This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Limitations for creating number of child sa for site to site vpn

Hi,Here I am trying to create a site to site vpn in Paloalto firewall, now in local network I have 8 individual /32 ips and for remote 10 individual /32 ips. This is for policy based vpn. Now if I add proxy ids for local and remote ips. I am getting around 80 proxy ids. Requirement is to only use ips not subnets. Now few connections are not work...

Source and Destination NAT using 2 different NAT rules

Hello everybody, We are trying to replace our Lan-to-Lan concentrator (currently a Cisco ASA) with a PAN-5220 version 8.1. On the Cisco ASA firewall, we are currently doing source and destination NAT for each incoming connection. We change the source IP address because our partners use many different private subnets that we can't route or that ...

CSavoy by L1 Bithead
  • 5546 Views
  • 1 replies
  • 0 Likes

Output detailed HIP logs to syslog

Does anybody know how to output the detailed HIP match logs to syslog?As it stands, we've got to go to Monitor > HIP Match > Magnifying Glass Icon to see them.We'd like to send this rich data set to Splunk or another tool to write reports against.

scresnshot.png
tmhorne by L1 Bithead
  • 7415 Views
  • 5 replies
  • 1 Likes

QOS - real time bandwidth monitoring

Hi All, I've created a generic QoS profile under Network >> QoS but when I view the graph it shows the bandwidth as being much less that I know it is. At the moment I'm streaming music which is around 2 Mbps but the graph never goes above 0.25 Mbps Have I missed something in the config?

ChrisDownes_0-1592593088294.png

Help - Certificate pre-login globalprotect VPN, with SAML tunnel adoption

Hi, We are working to create a global protect vpn connetion between our windows 10 devices and the PA FW ver. 8.0.1. The VPN tunnel needs to use a pre-login tunnel initially (authenticating via the machine cert) which when the user logs in re-authenticates the user using SAML (Azure via ADFS) and renames the existing VPN tunnel. We have an exis...

Resolved! PA running-config Synchronisation

I have migrated HA pair in Panoroma.Let's say I make some changes from Panoroma and push to only active device.Now with config sync enabled locally on the firewalls, will it sync the running config to passive device. Panoroma shows config out of synch on passive device that's fine as it's one way sync but on actual firewall will it be synchroni...

Resolved! Failed to check upgrade info due to generic communication error

Hi all since last night i get alot of erros from wildfire, antivirus updates, content updates...All sheduled updates and even manual checks from the gui bring up errors.No HA config.Problem is on a 3020 and a old 500.Ping and trace work to eu.wildfire.paloaltonetworks, wildfire.paloaltonetworks and updates.paloaltonetworksDNS seems to be ok.Syst...

kbe by L3 Networker
  • 37304 Views
  • 17 replies
  • 0 Likes

Resolved! Removal of unused PAN-OS software from KVM VM series

Hi, We are using vPA on KVM series and ran with v8.1.9h4 and upgraded to v9.0.8 recently (also, downloaded base image of 9.0.0)Can we remove all 8.1.X versions (8.1.0, 8.1.3, 8.1.9h4) from the devices which is installed in the beginning of deployment? hope it will not cause any issues. Regards,Karup

Karup by L1 Bithead
  • 2586 Views
  • 1 replies
  • 0 Likes

Downgraded from PAN 850 from 9.1.1 to 9.0.8.

2 months ago Upgraded the OS from 9.0.0 to 9.1.1 Now we have downgraded the OS from 9.1.1 to 9.0.8.. after successful of a downgrade. we can see the firewall has lots of errors in auto commits as we clear those errors and tried manual commit has a lot of error and fail to commit. Validation Error: import -> network -> interface 'sdwan' is...

Objects in use via CLI

Good afternoon, I'm looking for the CLI command(s) for how to determine the number of address objects, and address-group objects that are in use on a PA FWs. I know it's easily done from the GUI, but would like to add the command to a script, so I can pull the information from the CLI. Thank you.

PPPoE issues - Interface is not getting connection

Hello, I am configuring a PPPoE interface. I have enabled it and typed the username and password, and it continues without connecting. Is there another step that I have to take to enable the interface. I have followed the documentation, and also I have verified that there is no MAC Address restriction. When I connect the ISP link to another dev...

iscott by L2 Linker
  • 3646 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect showing "Connecting" and "Still Working"

I have been stuck at this thing for days . Have even tried reinstalling the application , but still it is stuck at "Still Working" and connecting. Just a heads up, No prompt is showing in security&privacy for allowing the application.Have tried "spctl kext-consent add PXPZ95SK77" in recovery mode and restarted mac . Still issue persists.In P...

Object Group with exclusions

Checkpoint has option to creat an address group object with exclusion (e.g Include 10.20.x.x/16 and exclude 10.20.30.0/24 or other subnets from supernet). Is similar option available in Palo Alto.Negate option in PA is just to negate all source/destination.

  • 24335 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks