This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4222 Views
  • 0 replies
  • 0 Likes

Resolved! DNS issue over Global Protect split tunnel

I have an SFTP server. When users are inside the office they have to connect it via private IP. When they are at home they should go via public IP. I am using the same DNS server in Internal and Global Protect as well. I have excluded the private SFTP IP in Global protect split tunnel, so that users won't get connect with this IP, instead they h...

Master key on secondary standby panaroma

Hi allI have two panaroma in ha and two firewall in ha.I configured master key on primary panaroma and i want to configure it on secondary.what is best way to configure1. Make primary panaroma suspend and make secondary activeor2. do failover of panaroma and configure key

Problems with IPSec tunnel

Hello,I have a PA VM100 which hangs behind a dynamic public IP and it creates an IPSec tunnel to a PA220 with static public IP. So the tunnel can only be established by the VM100. On the PA220 I have activated "Enable Passive Mode" at IKE Gateway -> advanced Options. DPD Interval 5 and Retry 5.I also set up a tunnel monitor and gave the tunn...

Ignite 2020 Event Information

LIVEcommunity Ignite 2020 Event Information Ignite 2020, our all-virtual event is right around the corner so we put together information about what you can expect and how to register! Read the blog here. Now that we've shared a little bit more information about the event, we encourage you to use this discussion to engage with us and and a...

ignite20-all-dates_livecommunity-2600x600.png
jennaqualls by Community Team Member
  • 3199 Views
  • 1 replies
  • 4 Likes

IPSEC VPN - Cannot ping across the tunnel. Both Ph1 and Ph2 tunnels are up.

Hi All, I have set up an IPSec VPN tunnel which seem to be up, however, i cannot ping from my local LAN IP on tunnel interface to the other side LAN interface of the tunnel. NOTE - Other end of the tunnel is terminated on ISP network where we are using their MPLS network to connect our global sites. My side palo alto firewall has tunnel.11 inter...

Rutvij by L0 Member
  • 14424 Views
  • 3 replies
  • 0 Likes

Internal host detection when using prelogon then on demand connection

hey guys, so I have finally managed to setup my pre-logon environment and its working great, only problem is now that internal host detection is not working..... it work well on my non-prelogon portal if there any fix for it ? My setup under the pre-logon portal -->Agent has both pre-logon and user logon uses prelogon then ondemand connectio...

Shadmin_0-1602547429638.png
Shadmin by L1 Bithead
  • 4399 Views
  • 2 replies
  • 0 Likes

Resolved! Authentication error after upgrading to 7.0.x

Hi, I've one issue after upgrading for one of my client from 6.1.6 to 7.0.7 regarding Radius authentication. Authentication was successful till we upgrade to the new version. After the upgrade we are getting the error “Number of Access Domains and roles doesn't match for the user". Only local admins can log in but not Radius admins. When I chec...

clienterror.png

RST First packet isn't a SYN flows (RST Both) + Deny action for NFS (?)

Hi Experts, I'm right now dealing with a situation where occasionally I need to reset NFS sessions within an HA A/A PA 5220 cluster (see also https://live.paloaltonetworks.com/t5/general-topics/pan-os-session-table-clearing-gt-no-rst-fin-connection-sent-out/td-p/355556). More generally, how can I configure the Palo Alto Firewall to RST (instead ...

CarloTaddei_0-1602397214713.png
nfs.PNG

3020 randomly shuts down

Hello. I'm hoping that someone might have some suggestions of what's happening here. For the past week I've been dealing with a 3020 that randomly shuts itself down and requires a power cycle to get back online.Thursday and Fri of last week we'd randomly lose internet connectivity. I could still access the Palo from the LAN but we'd need to rebo...

dpsmith by L0 Member
  • 2626 Views
  • 1 replies
  • 0 Likes

Resolved! Using Palo Alto firewall as a proxy (anonymous browsing + URL filtering)

Hi all, We currently have a setup using a Forcepoint Content Gateway for proxy server with an external facing Palo Alto 850. The main we reason with use the Forcepoint appliance is for: 1. "Anonymous browsing" (no leakage of internal IP spaces)2. DLP3. URL Filtering Ideally, I would like to remove this appliance to simplify our setup and I under...

Gregoryp by L1 Bithead
  • 10185 Views
  • 2 replies
  • 0 Likes

PAN OS Session Table Clearing -> no RST/FIN Connection sent out ?

Hi Experts, I have the following situation. I'm running an A/A HA Cluster based on 2 5220 PA Appliances (PAN OS vers 9.0.x) Occasionally (following a failover event) we noticed that some of our Long Lived sessions (NFS + Oracle DB Sessions) active across the cluster do not seem to be properly handled at session table level cluster wide any longe...

Resolved! Book for Palo Alto

Hello Everyone, Hope you all are doing fine. I am new to PA firewall and just started to study PA concepts from PA forums. But i want to purchase book and study from it. Could someone please advice if below book would be good to start from scratch? . I found it on amazon Mastering Palo Alto Networks: Deploy and manage industry-leading PAN-OS 10....

Resolved! Trouble with IPSec Site2Site VPN

I am a beginner in the Palo Alto World.I want to setup a Site2Site VPN to a customer.The customer has a Palo Alto System running.I cannot get the tunnel up.The admin of the customer and me are troubleshooting the problems, but so far nothing is working.The customer site seems to be ok, because he has some other site2site VPNs running.My firewall...

c.keller by L1 Bithead
  • 9702 Views
  • 8 replies
  • 0 Likes

Resolved! HA not working with interface monitoring any

Hello all, i configured HA between paloalto peers , and HA failover as default without definig specifc interfaces and left it to "any" when interface of inside zone shutdown from switch side , failover will not be trigered ? and need to fix it

BPA - Sanctioned apps

This might be a naïve question. But how does it help me/organization going through every single app and marking it sanctioned, tolerated or unsactioned. It seems to me of no use, other than for the reports for executives, while apps still get allowed only after the CAB approval.

raji_toor by L4 Transporter
  • 4902 Views
  • 4 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks