This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Resolved! Cannot add PA-VM to Panorama management

Hi there, I am trying to add a new firewall to panorama management following this guide:https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/transition-a-firewall-to-panorama-management/migrate-a-firewall-to-panorama-management.htmlAt step 5.2; Export or push device config bundle, when I choose this option, I cannot see...

Application vs Services

Hi Team,I have a couple of questions in application vs services.1. I have to permit a list of services for a particular traffic. In those list some of them are already in the applications like DNS, IMAP, Pop3 and I need to create some services with custom port. Now do I add these applications and the custom services in the same rule or does it h...

Resolved! Global Protect Pre-Logon

I'm setting up Global Protect Pre-logon and I have been able to setup the portal and gateway fine. I have hit a brick wall as the only way I have got this working is to log into the laptop and then I log out of the laptop and then the pre-logon is working. When I reboot the laptop and try to connect it is always saying disconnected. I'm using PA...

Resolved! System - Engine - Logs - CIDR is not a valid IP indicator ERROR

When I try to integrate minemeld IOCs into MDATP, only IP can't sync to the MDATP. Domain/URL and SHA256 are all good.Check the Logs in System-Engine, found following errors, but don't understand why have this error? 2020-10-05T15:57:27 (10424)node._push_indicators ERROR: Microsoft-Defender-ATP-IP: error submitting indicator 101.231.124.6/32: Ci...

HAO.BAN by L2 Linker
  • 7476 Views
  • 5 replies
  • 0 Likes

Resolved! DNS issue over Global Protect split tunnel

I have an SFTP server. When users are inside the office they have to connect it via private IP. When they are at home they should go via public IP. I am using the same DNS server in Internal and Global Protect as well. I have excluded the private SFTP IP in Global protect split tunnel, so that users won't get connect with this IP, instead they h...

Master key on secondary standby panaroma

Hi allI have two panaroma in ha and two firewall in ha.I configured master key on primary panaroma and i want to configure it on secondary.what is best way to configure1. Make primary panaroma suspend and make secondary activeor2. do failover of panaroma and configure key

Problems with IPSec tunnel

Hello,I have a PA VM100 which hangs behind a dynamic public IP and it creates an IPSec tunnel to a PA220 with static public IP. So the tunnel can only be established by the VM100. On the PA220 I have activated "Enable Passive Mode" at IKE Gateway -> advanced Options. DPD Interval 5 and Retry 5.I also set up a tunnel monitor and gave the tunn...

Ignite 2020 Event Information

LIVEcommunity Ignite 2020 Event Information Ignite 2020, our all-virtual event is right around the corner so we put together information about what you can expect and how to register! Read the blog here. Now that we've shared a little bit more information about the event, we encourage you to use this discussion to engage with us and and a...

ignite20-all-dates_livecommunity-2600x600.png
jennaqualls by Community Team Member
  • 3165 Views
  • 1 replies
  • 4 Likes

IPSEC VPN - Cannot ping across the tunnel. Both Ph1 and Ph2 tunnels are up.

Hi All, I have set up an IPSec VPN tunnel which seem to be up, however, i cannot ping from my local LAN IP on tunnel interface to the other side LAN interface of the tunnel. NOTE - Other end of the tunnel is terminated on ISP network where we are using their MPLS network to connect our global sites. My side palo alto firewall has tunnel.11 inter...

Rutvij by L0 Member
  • 14255 Views
  • 3 replies
  • 0 Likes

Internal host detection when using prelogon then on demand connection

hey guys, so I have finally managed to setup my pre-logon environment and its working great, only problem is now that internal host detection is not working..... it work well on my non-prelogon portal if there any fix for it ? My setup under the pre-logon portal -->Agent has both pre-logon and user logon uses prelogon then ondemand connectio...

Shadmin_0-1602547429638.png
Shadmin by L1 Bithead
  • 4365 Views
  • 2 replies
  • 0 Likes

Resolved! Authentication error after upgrading to 7.0.x

Hi, I've one issue after upgrading for one of my client from 6.1.6 to 7.0.7 regarding Radius authentication. Authentication was successful till we upgrade to the new version. After the upgrade we are getting the error “Number of Access Domains and roles doesn't match for the user". Only local admins can log in but not Radius admins. When I chec...

clienterror.png

RST First packet isn't a SYN flows (RST Both) + Deny action for NFS (?)

Hi Experts, I'm right now dealing with a situation where occasionally I need to reset NFS sessions within an HA A/A PA 5220 cluster (see also https://live.paloaltonetworks.com/t5/general-topics/pan-os-session-table-clearing-gt-no-rst-fin-connection-sent-out/td-p/355556). More generally, how can I configure the Palo Alto Firewall to RST (instead ...

CarloTaddei_0-1602397214713.png
nfs.PNG

3020 randomly shuts down

Hello. I'm hoping that someone might have some suggestions of what's happening here. For the past week I've been dealing with a 3020 that randomly shuts itself down and requires a power cycle to get back online.Thursday and Fri of last week we'd randomly lose internet connectivity. I could still access the Palo from the LAN but we'd need to rebo...

dpsmith by L0 Member
  • 2597 Views
  • 1 replies
  • 0 Likes

Resolved! Using Palo Alto firewall as a proxy (anonymous browsing + URL filtering)

Hi all, We currently have a setup using a Forcepoint Content Gateway for proxy server with an external facing Palo Alto 850. The main we reason with use the Forcepoint appliance is for: 1. "Anonymous browsing" (no leakage of internal IP spaces)2. DLP3. URL Filtering Ideally, I would like to remove this appliance to simplify our setup and I under...

Gregoryp by L1 Bithead
  • 10146 Views
  • 2 replies
  • 0 Likes

PAN OS Session Table Clearing -> no RST/FIN Connection sent out ?

Hi Experts, I have the following situation. I'm running an A/A HA Cluster based on 2 5220 PA Appliances (PAN OS vers 9.0.x) Occasionally (following a failover event) we noticed that some of our Long Lived sessions (NFS + Oracle DB Sessions) active across the cluster do not seem to be properly handled at session table level cluster wide any longe...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks