This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Access GUI port.

There are two locations where the only dedicated link is (X) access to the management of the security teams is through publication (https: // xxxx: port) All security teams have a management IP and are published with the same public ip 200.15.21.1 After the upgrade, from version 7.1.25 to 8.1.15-h3, it is observed that when you want to access th...

Global Protect, Win 10 drive mapping issues

Hello all, Just throwing this out there to see if anyone has seen similar issues. Over the last 6 months we have been having intermittent drive mapping issues on clients that have Global Protect installed. All the clients have Win 10 on them and we have global protect 5.0.5 installed. The drives are mapped using group policy and in trying to ge...

Resolved! Firewall log storage quota related

HiI have a question regarding log quota.You have set the firewall's configuration related log quota to a minimum.Immediately the logs were reduced to a minimum. (Approximately 500 lines)After that, the logs are stacked, but the previous logs are not deleted.If the capacity is exceeded, will the old log not be deleted?I am wondering if there is a...

jskang by L1 Bithead
  • 2864 Views
  • 1 replies
  • 0 Likes

query traffic log not working when activating from dynamic group

trying to use monitor (query traffic log) by way of drop-down arrow on a dynamic address group, it gives error saying '<group name> doesn't exist or doesn't contain any member'. However, activating the monitor from a policy rule name which uses the dynamic groups works fine... help? fw on 8.1.13, pan on 9.0.9

Resolved! PBF conflict with "ip strict option" in zoon protection

Hi Alli have a scenario where the traffic works fine if it's forwarded by the routing table (and nat is applied)when i used pbf, it didn't work, checking global counters i found oacket are dropped and the reason is "strict ip" option in the zone protection profile.I run debug flow basic and got this message : "source ip address in packet does no...

Resolved! Routing between overlapping networks

Hello,I want to replace our existing firewall with a PA-850. Thereby I have a problem, which I cannot get solved.I have to route to an external network, which unfortunately uses the same subnet as ours.Until now, I have used a small Linux VM, which uses DNAT to convert the addresses.In principle the PA-850 should be able to do this with another ...

problem.PNG

Resolved! SCCM management of remote GP Windows clients

We just deployed and started using GlobalProtect 5.1.1 to support the work-from-home COVID-19 initiative for thousands of remote workers. Everything is working well but my SCCM guys can't manage any of the remote clients to push patches or software updates. Our internal DNS resolves the host names to the last LAN address of the host, not the I...

pnelson by L2 Linker
  • 27775 Views
  • 15 replies
  • 0 Likes

Dynamic update for trial license

Hi all, I received PA-200 that was stored on storage for years. The box was unopend so I registered device and requested trial license (according to the portal site, it seemd that the device only had expired Software Warranty Support). After executing "Retrieve license keys from license server", it seemd that the trial license was properly app...

starplat by L1 Bithead
  • 7938 Views
  • 7 replies
  • 0 Likes

What's the latest recommended version for PA-820 ?

Hi everyone, My company i've been working outsource informed me about a vulnerability which is recently announced.So it seems i should update PA-820 which is working as cluster with Passive (HA).Current version is 9.0.8.Is there anyone who's been running with 9.1.x version with no giant bug ?Thanks in advance.

Onrcan91 by L0 Member
  • 5521 Views
  • 1 replies
  • 0 Likes

Resolved! route-table unicast appear after adding new prefix in BGP export filter

Hi, We have an existing BGP peer session to our service provider advertising a few prefixes which has been working fine. I have recently added a new prefix (/24) which statically routed to our internal switch, all our static routes are redistributed into BGP and they are learnt by our service provider router. I have added this new prefix onto ...

ShanVD by L0 Member
  • 2727 Views
  • 1 replies
  • 0 Likes

Is there an option to store a file crossing PA?

I would like to block certain file types using File Blocking profile (which works fine), but instead of just discarding files which were blocked I would like to store them for later. Or in other words is it possible to get hold of files which PA blocked?Thanks

Resolved! Help with routing decision

Hi Got BGP providing DGW and I have a static 0.0.0.0/0 with metric 240 so its last resort route butVIRTUAL ROUTER: vr_default (id 2)==========destination nexthop metric flags age interface next-AS0.0.0.0/0 0.0.0.0 19 ~0.0.0.0/0 202.74.32.69 ?B 612028 ASXXXX0.0.0.0/0 202.74.32.71 240 A S ae3.10 for some reason the static is active over the BGP ro...

Resolved! Query About To Increase VM-Firewall Disk Storage Size

Hi Team, We deployed a VM series firewall in azure and it's in production now. Presently the VM-Firewall OS disk storage size is 60GB and there is no Data Disk used. Since the customer is need a 6 months of log retention period. As customer isn't ready to forward the logs to any external syslog server or panorama. So we planed to increse a disk ...

Resolved! multi lan multi wan best practice

situation is this : currently i have :multiple lans/vlans1 p2p line (single subnet static route01 internet line1 virtual router now, i need to add another wan my best practice should bea : to do another virtual router and separate relevant networks to each vr?b : to "bag" everything under 1 vr with ecmp enabled + pbf?c : maybe something i didn't...

Problems with installing Expedition: /usr/bin/dkpg returned an error code 1

Hi, I am currently trying to install Expedition with the PAN Install guide and using Ubuntu 16.04.7 LTS.So I installed Ubuntu, made sure it has internet connection and then followed the installation guide until the installation of Expedition itself. (./initSetup.sh).During the Installation I got asked to provide a password for the MariaDB root U...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks