This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4132 Views
  • 0 replies
  • 0 Likes

Resolved! Changing Master Device - Panorama

We have recently gone through a firewall hardware upgrade, and the device that was replaced was our old "Master" device in Panorama. I would like to make the new device our "Master" device, but I am intimidated by the call-out "When you change the Master Device or set it to None, Panorama loses all the user and group information received from th...

Getting Systems Alerts

Hello,I am getting system alerts in my firewall below is the error:- Disabled applications in vsys1: cip-ethernet-ip-disable-io cip-ethernet-ip-disable-sfc cip-ethernet-ip-enable-io cip-ethernet-ip-enable-sfc cip-ethernet-ip-read-mod-write cip-ethernet-ip-read-tag cip-ethernet-ip-read-tag-frag cip-ethernet-ip-run cip-ethernet-ip-stop cip-etherne...

Resolved! Log Collector not receiving logs.

Hi All, We have deployed 2xM200 Log collectors for log collection. They are registered on the panorama and show in-sync. I have done the collector-group settings. Now when I go to Panorama > Managed collector > the log collectors show disconnected status (screenshot attached). With the message "Log collector <serial number> failed to...

VarunRao_1-1595814847860.png
VarunRao_0-1595814717239.png
VarunRao by L2 Linker
  • 27980 Views
  • 9 replies
  • 0 Likes

Betternet VPN Lemon VPN blocking

Anyone know how to block these 2 apps? Betternet VPNhttps://www.betternet.co/ Lemon VPNhttps://play.google.com/store/apps/details?id=org.lemonvpn.android&hl=en_US We have a BYOD at our K-12 education schools, and students are bringing their own devices in with these installed. I assume there are other VPNs out there coming in too. We have a...

dannon by L3 Networker
  • 8658 Views
  • 6 replies
  • 0 Likes

How to check VPN counters for a specifc dest IP?

how to check IPSEC VPN counters in CLI for a specific destination IP address?Peer is claiming the traffic is leaving their firewall but I don't see it on my pcaps and logs. How do I verify the traffic is actually passing through the VPN and hitting the tunnel? I have hundreds on server in the proxy-id as I have a /12 as the destination.Thanks.

Resolved! Panorama

Just need to know is there a max size for a Panorama log file and if so what is that size, currently we are at 1.6TB and want to make sure we are not over the limit and into possible file corruption scenario

dttech by L1 Bithead
  • 2972 Views
  • 2 replies
  • 0 Likes

Hyper-V Compatibility issues

Hey,I'm running a 3 Node S2D on Server 2019.Currently migrating from VMware Hypervisors which has the Palo Alto running on it, instead of doing a Migration\Conversion i want to build a new server. I'm trying to setup a Palo Alto VM-300 Series Virtual machine which comes as the VHDx File.I'm using SCVMM and select use an Existing Virtual Machin...

System alerts

Hello Team,I am getting system alerts in my firewall below is the error:-PAN OS - 9.0.6Disabled applications in vsys1: cip-ethernet-ip-disable-io cip-ethernet-ip-disable-sfc cip-ethernet-ip-enable-io cip-ethernet-ip-enable-sfc cip-ethernet-ip-read-mod-write cip-ethernet-ip-read-tag cip-ethernet-ip-read-tag-frag cip-ethernet-ip-run cip-ethernet-i...

Resolved! Global protect static IP

Hello Team, Is there any way to configure static IP for VPN(Global Protect) users. Example:-I have an IP pool - 192.168.1.0/24User A, UserB, User CAuthentication profile is (Active directory)When user A will connect through the external gateway for this user IP address should be assigned - 192.168.1.10When user B will connect through the externa...

Resolved! PA-5020 to 5220

we are planning to upgrade ur existing PA-5020 to bigger boxes. our current 5020s are struggling to handle the ssl decryption and it sometimes give ''Dataplane CPU under severe load'' logs on busy days. I heard 5200 series are specfically designed for decryption . However I have 2 questions here:1.What can be my best options? PA-5050,506,5220 or...

Inbound SSL decryption - Digicert

If inbound SSL inspection when using Digicert certificate is not supported, what is the alternative. We have many web-servers using same wildcard cert used for GlobalProtect and wanted use this same certificate but it doesn't work. Is there any other mechanism to implement inbound SSL inspection.

raji_toor by L4 Transporter
  • 12544 Views
  • 15 replies
  • 0 Likes

Resolved! 40031 Threat Exception

What I am wanting to know is if I can add a range of IP addresses to a vulnerability exception.This would be the entire 1-254 range, rather than 1 IP address at a time. I have already checked the links below and they talk about adding IP addresses one at a time as an exemption.Rather than allowing the vulnerability for the entire site, I would l...

New setup PA-VM Active/Active external routing not working on standby

I have a pair of VM 300s in active/active mode and everything is running OSPF. PA1 is primary and PA2 is standby. I noticed I was missing a bunch of traffic for anything going to the standby router. I can ping every interface on the standby sourced from the loopbacks on each router but I cannot route through the standby.The OSPF table shows both...

Capture1234.PNG

Email Link Analysis - does it look at all emails?

I am curious to know if the organization I work at gets a blast email to 500 employee's from an external B2B marketer does the wildfire analysis get performed on all 500 identical emails or does it simply do it once knowing the email and links are identical.

joecbrown by L1 Bithead
  • 10424 Views
  • 12 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks