by L0 Member
  • 1587 Views
  • 3 replies
  • 0 Likes

CONFIG logs and syslog

Hi there, we're shipping our logs to a centralized syslog instance. That works great for all types of logs from the PA with the exceptions of the CONFIG logs.The CONFIG logs are submitted at all, with the problem that the interesting parts "before-change-detail" and "after-change-detail" are not delivered.Does anyone else ship CONFIG logs and if...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4506 Views
  • 0 replies
  • 0 Likes

Resolved! PublicCloud Server certificate validation failed

Hi community, I have an issue where system log shows severity high for an event: tls-X509-validation-failed and the description: Palo Alto PublicCloud Server certificate validation failed Dest Addr: sg.wildfire.paloaltonetworks.com Reason: unable to get local issuer certificate Palo Alto PublicCloud Server certificate validation faile...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels