This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Internet service down

Dear All,I was facing disconnection issue with our internet firewall, cannot ping to LAN interface, all services related to the LAN interface was down like internet connection, MPLS and DMZ Zone, once I reboot the firewall everything back normally and the Lan interface working fine, we need to investigate to avoid the issue in future. I have che...

Multi vsys license requirement

Hi, I am using PA3200 firewalls and require multi vsys capability.I need 4 vsys, so shall I need to purchase a license for 3 vsys only?ORA multivsys license can activate all supported vsys ? Thanks.

shapath by L0 Member
  • 6109 Views
  • 3 replies
  • 0 Likes

TCP-RST-FROM -CLIENT /SERVER for a category license-expired

Hello Community. I have been observing the logs coming from one server that is behind the PA-FW and while going around the VM, trying to connect to the Azure admin portal, I have observed that it has a slow connection for a 600-700Mbps. While trying to track the logs from the firewall it shows that traffic is having TCP-RST-FROM-CLIENT or TCP-RS...

azure.PNG

Resolved! I cannot use an EDL in URL Filtering or SSL No Decrypt Policy

Thanks for any help you can offerPanorama 9.1 instructions show this image about using edl's as part of a url filtering or ssl decryption policyHowever even though I have several EDLs configured and working I am not given that option. See images belowHow can i enable this functionality.Here is a screenshot of my edlsAnd here is were I am missing...

edl listed.jpg
edl list.jpg
No List.jpg
LeeRRoss by L0 Member
  • 3110 Views
  • 1 replies
  • 0 Likes

Unable to get proper report

Dear Team, We are not getting proper report for Last calendar month using query builder i.e (zone.src eq VPN) and destination is any and report has generated from 17 April to 23rd April.When use query builder i.e (zone.src eq VPN) and (zone.dst eq LAN) it is showing whole month report i.e starting from 1st April to 30th April. RegardsKarthikey...

Dual ISPs, VRs, and BGP Configuration Advice

Hello! Not new to networking, but new to PA, so looking for some configuration advice. Have a PA-3220 and would like to add a second ISP connection for redundancy. If that was all then it seems pretty simple and I've found several KB articles on how to accomplish that. However I have a /24 and /27 block of public IPs that I also need to route...

GlobalProtect user always returns authentication failed

(T14508) 05/04/20 09:48:34:904 Info ( 474): msgtype = user_credential(T14508) 05/04/20 09:48:34:904 Debug(2642): ServerThread: ProcessServerUserCredential. Redirect to processServerPortal.(T14508) 05/04/20 09:48:34:904 Debug(1714): ----portal processing starts----(T14508) 05/04/20 09:48:34:904 Debug(1736): User profile type is 0(not roaming)(T14...

ACC tab "Applications using Non Standard Ports"

Hi PA Live Community, Still a newbie to the whole PA world but slowly getting there.When looking at the ACC tab of the GUI I can see there are entries for "Applications using Non Standard Ports" and also "Rules allowing Applications on Non Standard Ports" Screenshot attached below.Can someone explain why this is alerting as it is? I am using A...

Rule Screenshot.JPG
ACC Screenshot.JPG

Testing non-http mfa feature with GP

Hi there. Documentation is rather slim here. I've set ut MFA for web site access, and it works. When testing it for non-http, accessing a SSH server, it kills the SSH connects, but no 2FA challenge on my GP. What am I doing wrong? What's needed? I've done this: "Set Enable Inbound Authentication Prompts from MFA Gateways to Yes" https://www.pal...

gtomte by L3 Networker
  • 13851 Views
  • 11 replies
  • 0 Likes

Resolved! HA1 Backup Down - PA220 9.0.4

Hi All,I have followed the PA design for creating an HA Active/Passive pair of PA220s. I see however that HA1 Backup is showing red/down. Attached are the relevant sections and a High Level Topology of the HA setup. Any advice?If I reboot the active PA the Passive one does take over so not sure what issues this HA1 is causing if any.Also, the ma...

HA Screen 2.JPG
HA Screen 1.JPG
HA Screen.JPG
PA Topology.JPG

Resolved! SSL Decryption URL and App Filter

Hello everyone,I have to block some URLs and applications as per our company policies. Since we dont have a general rule from the inside zone to the outside (Internet), we are very restrictive in our access to the internet, and since there are some websites and applications that we need explicitly to block no matter what, what I did was create a...

joseglez by L1 Bithead
  • 4758 Views
  • 2 replies
  • 0 Likes

Firewall is limiting concurrent users for GlobalProtect

We are using PA-VM-300 and it should allow 2000 vpn users concurrently. Our global protect IP pool is configured for /23, so firewall should accommodate 500 users, as it is having enough IP available in the pool. For some reason, when the other firewall failed due to internet outage, the main firewall did not allow more than 260 connections. We ...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks