This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4235 Views
  • 0 replies
  • 0 Likes

HELP! Failed to download due to protocol error. Please try again later. updater error code:-28

I am spinning up a new 820 HA pair and on my last site I am getting an error when downloading the OS and dynamic updates. The other site work fine. I am getting the following error: Failed to download due to protocol error. Please try again later.updater error code:-28Can any one help me out here? Im on 9.0.4 trying to go to 9.1.4

JohnMaki by L1 Bithead
  • 8358 Views
  • 4 replies
  • 0 Likes

Resolved! SSL Certificate renewal query

We got certificate tree like this:the public certificate (Trusted root CA) from Digicert, Intermediate cert (Digi root) and then the SSL/TLS cert (DigiVPN). This DigiVPN is going to expire soon and we use it for GP portal and GW. The server cert is by itself and got a tick next to CA column. It is valid till 2023 and used as cert profile in GP. ...

VPN Tunnel Monitoring between two Palo Alto devices

Hello, From what I understand, when creating a tunnel monitor between two PA devices it's best to assign IP addresses on the same segment to the tunnel interface on each side. The monitor is then setup with the remote destination on each side. Example:FW-A-Tunnel.1 (10.10.10.1/30) <---> FW-B-Tunnel.1 (10.10.10.2/30) FW-A will monitor 10...

NobleNOC by L0 Member
  • 2270 Views
  • 1 replies
  • 0 Likes

SSL Forward Proxy implementation in production environment

Hello friends, I would like to know expected issues if we enable ssl forward proxy to a production environment. There are services allowed with different ports , web services and all working fine now. As this is first time am planning to enable forward proxy ,not sure which are the user side issues they may face.Queries are like 1.Whether user...

Resolved! PA HA with Port-Channel towards inside/trust connection

Hi,We need to add secondary PA-220 to existing (production) standalone PA-220 and make it has Active/Standby. Trust interface on PA will be trunk with two sub-interfaces. Both the PA trust interfaces are going to connect downstream Core switch. Core switch is stack and we are thinking to configure port-channel and it both PA1 and PA2 trust inter...

PA-HA.png

Resolved! Export GlobalProtect MSI file

Is there a way to export a deactivated GlobalProtect client MSI installer from the firewall or download a version from the support website? A client also has a palo alto firewall, but is on a different client version than what I use internally. The global protect installer has been failing whenever there is an update, which may or may not have...

Resolved! Log export error

Hello All, I am facing issue to export traffic logs from the firewall in CSV format. getting the error "no jobs query found". Troubleshooting:-* Increased the CSV row number up to 1048576.* I can export URL filtering logs, security policy, NAT policy in CSV format.* Applied filter in traffic logs for 10 minutes but still getting the same error.*...

VSYS Migartion Query From DC5220 to ISP 5050

Spoiler (Highlight to read)Hi Team,I have below network ArchitectureUpstream Internet Firewalls PA 5050 Active/StandbyDownstream Datacenter Deployment 5220 Active/StandbyNow We have 2 VYS in DC 1 is Normal 2nd DMZ Vsys.Now i have to remove DMZ vsys to ISP can some guide how to remove vsys from datacenter 5220 to ISP 5050.ISP-PA5050-connected 5k ...

CLI/API command to verify Panorama push diff

Do you know of a CLI command or a rest API call to push and to show the changes of configuration to be pushed to a firewall from Panorama? I am trying to automate the process, but could not find any references.

batd2 by L4 Transporter
  • 2542 Views
  • 1 replies
  • 0 Likes

Resolved! MDM Integration Service Cannot Be Started

I'm getting the following start error message on Windows Server 2019 running ID-Agent. The MADebug file shows the following as well.------------MDM Service is being started------------11/10/20 15:52:06:552[ Info 1414]: Os version is 6.2.0.11/10/20 15:52:06:552[ Info 480]: Load debug log level Info.11/10/20 15:52:06:552[ Info 483]: Product vers...

Screen Shot 2020-11-10 at 16.01.40.png
Screen Shot 2020-11-10 at 16.02.52.png

Resolved! Route path monitoring and tunnel monitoring together?

I'm switching to route path monitoring for VPN backup failover and would like to keep my tunnel monitoring active for down/up tunnel email notifications. I can set the tunnel monitoring to wait to recover. Can I use both of these at the same time and work as intended? Thank you.

treese by L3 Networker
  • 3713 Views
  • 2 replies
  • 0 Likes

Resolved! Aggregate vs Zone protection profiles

We have separate zone protection profiles for each zone. And the definition of aggregate says that "all thresholds apply to the entire group of devices specified in a DoS Protection policy rule". So if we are trying to protect servers in DMZ, unless we use smaller groups (for which our environment doesn't seem to have a usecase). Do we even need...

raji_toor by L4 Transporter
  • 3237 Views
  • 3 replies
  • 0 Likes

Panorama Version 10.0.1 Cant see Traffic logs from Palo-Alto Device

Hi Guys,Devices:1. Panorama Version 10.0.1 Model VMware ESXi2. Palo Alto Cluster Active/Passive Version: 10.0.1 Model: VMware ESXi VM License: VM-100 Problem:Logs that send from Palo alto to panorama cant be seen under the monitor Traffic tab and cant be sent to the Syslog server.directly from the Palo alto, we can see the logs under monitor tab...

pan.JPG
pan2.JPG
itaymel by L0 Member
  • 4309 Views
  • 3 replies
  • 0 Likes

Temporary disable Miner / Malwaredomainlist offline

Hello! Does anybody know how to temporary disabel a miner without deleting it from config ? Problem is, that currently www.malwaredomainlist.com gets resolved to 127.0.0.1 and the miner alerts in the log files with basepoller._poll ERROR: Exception in polling loop for Malwaredomain_IPs: HTTPSConnectionPool(host=www.malwaredomainlist.com, por...

  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks