General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Unable to download the new version

Hi All, Getting below error while downloading the image. Operation Download Status Completed Result Failed Details Successfully downloaded Preloading into software manager Error: Image File Authentication Error Failed to load into software manager. Please retry. Post processing failed. Please retry.

Assistance with 100Gb load testing on a PA-5450

We have a spirent connected directly to a PA-5450 to do load testing on the 100Gb ports. The PA5400 has two NC cards (Slot 1 & 2) and then 4 DPC cards (slot 3-6). The docs show that NC1 is logically mapped to DPC3, and NC2 is mapped to DPC4. But there is virtually no mention of slots 5 and 6. Are they auto assigned or do we have to manua...

rolinger by L2 Linker
  • 926 Views
  • 1 replies
  • 0 Likes

What Cisco SFPs are compatible with PA QSFP28-CWDM4 100Gb SFPs?

Client is testing 100Gb throughputs on a pair of PA-5450s. We added the PA supplied QSFP28-CWDM4 (Finisar) transceiver into the Cisco switch and the Cisco logs revealed the transceiver is incompatible. But, in order to do 100Gb on the PA it is required that the transceiver be QSFP28 - so the PA side doesn't have the option of using anything bu...

rolinger by L2 Linker
  • 2080 Views
  • 3 replies
  • 0 Likes

AI ​​Access feature 11.2.2-h1

PA-5450 I need to enable the AI ​​Access feature, then the PAN OS requirement must be PANOS version 11.2.2-h1. Currently PAN OS uses 10.2.9-h1, then I checked in portal Preferred it is still 11.1.6-h3. Please confirm to Palo Alto best practice, which OS version should I upgrade to enable AI Access?

PAN-OS ISO File download blocked

Hi Everyone, I am unable to see on my Palo Alto Firewall PAN-OS 11.1.4-h13 on Monitor Data Filtering or Unifed when I was downloading an iso which file extension in the iso file is blocked. Nothing shows up as blocked and the browser stops the downloading at 224mb. Extensions that are blocked: 7z, bat, cab, chm, class, cpl, encrypted-r...

smledv by L1 Bithead
  • 5127 Views
  • 5 replies
  • 0 Likes

Resolved! Third-party SFP transceivers

Hi Everyone,i am currently running 7.1.14 and am looking to upgrade to 8.08 with third part trancivers HPE X242 10G SFP+ to SFP+ 3m Direct Attach Copper Cable J9283B I read in the Upgrade/Downgrade Considerations Support for Third-Party SFP Transceivers https://www.paloaltonetworks.com/documentation/81/pan-os/newfeaturesguide/upgrade-to-pan-os...

UDP Relay support on PANOS 11.1

Hello Experts, Is UDP broadcast relay (not DHCP) supported by PANOS 11.1? There is a requirement to relay these UDP traffic: ip forward-protocol ndip forward-protocol udp 10001

Is there a limit to the number of objects within a dynamic address group?

I'm working on doing some clean up, and I want to take advantage of dynamic address groups. I have 943 address objects tagged and one dynamic group. When I monitor the logs, I see some traffic bypassing my rule and going to rules below. I checked the address objects and they are tagged.As a test I put all 943 address objects into a static group....

Install Device Certificate for LogCollector CLI

Hello everyone,I upgraded a Pan log collector to Software version 9.1.11 . Recently I receive the event "No valid device certificate found" . So I need to generate OTP certificate and install it . This can be done easily through GUI. However, with LogCollecor , Web UI is disabled and CLI is the only way to access the device .Can anyone guide on ...

Resolved! Paloalto NGFW - Policy-Based Forwarding (PBF) - Enforce Symmetric Return

Hello, I have two sites: Site 1 and Site 1, both running Palo Alto NGFW. Currently, traffic is routed between the sites via an IPSec VPN tunnel. However, we’ve recently set up MPLS between the sites and are planning to gradually migrate traffic from IPSec to MPLS. The challenge we're facing is related to asymmetric routing, where requests co...

Untitled Diagram.drawio.png
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels