This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

Refund request for VM-Series Next-Generation Firewall Bundle 2

I have used VM-Series Next-Generation Firewall Bundle 2 (sold by Palo Alto Networks Inc.) in AWS for learning purposes. But it charged me $1,887.32 that I can't afford. In the beginning, When I use these services, the web tells me these are free services for 1 year .and not tell me the VM-Series Next-Generation Firewall Bundle 2 has 15 days-tria...

ZiZiHo by L0 Member
  • 2485 Views
  • 2 replies
  • 0 Likes

Computers in remote clinic need to communicate with on prem server

We have just brought some remote clinics online. We have a point-to-point between our PA5520 at the main hospital and a PA820 at our remote site. We're routing between P2P with static routing at the moment. Data/Voice is working, as the VLANs are on the remote site switches themselves. However, we've been asked to get another VLAN working that i...

Downtown_remoteclincs.jpg
lsaintig by L0 Member
  • 2867 Views
  • 1 replies
  • 0 Likes

traffic segmenation affect app-id

Hi So I am working through a ssl decrypt issue with PA support. I am being told that because the stream is being segmented - so not coming as 1500mtu packets. the PA can't work out what the stream is. The implication is that app-id doesn't work properly unless you have full 1500mtu packets. I thnk my SE is agreeing - not 100% sure. I am a bit lo...

Hardware Problems in PA 3220

I had similar problems in 4 firewall pa 3220 in which I could not even enter maintenance mode to take it to the factory reset mode and I had to send them via RMA to the 4 firewalls for their change. Someone had a similar problem , to me a lot of attention that firewalls with very good MTBF have this type of problem if someone knows something...

Resolved! How can I allow an application on default and a non-standard port?

I have a Security rule that allows Oracle traffic between two subnets. The problem is that three Oracle servers use standard port 1521, and another Oracle Server uses a non-standard port 13062. I know that I need to allow the non-standard port in the rule, but that breaks traffic on the standard port. For now, I have explicitly added the stan...

kcampion by L1 Bithead
  • 6707 Views
  • 4 replies
  • 0 Likes

URL 9.0 URL Category Cache Build Time?

How long does it take for the URL categories to build in the 9.0 release? We have an issue with google-base app, where almost all google searches come back as the 'not-resolved' category for the first 5 minutes when we change datacenters. 8.1 you could just re-download the seed database, and we never had a problem. 9.0 there isn't such a...

Sec101 by L4 Transporter
  • 3360 Views
  • 2 replies
  • 0 Likes

Resolved! Shadow Rule Notice - Really Not a Shadow

I have a firewall (lab unit) with version 9.1 and I configured two Security Policy Rules.The top rule (1) is Trust to Untrust, a source user is a group, all default options, and an Action of Deny.The second rule (2) is Trust to Untrust, a source user is a group (different from above), all default options, and an Action of Allow. When I commit th...

Migrate pa vm to pa 820 facing issues

Hi to all,one of our customer migrated their complete infrastructure from PA VM to PA 820 physical device.post migration they are facing issues like, they have generated report and seeing PA 820 and PA VM as well. but here thing is, customer doesn't want see PA VM. He wanted to see only PA 820 physical device. and it showing, it misses some gap...

RameshD by L0 Member
  • 2614 Views
  • 3 replies
  • 0 Likes

setting counter thresholds with snmp monitoring

Any one have a good handling on where to set dos counter thresholds for alerting via SNMP? Also trying to figure out what are the best ~50 sensors to monitor for the firewall via SNMP. pan tcp drop packet, pan flow dos pf strict ip, and pan flow dos pf icmperr look potentially interesting in my particular environment.

Resolved! Destination NAT issue or routing change

Hi All, I have had a destination nat running for months without issue. NAT: Source VPN Interface to Inside Interface: Destination Address: 192.168.90.231 Destination Translation: 10.0.8.82 Rule: Source VPN to Inside : Source IP to 192.168.90.231 It has been working for months without issue. Suddenly last night, the traffic to 192.168.90.231 star...

a.jones by L3 Networker
  • 3207 Views
  • 2 replies
  • 0 Likes

Iphone MAC won't connect Global Protect

Hello All,We have Global Protect License for mobile we upgraded recently to 5.0.8 and i see my iphones will not connect.did any one face this issue ? Works fine with windows and desktops only with iphone i face the similar issue.Any help will be much appreciated.

Possible bug in 'load config partial' command

Hello Yesterday I was setting up a new PA-220. As always I cloned template and used load config partial command to clone device-group: load config partial mode replace from-xpath /config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='SRC'] to-xpath /config/devices/entry[@name='localhost.localdomain']/device-group/entry[@n...

WildFire for the new guys

When I started using Palo Alto firewalls about a year ago, I heard the term 'wildfire', but didn't know what it was. So, for anyone else who may be new, here's wildfire in under 5 minutes:https://youtu.be/bj9Scj-QKEY

Luke_R by L2 Linker
  • 2716 Views
  • 1 replies
  • 0 Likes

DHCP Lease Time

HiWe are distributing dhcp with mac reserve on paloalto. rental period is 10 minutes. is this time too short? Does the system get tired because the time is short?

Aykut1 by L1 Bithead
  • 6332 Views
  • 4 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks