This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4136 Views
  • 0 replies
  • 0 Likes

Resolved! Traffic not matching policies configured with AD groups and users

Hello all, i have problem user based policy .in cli i can see that ip and group mapping is fine . When i configure the policy the users and groups appears in the drop down and so on, but didn't match the traffic .Can you give me some suggestions?Thank you in advance!

stef by L2 Linker
  • 3320 Views
  • 2 replies
  • 0 Likes

Load Versioned Configuration (locked)

Hello, community!I'm trying to export a configuration version from a 3020 and it's not creating new versions whenever I commit a config. Upon checking, I found the last config version says "(locked)" at the end of it. Currently no admins have config or commit locks in place and we have commited many times and no new versions have been created. T...

CMachado_0-1605902002039.png
CMachado by L2 Linker
  • 2420 Views
  • 1 replies
  • 0 Likes

Dynamic Updates Query

Hi Team, one of our Client had app and threat license earlier now the license has been expired.Both the devices is in HA.So one of the device has been Rma Now i have configured but i have getting error of Antivirus mismatch because threat license has been expired so how i can rectify the issue of antivirus mismatch

Demisto Mail Sender Integration

Hello,I am using Demisto community edition and i want to integrate it with "SMTP" in order to be able to send e-mails, but i couldn't and encountred the following error message. "(-1, 'E Fatal error: tls_start_servertls() failed') (85)" So I am asking for help, and thanks very much in advance.Cordialy.

mail error.png
ilyes23i by L0 Member
  • 2139 Views
  • 1 replies
  • 0 Likes

Multi-vsys for 3250

A Virtual Systems license is required to support multiple virtual systems on PA-3200 Series firewalls, and to create more than the base number of virtual systems supported on a platform.PA-3250 support bellow things-Base virtual systems1Max virtual systems*6 Base virtual systems1:- Does it mean it only support vsys1 or we can create one more vsy...

Flood log triggered by DoS Protection could not be sent to syslog server

Problem description :Flood log triggered by DoS Protection could not be sent to syslog server.paloalto deploy: v-wire modePANOS : v4.1.8Settings in paloalto :1. Device -> Server Profiles -> Syslog -> Add a syslog server with port 514 and LOG_USER facility.2. Objects -> Log Forwarding -> Add a syslog forwarding profile, all severit...

AWS IPSec VPN Issue while migrating from PA-5020(HA-8.1.15-h3) to PA-5220(HA-8.1.15-h3) Firewalls

Hello Everyone,I have an issue while migrating from PA-5020(HA - 8.1.15-h3) to PA-5220( HA - 8.1.15-h3) Firewalls. 1) did .xml running config file export from 5020 and import into the 5220, but got an error message while commit. Involved PA TAC engineer and SE, could not be able to resolve this issue, just they said its a panos bug, upgrade hi...

Tthapa by L1 Bithead
  • 4202 Views
  • 5 replies
  • 0 Likes

How to replace PA-5020 with PA-5220 with minimum downtime?

I am in the process of replacing PA-5020 HA A/P pair with PA-5220 HA A/P pair. At some point, we will remove 5020 and introduce a 5220 and this needs ARP refresh on all interfaces. is there a script/process I can use to ensure the ARPs are refreshed as soon as the new firewall is connected?Thanks.

TLS 1.3 Encrypted SNI No-Decrypt URL Categories

In non decrypted tls 1.3 traffic, how is the firewall in 10.0 seeing the URL that a user requests and how is it enforcing that category? I've read that tls1.3 encrypts the SNI field, which from my understanding, is the primary way the palo firewalls read and implement URL categories on non-decrypted traffic. If we don't decrypt on certain tr...

Sec101 by L4 Transporter
  • 8880 Views
  • 2 replies
  • 0 Likes

Panorama VM running on ESXi 6.7?

Dear community, I had a Panorama VM running Pan-OS 8.1 without any issue on top of VMware ESXi 6.7, after upgrading to 9.0.4 the host is rebooting the VM from time to time with the following error log:"..........reset by vSphere HA. Reason: VMware Tools heartbeat failure. A screenshot is saved at......" The screen-shot taken when the VM crashes ...

Carracido by L4 Transporter
  • 4397 Views
  • 2 replies
  • 0 Likes

Overriding existing User-ID mappings with Captive Portal to elevate privileges

Override the learned credentials through User-ID agent or captive portal for troubleshooting or additional access without involvement of a firewall administrator. (Without clearing from CLI). For example, IT admin is at users place and need to override current internet privileges to access Youtube for troubleshooting an issue. This can be achie...

How to migrate logs from M-100 to another M-100 in mixed mode by moving the logging disks

the customer have an M-100 do RMANow they need to replace the hard disk with the new M-100.I refer to this articleHow to migrate logs from M-100 to another M-100 in mixed mode by moving the logging disks.nine thousand three hundred and sevenCreated On 09/27/19 23:00 PM - Last Updated 05/19/20 20:46 PM I have some questions.Question 1: I don't k...

Felixcao by L3 Networker
  • 2170 Views
  • 1 replies
  • 0 Likes

User-ID Based Overide

Hello Everyone, We are looking a solution in a case wherein PAN-OS firewall are deployed with only USER-ID based policies for different group of orgranizations. Now everyhintg is working as expected but IT Engineers are getting trouble in Installing/Downloading softwares/pacthes from their windoes login. In that case they logged out from user a...

Global Protect with Client Certificate Authentication

Hi all,can somebody tell me if there is a manual or howto,which describes in detail how to confígure this.I read the "Quick Start Guide GP" and this threadhttps://live.paloaltonetworks.com/message/7126But I'm not getting it t work. When I connect to the portal sitewith a browser I'm getting the message "Valid Client Certificate Required".But I i...

indevis by L2 Linker
  • 4191 Views
  • 2 replies
  • 0 Likes
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks