This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

Nest Thermostat

Anyone running a Nest Thermostat behind a Palo Alto Networks firewall? I am seeing an inability to connect to the nest site. Logs show a repating SSL on 443 with session end reason: tcp-rst-from-client Any thoughts would be appreciated. Bob

BobW by L1 Bithead
  • 9836 Views
  • 9 replies
  • 0 Likes

HIP Profile serial number filter issue

I have upgrade my firewall from 9.0.9 h1 to 9.1.4 when i generate the report for the HIP profile or use the filter base on serial number iam facing this issue please suggest i there any bug in 9.1.4 Even clicking on serial number in HIP Match logs to filter search results fails as below

Joshan_Lakhani_1-1597998626771.jpeg
Joshan_Lakhani_0-1597998604250.jpeg

Can someone exsplaine to me like I'm 5 what App-IDs are?

So I need to update my PanOS on my PA-3020, but because I have a mission-critical network I need to avoid downtime as much as possible. In the walk-through for the PanOS upgrade, it says 'any change a content releases introduces that affects App-ID could cause downtime.' I was not fully clear on what an App-ID is, and why it might change from ...

EDL IP List GUI not display

Currently setting EDLEDL IP information can be captured on CLIBut it cannot be confirmed in the GUITried PANOS version 8.1.5 and 9.0.0 Try some edl canSome can not be displayednot displayhttps://report.cs.rutgers.edu/DROP/attackerscanhttp://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txthttps://raw.githubusercontent.com/firehol/blockl...

Houran_0-1597934331356.png
Houran_1-1597934412758.png
Houran by L0 Member
  • 2248 Views
  • 1 replies
  • 0 Likes

Incomplete sessions for NATTING/Access to different site DMZ

Hi All,I am having a complex and tricky setup that require NATTING and host web server in different network/site DMZ, I know it is not best practice but hope you can help:Here is topology:Site A zones: Trust, Untrust and DMZ with their own public IP and web serversSite B zones: Trust, Untrust and DMZ with their own public IP and web serversIn ca...

infoit by L1 Bithead
  • 3343 Views
  • 2 replies
  • 0 Likes

Palo Alto aws Deployment

Hello guys I'm honestly a noob. I just set up a palo alto vm series bundle 2 on my aws with 3 interfacer.eth 0/0 for managementeth 1/1 for the public subneteth 1/2 for the private subnetI've been trying to set up a wordpress server on the private subnet and access it via the internet. I dont know if my aws configuration is wrong or my nat/securi...

Resolved! User-ID agent

Hello, I have had the user-id agent setup previously but now either after upgrading to panos 10 or enabling mutli-vsys my option for the agent is now missing from my user identification menu. Does enabling mulit-vsys break this or maybe the version 10 update? The agent is still working just cant see the settings or add a new one.Thanks,Justin

jmarberg_0-1597926095642.png
jmarberg by L0 Member
  • 4872 Views
  • 2 replies
  • 0 Likes

Resolved! Repurposing log collector

I have a M-500 with two disk pairs in dedicated logger mode that I want to turn into a dedicated manager. I know how to actually change the mode, but can I remove both disk pairs and use them in another logger? I assume the M-500 has internal storage for the actual OS but wanted to be sure before actually going through with it. Do I need to do a...

ikev2 with cisco Router using certificate problem

after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse: received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) does not match peers id after this: IKEv2 IKE SA negotiation is failed as responder any ideas? rega...

Luping by L0 Member
  • 2788 Views
  • 2 replies
  • 0 Likes

SSL inbound inspection

Hi Team,I am facing the issue in SSL decryption intermittently. For the transaction website. traffic flow for the SSL inspection is:- Outside user ------> Paloalto--------->Load balancer-------->Application server. In the destination NAT translation, i have given the load balancer IP. Condition A with SSL inspection:-Once we apply SSL i...

ssl.PNG

PA Migration from 5050 to 5220 with below requirement-Suggesstions Request

Hi Team,I have to Migrate PA from 5050 to 5220 for data center firewall.We are using ASA for Internet.In PA data center firewall we have 2 vsys 1 for internal another for DMZ.Now the planis DC firewall we are migrating to 5220 afterthat ASA replaced by old 5050 Firewalls.Task is we have to add 1 vsys in DC Firewall DMZ vsys in Internet firewall...

Does updating definitions/antivirus cause any downtime?

I have a new PA-3020 that is inline on my network, meaning if it goes down then so does my network. Because this PA-3020 is inline I was worried about updating the definitions (only two weeks old right now), and I was not sure if during a definitions/antivirus update, then the 3020 might drop or blip its in/out connections. Basically, if my 30...

PA Firewalls HA Active-Active Routed design with BGP

Hello Everyone,I'm designing an edge network with Active/Active HA. After reading the PA documentation, I found Active/Active Routed based redundancy design which seems best suited for our environment. However the topology shown in Docs is a square model and I'm thinking to add more links to convert it to full mesh to add more redundancy and fas...

HA-AA-Routed-based-Redundancy-Square.jpg
HA-AA-Routed-based-Redundancy-Full-Mesh.jpg
yham81 by L0 Member
  • 7214 Views
  • 3 replies
  • 0 Likes

Resolved! Feature Upgrade: load, install, run !?

What does "base image must be loaded" and "you do not have to install or run the base image" mean? See my screeshot below. The base image is there. Do I have to click on "Install"? The message however clearly says I do not need to do so? So what do I do?

ifstciss_0-1597841414632.png
ifstciss by L1 Bithead
  • 8268 Views
  • 6 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks