General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Clear DF bit for VPN

We have recently migrated our site-to-site VPN so it is now running between a PA-3020 > Cisco ASA 5510. After the migration we discovered that one of our cross-site applications broke and the vendor determined it was because their application communicates in 1472 byte packets with the DF bit set. On our old VPN this was not an issue because...

Service Accounts and GP

Situation is this, a normal user logs into a PC and GP auto connects. User logs out and back in as a service account and GP does not auto login. Any ideas?

Resolved! SAML login remove lock (superuser?)

When I am logged in via SAML, I noticed that I was not able to remove other users' locks. Seems like this may be because I am not a superuser? Is there any way to make a SAML-authed user be a superuser?

Resolved! Zone Capacities per PA model

Looking to understand the maximum number of zones which can be used in a given firewall based on model. Is there a document out there which shows the maximum number of zones? Specifically these models:PA-445, PA460, PA1410, PA3420 If based on OS - I would be interested in 11.1.x

NPA Number

how i can get the NPA number

Prisma access palo alto privileged remote access (PRA) adding an app

Hi all, is it possible to add an application for PRA by making use of Wildcard FQDN or IP subnet range?

VOICE Issues

I got a PA-1410 ,it has IP telephony, and their server is in the cloud. The phones have an address 10.200.x.x/24 and make the registration request through ports 5060 or 5075 to a server in the cloud with IP 148.235.12x.x through the SIP application.The phones do not register, using the initial port, no matter which of the mentioned, for the exam...

Resolved! Tufin

Does anyone have experience using this in a larger environment? Multi vsys? Panorama? HA Clusters and so on. Are there better options available? Thanks in advance for your time.

After software upgrade firewall stopped to sending syslog

We upgraded PA-1410 from sofware release 11.0.2.-5 to 11.1.6-h3. The upgrade itself went well, but a few days later firewall stopped to send syslog messages. Executed tcpdump on the management port, but there is no syslog traffic at all. Checked the system resources, logrcvr servcie seems to be running. I tried to restart the service, and realiz...

Resolved! TCP MSS Physical interface settings understanding?

Hi, Can someone confirm if my Understanding for PA "Adjust the TCP MSS" is correct? Reference to this link this is how PA Firewall "Adjust the TCP MSS" value in the physical interface. In other Vendor when we configured the TCP-MSS value we usually set the "Actual bytes" Example for cisco: "ip tcp adjust-mss 1390"In PA firewall, it looks l...

PA460 issues

Hi, We have two FW PA460 in HA, one active and another one passive. We have several issues related to configuration synchronization and HA: 1- Synchronization before a commit can take us up to 8 minutes. With the old FW the commit was in less than a minute and with these newer models we have gotten worse. It wouldn't affect us if it wasn't tha...

Resolved! IP Sec VPN Paloalto - Starlink

I'm testing Starlink business and having issues passing traffic over my tunnel. This remote site connects to our data center via an IPsec tunnel. I can get the tunnel up and traceroute to the remote side of the tunnel, but I'm unable to pass traffic. I have "Enable NAT Traversal" selected on my IKE Gateway. The Starlink is set to IP passthrough....

Unable to see alert for power supply when plug out for PA-445

tested plugging out second power source to trigger alert but it is not showing in monitor - system. I know that this device dont have power supply monitoring but if the Secondary power cable is disconnected from the firewall will it trigger a warning?

The PA-VM eval is crashing after minutes since reboot

Hello, I've created this discussion because I've downloaded PA-VM eval for ESXi [.ova] and tried to launch this using VMware workstation PRO [latest version]. I found on the LIVEcommunity some threads like so: https://live.paloaltonetworks.com/t5/general-topics/pa-vm-10-0-4-trial-gets-shutdown-after-a-minute/td-p/501973 however, once I followed...

Resolved! TCP fast open and Palo Alto

as far as I could test there is no way to make TCP fast open work through a Palo Alto fw (at least, since 9.1 which seemed to work. It tried 10.2 and 11.2 and all my tests fail there). Whenever a client sends a SYN packet with data, it is transmitted, no matter the zone protection profile, no matter whether the "TCP SYN with Data" option in the...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Clear DF bit for VPN

Service Accounts and GP