This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Downgraded from PAN 850 from 9.1.1 to 9.0.8.

2 months ago Upgraded the OS from 9.0.0 to 9.1.1 Now we have downgraded the OS from 9.1.1 to 9.0.8.. after successful of a downgrade. we can see the firewall has lots of errors in auto commits as we clear those errors and tried manual commit has a lot of error and fail to commit. Validation Error: import -> network -> interface 'sdwan' is...

Objects in use via CLI

Good afternoon, I'm looking for the CLI command(s) for how to determine the number of address objects, and address-group objects that are in use on a PA FWs. I know it's easily done from the GUI, but would like to add the command to a script, so I can pull the information from the CLI. Thank you.

PPPoE issues - Interface is not getting connection

Hello, I am configuring a PPPoE interface. I have enabled it and typed the username and password, and it continues without connecting. Is there another step that I have to take to enable the interface. I have followed the documentation, and also I have verified that there is no MAC Address restriction. When I connect the ISP link to another dev...

iscott by L2 Linker
  • 3701 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect showing "Connecting" and "Still Working"

I have been stuck at this thing for days . Have even tried reinstalling the application , but still it is stuck at "Still Working" and connecting. Just a heads up, No prompt is showing in security&privacy for allowing the application.Have tried "spctl kext-consent add PXPZ95SK77" in recovery mode and restarted mac . Still issue persists.In P...

Object Group with exclusions

Checkpoint has option to creat an address group object with exclusion (e.g Include 10.20.x.x/16 and exclude 10.20.30.0/24 or other subnets from supernet). Is similar option available in Palo Alto.Negate option in PA is just to negate all source/destination.

Resolved! Ping to internet from 2nd interface IP is not working"

I have 2 outside interfaces configured with the below IP’s. When I try to ping 4.2.2.2 using source as 94.56.143.XX interface 1/1 , ping is successful ( Untrust Zone ) But if I try ping to 4.2.2.2 & using source as 94.56.202.XXX interface 1/2, ping is unsuccessful. ( HE Zone )When I try from HE zone , it should go through HE zone but it is g...

Veeam file transfer issue

Hi,Can someone help me ? Does anyone here experience when you are transferring huge files. It suddenly drop the traffic and cuts the tcp sessions. Got this veeam error from my colleague.Error: The specified network name is no longer available. Failed to write data to the file [\\172.18.77.54\Primary Backup\NOES0003-EM-09062020 - NOES0003\NOES000...

Layer 2 Setup no network traffic no MAC addresses

My organization recently purchased a VM firewall. Originally there were a couple other people who were going to implement it but it's now fallen on my shoulders. I found this tutorial that was straight-forward enough for me to follow but after adding a couple VMs to the port groups I am not seeing any MAC addresses when running "show mac all"...

vCenter Server Appliance Web user interface HTTPS Security Rule

Hi All, Due to a number of system administrators working from home, I have been asked to allow vCenter Server Appliance Web user interface HTTPS port 5480 through the firewall for administration over VPN (Global Protect). Specifically port 5480. vCenter uses standard ports 80 and 443 and successfully navigates to the site. I have been unable to ...

ccarter by L1 Bithead
  • 15151 Views
  • 1 replies
  • 0 Likes

Downtime when chaging DNS IP

Hello - I need to change IP of the DNS server under Setup - Services on our Panorama, FWs and Global Protect devices. Would like to know what kind of downtime I can expect with the cutover to the new IPs especially on t he FWs and VPNs. - Jisha

JJoseph by L1 Bithead
  • 2861 Views
  • 1 replies
  • 0 Likes

Are You Ready for PAN-OS 10.0 and the ML-Powered Next-Generation Firewall?

In case anyone hasn't heard that the NEW version of PAN-OS 10.0 is going to be released soon, This will be a new ML-Based NGFW (Machine Learning) and there is going to be a huge launch event for it. Palo Alto Networks is beyond excited to announce the world's first ML-Powered Next-Generation Firewall. REGISTER NOW for the PAN-OS 10.0 launch ev...

jdelio by L7 Applicator
  • 11375 Views
  • 2 replies
  • 3 Likes

Resolved! Warning: Disabled applications in vsys1

Hi, For a while when committing we would see the message below because the applications were disabled. We have since enabled all of these applications, but are still seeing the same warning. Curious if anyone else has encountered this, and whether there is a fix for it? Warning:Disabled applications in vsys1: assembla-base assembla-uploading cel...

Resolved! 500 Internal Server Error - CAPTIVE PORTAL

Dears, PA220 with interfaces as per belowethernet1/4 19 1 Local-Network vr:RT-LAN 0 172.26.57.1/25ethernet1/5 20 1 Local-Network vr:RT-LAN 0 172.26.57.129/26ethernet1/7.105 269 1 Local-Network vr:RT-LAN 105 172.26.59.1/27ethernet1/7.106 270 1 Local-Network vr:RT-LAN 106 172.26.59.97/27Captive portal already configured and we double checked every...

ScreenShot640.jpg
ScreenShot642.jpg
ScreenShot644.jpg
ScreenShot646.jpg

Using MineMeld to build a list of IP addresses from a list of domains

Our current MineMeld instance is doing a great job of handling our Office 365 requests. Now I'd like to use it to solve a different problem, but I'm not sure how to go about it. We need to allow outbound app-specific traffic to *.somedomain.com. I tried a URL category but that's not working, probably because this traffic isn't HTTPS or HTTP. I...

efritz by L1 Bithead
  • 7733 Views
  • 4 replies
  • 0 Likes

PA 7.1.0 - IPSec SA goes into create delete loop after enabling tunnel monitor

Hi, I am facing a strange issue in IPSec connection with PA (7.1.0) and strongswan (5.6.2) where I see Paloalto starts sending CREATE_CHILD_SA rekey requests to strongswan when I enable tunnel monitor. Earlier we were using strongswan (5.3.5) and didn't have issue with tunnel monitor, but recently we upgraded strongswan to 5.6.2 and started see...

pa-logs.png
  • 24380 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks