This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4238 Views
  • 0 replies
  • 0 Likes

Resolved! Password Profile

Hi Experts We need to setup a password profile with the no expiry condition for the service accounts which has read only privileges. Version is 8.1 1. If we set the Required Password Change Period (days) to 0 days, does it mean it's expired (with 0 days left) or is it never expire ? 2. And, if we didn't set the password profile to any account w...

Live Community members - we want your feedback!

While we may operate the community from day-to-day, the Live Community is really YOUR community. Sure, we may have ideas about what might be helpful or interesting but since the community is yours and exists to help you, we ALWAYS welcome your ideas, input, and suggestions. Not finding what you need? Let us know. Having difficulty navigating to ...

Resolved! Office 365 App-ID

Hi, We are in the process of implementing office 365. May I know what is the correct APP-ID for the below services? Please share if there is any best practice document for this. Microsoft StreamAudio ConferencingMy AnalyticsAzure Active DirectoryAzure Information ProtectionPrivileged Access ManagementPrivileged Identity ManagementManagement an...

Resolved! HA Cluster Network Topology

Hi Everyone, I'm new to Palo Alto and now I plan to deploy 2 Palo Alto 5250 in HA Cluster mode, each firewall take place in a Data Center. This two Data Center is in same City. That why I think HA Cluster suitable in this situation. These 2 new firewalls is replace for a Cluster Check Point Firewall. After reading all document about HA Cluster I...

QuangLe by L1 Bithead
  • 12169 Views
  • 8 replies
  • 0 Likes

Lot of non-syn-tcp

Hi Experts,we have a lot (I mean a LOT :-)) of non-syn-tcp traffic on our PA5220 cluster. The PA is in an enterprise company. Are we sure that the non-syn-tcp means that there is an asymmetric flow? Let me give you an example: 1) Host A sends a SYN to Host B passing through PA2) PA recognize it properly and establish a sessione in its session t...

paboy1 by L0 Member
  • 10833 Views
  • 2 replies
  • 0 Likes

Resolved! PA 5220 aho and dfa offload

Do i need to enable aho and dfa or not ? Running 8.1.9 on PA 5220 debug dataplane fpga stateaho offload not readydfa offload setupUse software only

MP18 by Cyber Elite
  • 6850 Views
  • 7 replies
  • 0 Likes

Report of Number of concurrent sessions per day / month

Hi all, I was wondering if it would be possible to have a report that on a daily base (with a monthly overview) would should me the average amount of concurrent sessions for that period, based on a specific virtual wire or interface. I noticed that through the CLI I can get this information:show session all filter hw-interface ethernet1/1 count ...

Can't get Wildix phone book working - Source address shows as WAN IP not LAN IP!?

Hi all, where I work, we are having difficulty in getting the Wildix IP Phone Phonebook to work through our PaloAlto PA-220 firewall what we use for all SIP traffic. (Wildix is a make of IP phones we are using.) I keep seeing dropped traffic like the below (drop.pcap), which is strange as the source address is showing the WAN IP and not the LAN ...

PA and ASA n route mode

Hi,I have the below topology PA and ASA are in routed mode . The first question is the design is valid? I am facing a problem in this design ASA says the secondary is failed ,primary asa says the secondary and dmz zone interface failed Thanks

pa-cisco.jpg
simsim by L4 Transporter
  • 2524 Views
  • 2 replies
  • 0 Likes

Secure web-GUI access for managment

Dears,When i log in my firewall it is showing the connection not secure. For secure connection login, i have gone through these documents and try to configure a secure connection for web GUI access. How To Configure A Certificate For Secure Web-GUI Access - Knowledge Base - Palo Alto Networks Procedure 1 I followed:-- Created a self-sign certif...

Jafar_Hussain_0-1606198282984.png

Panorama HA

Hi Experts, We've Panorama in HA mode running on 8.1 and due to some reason, secondary is now active. Once the primary is back, with the preemptive checked, primary is still passive. Can someone please assist why primary is still passive? Note: pls be noted preemptive isn't enabled on secondary(active now)

Global Protect issue with Windown server 10

The issue is that when I connected to a server through Global Protect, I can't connect to another server.I have to disconnect from Global Protect and then connect to the desired server. So basically he can connect to one server at a time.However, with Windows 10, version 1903 have no issue. But when I try to connect to Windows 10, version 2004 h...

Resolved! PA-2020 Update PAN OS 7.1.11 possible?

Good morning,we have a PA-2020 with sw-version: 7.1.11Can I update the software version to latest PAN OS?We want to use SAML 2.0.is there a way to achieve this? kind regards,Roland warten mit Login admin / admin show system environmentals ----Thermal---- Slot Description Alarm Degrees C Min C Max C S0 Temper...

SD-WAN internet link (DIA) monitoring

I have a PA-220 with dual ISPs (WiFi and LTE). I tried to configure SD-WAN for direct internet access (DIA). Both gateways (routers from both ISP) are localy connected via ethernet. As far as I know, SD-WAN pings the gateway IPs to calculated the link quality and because they are both locally connected, there is usually no issue. The troubles o...

Problem with routing of NATted reply packets over IPSEC tunnel

I have an IPSEC tunnel to another organisation, they have two endpoints at the other end on addresses which conflict with our networks. We can just focus on one to keep it simple. We have an IPSEC tunnel set up and passing traffic fine (tunnel.3 interface on the untrust zone).The external endpoint’s native address (at the other end of the tunne...

djr by L4 Transporter
  • 5639 Views
  • 3 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks