This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

How to drop or reject an OSPF route in PA 3000 series if it receives a route from another vendor FW

In the data center end, the Cisco ASA firewall is advertising the OSPF route and at the perimeter end Palo alto receives the route, and PA will be forward that route toward Internet communication. Expectation, if any, specific route received by Palo alto, it should be rejected or drop on Palo alto itself. Should not forward to any next hop. How ...

Resolved! Logging Discarded Traffic

Hello,I had recently had an issue where I had to move a syslog server behind a cluster of PA-5250.This syslog server receives logs from different equipements (~ 100GBytes per day) so there is an enormous amount of udp syslog events received by this server.When the server was behind this cluster, I was not receiving any logs. After some troublesh...

Nico-UBX by L0 Member
  • 3855 Views
  • 2 replies
  • 0 Likes

Resolved! How to see all the set commands for an IPsec tunnel?

I need to get the display set of all the commands for an IPsec tunnel, like I'd do with a Juniper SRX, but get no return whenever I try to see the commands set for the tunnel. Seems like the tunnel hasn't even been configured, but it shows under ike sa and ipsec sa. I'm sure that's because I'm new to PA. I just need to duplicate a tunnel and eve...

Raydar by L0 Member
  • 5222 Views
  • 1 replies
  • 0 Likes

WebEx prototype

I'm trying to create a custom prototype to get the CIDRs from https://help.webex.com/en-us/WBX000028782/Network-Requirements-for-Webex-Teams-Services#Spark%20IP%20subnets%20for%20media/ I used the examples in https://live.paloaltonetworks.com/t5/MineMeld-Articles/MineMeld-to-Extract-Indicators-From-generic-API/ta-p/218757 and I'm using the ...

alterioc by L2 Linker
  • 3379 Views
  • 1 replies
  • 0 Likes

Global Protect Client Error "Failed to get default route entry"

Hi, Has anyone seen this error before? I have a user who is using SSL VPN to the Palo Alto. Upon downloading the client, the initial connection works. However, subsequent connections displays an error on the client "Failed to get default route entry". The logs on the Palo Alto Firewall don't suggest an issue an indicate the user is conne...

MHaran by L1 Bithead
  • 30100 Views
  • 7 replies
  • 0 Likes

PA-5050 (8.1.11) 100% Dataplane CPU (DP1)

Hi everybody, We got two Palo Alto 5050's running in an active-passive configuration. We run three separate vsys. During working hours we see our dataplane exceed the 80% cpu util. Our dataplane DP0 shows a load of around 40% but our DP1 is maxing out to 100%. We tried disabling all logging and next gen funcionality but it's still maxing out to ...

Resolved! Error Setting up IKE Gateway: ID type and value must be specified

I'm very new to PAN equipment and am trying to get a site-to-site VPN setup on a PA-820 running 8.0.2 but am running into a pair of similar errors when trying to configure the IKE gateway. The following commands: set network ike gateway XY1-Z1 peer-id type ipaddr set network ike gateway XY1-Z1 peer-id id 11.22.33.44 Both result in the same er...

Cisco ASA to Palo Alto

Hi Team, we recently migrated from cisco ASA to Palo Alto 3220, where for one of the policy in cisco ASA has " access-list inside-egress extended permit ip any any", And this access-list is attached to the access-group to the interface "inside". as you can see below."access-group inside-egress out interface inside"as per my understanding from ci...

policies

I have created two policies with the same zones the first rule I have added any source and any destination profile alerts.the second rule I have added any source and any destination profile outbound GroupIn Monitor logs, I seem the traffic is not hitting the first rule but it's redirecting the second rule

MINEMELD-WEB FATAL

Hi all,I have installed minemeld on REH 7.7. When i check the status i read this: # sudo -u minemeld /opt/minemeld/engine/current/bin/supervisorctl -c /opt/minemeld/supervisor/config/supervisord.conf status minemeld-engine RUNNING pid 3022, uptime 0:08:33 minemeld-supervisord-listener RUNNING pid 3021, uptime 0:08:33 min...

Resolved! Difference between the dev/sda2 and dev/md2

Dear Team,When we run the command > show system disk-space.1 - Then some times firewall show dev/sda2 and dev/md2 what is the difference between these two files. I have gone through some documents but couldn't find any answer.2 - I have checked this document for clear space (How and When To Clear Disk Space on a Palo Alto Networks Device)htt...

Problems with drive with offline files via GlobalProtect VPN

I'm running Windows 10 Enterprise verison 1709, GlobalProtect 4.0.6-7, and Windows domain. I have files on a network drive (J:) that I've made available offline. When I connect to my network via VPN, I can't find a way that will allow me to access the files on J: that are not available to me offline. Since I connect to the VPN after I've logg...

GlobalProtect VPN gives error until I repair client. Why?

Hello,After covid, we started to work from home. But my problem is, I have to repair client whenever I restart my computer. Otherwise, It stucks in this screen until I repair it. Log says, "(T2668) 04/05/20 15:07:07:396 Debug( 268): CPanSocket::onConnect - return error code = 10049."Honestly, I have no idea what problem is.

Screenshot_1.jpg
Untitled.png

Resolved! Public Ip config with ISP router

Hi,we have a palo alto connected to ISP managed router for lease line connectivity, wherein we have 2 public ip rangesx.x.154.x and x.x.39.xour side i create subinterface and added one ip 154.78 and 39.201, and on the ISP side they configured only 39.X and allowed IPs from both these ranges.Now if i try ping to any ip from 39.X range am able to ...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks