This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4454 Views
  • 0 replies
  • 0 Likes

Resolved! GP client asks to downgrade

Hello, We have PAN OS 8.0.3 with the GP client version 4.0.2 deployed to our clients. This works fine. I've downloaded GP version 4.1.0 on my machine and when I connect it asks me to downgrade to an older version. We haven't uploaded any GP client to the PAN itself. We want to deploy the new version to the users but we don't want them to see thi...

1.png
Farzana by L4 Transporter
  • 19550 Views
  • 6 replies
  • 0 Likes

Resolved! Panorama Logging Behind

Hi all, The issue that I am having is that all my firewall logs in Panorama are behind in time. I have tried multiple KB articles and support basically went through all the KB articles I found such as restarting the management service, stopping and starting the logging service, and even rebooted our Panorama. After rebooting our Panorama I sta...

How to drop or reject an OSPF route in PA 3000 series if it receives a route from another vendor FW

In the data center end, the Cisco ASA firewall is advertising the OSPF route and at the perimeter end Palo alto receives the route, and PA will be forward that route toward Internet communication. Expectation, if any, specific route received by Palo alto, it should be rejected or drop on Palo alto itself. Should not forward to any next hop. How ...

Resolved! Logging Discarded Traffic

Hello,I had recently had an issue where I had to move a syslog server behind a cluster of PA-5250.This syslog server receives logs from different equipements (~ 100GBytes per day) so there is an enormous amount of udp syslog events received by this server.When the server was behind this cluster, I was not receiving any logs. After some troublesh...

Nico-UBX by L0 Member
  • 3939 Views
  • 2 replies
  • 0 Likes

Resolved! How to see all the set commands for an IPsec tunnel?

I need to get the display set of all the commands for an IPsec tunnel, like I'd do with a Juniper SRX, but get no return whenever I try to see the commands set for the tunnel. Seems like the tunnel hasn't even been configured, but it shows under ike sa and ipsec sa. I'm sure that's because I'm new to PA. I just need to duplicate a tunnel and eve...

Raydar by L0 Member
  • 5484 Views
  • 1 replies
  • 0 Likes

WebEx prototype

I'm trying to create a custom prototype to get the CIDRs from https://help.webex.com/en-us/WBX000028782/Network-Requirements-for-Webex-Teams-Services#Spark%20IP%20subnets%20for%20media/ I used the examples in https://live.paloaltonetworks.com/t5/MineMeld-Articles/MineMeld-to-Extract-Indicators-From-generic-API/ta-p/218757 and I'm using the ...

alterioc by L2 Linker
  • 3430 Views
  • 1 replies
  • 0 Likes

Global Protect Client Error "Failed to get default route entry"

Hi, Has anyone seen this error before? I have a user who is using SSL VPN to the Palo Alto. Upon downloading the client, the initial connection works. However, subsequent connections displays an error on the client "Failed to get default route entry". The logs on the Palo Alto Firewall don't suggest an issue an indicate the user is conne...

MHaran by L1 Bithead
  • 30375 Views
  • 7 replies
  • 0 Likes

PA-5050 (8.1.11) 100% Dataplane CPU (DP1)

Hi everybody, We got two Palo Alto 5050's running in an active-passive configuration. We run three separate vsys. During working hours we see our dataplane exceed the 80% cpu util. Our dataplane DP0 shows a load of around 40% but our DP1 is maxing out to 100%. We tried disabling all logging and next gen funcionality but it's still maxing out to ...

Resolved! Error Setting up IKE Gateway: ID type and value must be specified

I'm very new to PAN equipment and am trying to get a site-to-site VPN setup on a PA-820 running 8.0.2 but am running into a pair of similar errors when trying to configure the IKE gateway. The following commands: set network ike gateway XY1-Z1 peer-id type ipaddr set network ike gateway XY1-Z1 peer-id id 11.22.33.44 Both result in the same er...

Cisco ASA to Palo Alto

Hi Team, we recently migrated from cisco ASA to Palo Alto 3220, where for one of the policy in cisco ASA has " access-list inside-egress extended permit ip any any", And this access-list is attached to the access-group to the interface "inside". as you can see below."access-group inside-egress out interface inside"as per my understanding from ci...

policies

I have created two policies with the same zones the first rule I have added any source and any destination profile alerts.the second rule I have added any source and any destination profile outbound GroupIn Monitor logs, I seem the traffic is not hitting the first rule but it's redirecting the second rule

MINEMELD-WEB FATAL

Hi all,I have installed minemeld on REH 7.7. When i check the status i read this: # sudo -u minemeld /opt/minemeld/engine/current/bin/supervisorctl -c /opt/minemeld/supervisor/config/supervisord.conf status minemeld-engine RUNNING pid 3022, uptime 0:08:33 minemeld-supervisord-listener RUNNING pid 3021, uptime 0:08:33 min...

Resolved! Difference between the dev/sda2 and dev/md2

Dear Team,When we run the command > show system disk-space.1 - Then some times firewall show dev/sda2 and dev/md2 what is the difference between these two files. I have gone through some documents but couldn't find any answer.2 - I have checked this document for clear space (How and When To Clear Disk Space on a Palo Alto Networks Device)htt...

Problems with drive with offline files via GlobalProtect VPN

I'm running Windows 10 Enterprise verison 1709, GlobalProtect 4.0.6-7, and Windows domain. I have files on a network drive (J:) that I've made available offline. When I connect to my network via VPN, I can't find a way that will allow me to access the files on J: that are not available to me offline. Since I connect to the VPN after I've logg...

  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks