This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Dynamic ports to Static

Hi Team, I'm trying to configure the Dynamic ports (49152-655355) to static 37001 . We have destined server which is sending dynamic ports to establish the link and data exchange. what is best option to have this hardening.?

Resolved! Error during Commit operation

Hello, if you encounter this while performing a commit: Error: Certificate 'XXX' failed to load: parse tbs certificate dn failedError preparing global objectsfailed to handle CONFIG_UPDATE_START try these commands in the CLI: debug dataplane reset ssl-decrypt certificate-cachedebug dataplane reset ssl-decrypt session-cache i don't know why...

Resolved! Palo Alto Software Visio files

Hi all, I am looking for the Visio stencils for PAN Azure deployments. There was one floating around that contained all the Azure deployments etc which was really useful. I think it was for Cyberforce members only but I can't seem to find it. https://www.paloaltonetworks.com/company/press-kit I know of the above link but this only contains...

URLfiltering Response page for Override with redirect mode does not work

I created a loopback interface that has the Response Page management option enabled. I setup up the override action for social-networks category in the URL filtering profile and setup the Device->Setup->Content-ID on override with the IP loopback address. Block and Continue actions work properly with other categories, however Override acti...

How to get the full CA Issuer URL when it is truncated in the decryption log

Hi guys, I am checking the decryption logs, to repair the certificate chain as mentioned in the guide below:https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs/repair-incomplete-certificate-chainsThe issue is some cannot provide the full URL of the missing root CA/Issuer, for ...

EVE-NG Setup & VMWare installation for Palo Alto & Multi vendor devices

VMWare installation & EVE NG Setup step by step for Multi Vendors Devices As for every IP Network Engineer readiness of the simulator especially the multi-vendors environment, EVE-NG is a big headache. But honestly, this is very simple and only needs a few minutes to focus. Highly request that Please follow the exact steps that I will do b...

ReadTech_2-1687639601866.png
ReadTech_0-1687639211695.png
ReadTech_1-1687639345038.png
ReadTech by L1 Bithead
  • 31996 Views
  • 14 replies
  • 4 Likes

PanOS 11.1.5 (and others with the fix for CVE-2024-2550) still not preferred?

Might anyone know why 11.1.5 and 10.2.10-h10 (or anything newer) are still not marked as preferred 3 months after release? We're on 10.2.x now and likely would upgrade to 11.1.x, but I figured waiting for the patch for CVE-2024-2550 makes sense. CVE-2024-2550 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially...

ccvega by L1 Bithead
  • 1140 Views
  • 1 replies
  • 0 Likes

Resolved! Device Certificate fetch failure

Version : 10.1.6-h3 Issue/ Error log : Failed to fetch device certificate. Failed to send request to CSP server. Error: No OCSP response received(dest => 35.222.13.89) Tshoot : Generated OTP over support portal but no option for me to key in the OTP KB unable to resolve : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0...

VLim by L2 Linker
  • 51144 Views
  • 14 replies
  • 0 Likes

Two separate PA one the same ISP on both location

Hi, we have two PA fws around 1km in bettwen. They are connected with dark fiber so users on both side can see each other.One the same ISP on both side, and public IP address range of /28 addresses. We are using that public IP address for several services (each service has its own public IP) and want to configure both PA so when PA on primary ...

Resolved! Renewal of license

Dear team, I have four firewall devices whose licenses are expired. I am unable to get the vendor we bought the devices from. Could you please guide me to purchase new licenses directly from Palo alto. Regards, Lamin.

lnicol by L0 Member
  • 1504 Views
  • 2 replies
  • 0 Likes

Demo Lab Environments - No Longer Available

I was going to review some Panorama setting options in the demo environment and the demo environment is no longer available. Did Palo Alto decommission these labs and was there any communication about it? If so, can anyone provide the communication? Here are the labs sites I have tried to reach and they just timeout. https://us1.demo.paloaltonet...

Resolved! Clear SSL Certificate cache

Hi,We have a PA-500 and I can view the SSL certificates with: "debug dataplane show ssl-cert-cn"I was told that this is the list of SSL certificates that are stored in the cache.However I'd like to know how to clear this cacheThanks

List of domains to allow for in-flight WiFi

Hi all, I've been working with a number of customers lately who have been trying to gather a list of in-flight wifi domains that they need to allow as GlobalProtect Enforcer exceptions and I thought I'd share them here. I'd also ask that you please post any additional domains or use-cases that are missing and I'll be sure to update my list. No...

chmotley by L2 Linker
  • 44889 Views
  • 15 replies
  • 7 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks