This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4104 Views
  • 0 replies
  • 0 Likes

Resolved! LACP PROBLEM

Hi all, I have some problems with LACP. Sometimes, randomly, the interfaces move out of AE-group.I can see from log this error message: "receive PDU partner does not match local actor ".Below the file l2ctrld.log . 2019-09-17 23:19:54.588 +0200 ethernet1/10 idx 73 received pdu partner does not match local actor 2019-09-17 23:19:54.588 +0200 R...

Chango by L1 Bithead
  • 44378 Views
  • 10 replies
  • 1 Likes

GlobalProtect Version 5.1.6 has Browsing Issues on MacOS 10.15.6/7!

Last week I updated GP on our 5250 firewall from 5.0.4 to 5.1.6, which according to this website is the recommended version to use. After MacOS users updated their GP adapter on their laptop, many of them started to have connectivity & surfing/browsing issues! Until now, I know for sure that this problem affects MacOS versions 10.15.6 & ...

LACP Nego-fail issue between firewall and CPE router - Expected Behaviour?

Hi Live, I'm experiencing an issue with a setup of aggregated ethernet interfaces configured with LACP simply for redundancy connections between our HA Active/Passive firewalls and Cisco ISR 4451 routers. I'm wondering what steps to take as regards packet captures on firewall interfaces to figure out why negotiation will fail.Or is this expected...

SirchRettop_1-1603974307593.png
SirchRettop_0-1603973539042.png
SirchRettop_2-1603974600046.png
SirchRettop_4-1603975405930.png

License expiry

We're waiting for our new licenses to come through and getting a little nervous, of particular concern is our PAN-DB license which has the expiry date as 11/2/2020. It is my understanding that custom categories will work and it's just PAN-DB look ups that will not - what about the Allow List in the URL filtering security profile? (it's an old v...

kradmin by L0 Member
  • 2336 Views
  • 1 replies
  • 0 Likes

Resolved! How to access to linux mode in PA ?

Hello community, Can you help me with this? I need to know if its possible to instal Nagios Package into Palo Alto, hence how do I get access to the Linux Based Commands on the platform, I understand that PA is build upon Fedora. Any guidance will be much appreciated

Apadilla by L3 Networker
  • 23921 Views
  • 5 replies
  • 0 Likes

Anyone knows good tool/excel macro for searching egree interface?

*** I know Expedition Tool might have this feature, though please reply with others if possible *** The customer gave me one config which includes 500 static routes, 10000 address objects and 2000 serurity rule (without zone information...imagine cisco ASA or Checkpoint config)I want to determine src/dst zone for each security rule.To do, I need...

emr_1 by L5 Sessionator
  • 2350 Views
  • 1 replies
  • 0 Likes

How to configure IpSec-Vpn Load balancing

Hi Team, I have 2 Firewall ,Firewall A and B,I have 2 Ispon both the firewalls,I have configured ipsec-vpn on both the isp.need to achieve Load-balancing on both the ipsec vpn.What is the method that we can apply to achieve this.

Resolved! Upgrade PanOS On/Off Site Spare failure

Hi all, Figured I'd ask here before contacting support. Last weekend I upgraded my production PA's from 9.0.9 to 9.1.5. Everything went smooth. Due to company requirements we are to upgrade the software on the OSS box, yet it fails with content update. I have downloaded the latest content, panupv2-all-apps-8336-6373, and was able to upload it th...

Capture1.PNG
Capture2.PNG
Capture3.PNG

Resolved! Reverse proxy for Outlook to Exchange

Hello, Checking with the community if anyone has either tried this or is doing this. Scenario: Exchange on prem, external users using Outlook Have the PAN reverse proxy the connection from the Outlook client, external to internal traffic, to the Exchange on prem environment. So have the PAN SSL decrypt the Outlook traffic, inspect it, reenc...

Skip decryption for a certificate chain

Since all public CA's are not supported for decryption. How can we skip the decryption rule for those not supported so we have less tickets and lesser bad reputation. We can't have the list of all the websites from these unsupported CA's.

raji_toor by L4 Transporter
  • 5310 Views
  • 7 replies
  • 0 Likes

Degraded services after introducing Vwire + link aggregation deployment

New guy, trying to deploy a new Palo Alto 3260 to my internet edge for extra protection - When I bring my Palo Alto 3260 inline at my internet edge, I start to experience severe packet loss almost immediately. It affects VDI View sessions and our Cisco Anyconnect solution, that live behind the Palo Alto firewall. I'm using this PA FW, temporari...

Resolved! HIP Profile monitor only initially

Hello , We have got requirement to implement HIP profile for GP users ; But first we want to run it in Monitor mode without any enforcement or without blocking any users Below are the requirements OSWindows 10 AVMcafeeAV updates not older than5 daysPatch management/Disk encryptionEnabledFirewallEnabled So do i just have to create HIP Object w...

Resolved! Use office 365 as email relay?

Did I miss the option that allows one to configure a port, TLS, and authentication on the mail profile? We've moved to Office 365 and would like to send alerts/notices from our remote firewalls directly to the office 365 servers. We can use an iis relay as a solution to the issue but we would prefer the firewalls send direct to Office 365. TIA!...

GP assignments to DNS servers

Hello!Does anyone knows if it's possible that the information of IP assignment/deletion for Global Protect users could be updated to Windows DNS servers? Thanks a lot

BigPalo by L4 Transporter
  • 2064 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks