This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Traffic over IPSEC slower than usual

Hello, Recently we have been facing issues where traffic over IPSEC tunnel towards AWS is very slow. when downloading a file ( over SCP) getting less than 100KB/s from a resource in AWS over ipsec tunnel. Didn't had this issues for months but it started recently. Phase1 and 2 are established. Tunnel interface MTUs are also same. Any idea where ...

Why can't I connect to Palo Alto Firewall VM on Debian?

So I am trying to setup a connection on my Debian host to a Palo Alto Firewall VM on VirtualBox.I have four adapters: one host-only, one bridged, and two internal. I am trying to connect to the host-only adapter through my host OS's FF browser.All I am getting right now when I change my IP to same management subnet and try to connect with HTTPS ...

P2P2 links to be connected on PA220

Hello, I have 2 pairs of palo alto, one pair at one site and the second is at another site, I got 2 p2p links between these two locations, I want to configure those links in faliover between these locations. How can I do this.

Resolved! Override Template sub-interface in a Stack

I am creating a template interface with several subinterfaces. IP is handled by a variable. What I am attempting to do is to override the template setting so I can add the zone in the Stack and not in the Template. This way I can create a global zone template that can be used on my stack interfaces. Here is the problem. When I override a su...

template.PNG
stackBefore.PNG
stackAfter.PNG

*URGENT* Captive Portal Authentication.

Hi team, Query about Captive portal Authentication. One of our customer enabled the CP auth but they needs to allow particular URL's without CP auth redirect even for unknown users. How to achieve this ? also please share the KB articles which is related to my query.

Resolved! URGENT: Custom Application issue.

Hi peeps, I have created a custom application for a particular TCP port and added that particular application in to my security policy, but traffic gets hit to deny policy. It works only when i do App override but it is not recommended to do app override. Is there any way to achieve it without App-Override or its mandatory to create a App-Overri...

Resolved! Palo Alto blocks outbond cisco any connect traffic

Hi , i a new to Palo alto world. one of my user is trying to connect a VPN connection using anyconnect, but it not working when traffic is passing from palo alto, but when i access it from open internet it is working fine. Prompt response will be highly appreciated.

SachinA by L0 Member
  • 6906 Views
  • 3 replies
  • 0 Likes

Firewall not Import to Panorama

Multiple Firewall are configure on Panorama. All the devices are successfully uploaded to Panorama. Now,I am making all the changes through Panorama to firewalls – which are being pushed to the firewall. But for one firewall,If made few changes to the firewall locally – these changes cannot be pushed to Panorama. Rather, we can import firewall’s...

Resolved! LACP not active, negotiation failed. One member is not happy

Hi All, PA-3060, PAN-OS 7.1.17 Please see below: LACP:**********************************************************************************AE group: ae1Members: Bndl Rx state Mux state Sel stateethernet1/17 yes Current Tx_Rx Selectedethernet1/18 no Current Attached SelectedStatus: EnabledMode: ActiveRate: FastMax-port: 2Fast-failover: DisabledPre-...

ddd.JPG
myky by L3 Networker
  • 12850 Views
  • 3 replies
  • 0 Likes

DNS Application uses more DP CPU utilization

Hi, We are facing issue with DNS Application, it uses more DP CPU Utilization 60 to 70%.We have done DNS Application override but no luck. Please find the DNS Session details below. Mem-Pool-Type MaxSz(KB) Threshold MinSz(KB) CurSz(B) Cur.Alloc Total-Alloc Fail-Thresh Fail-Nomem Local-Reuse(cache)dns 2048 80023 1024 830152 10012 279410 0 0 23472...

Clear text traffic to DLP

What do you guys do to send clear text or SSL decrypted traffic over to a nDLP for further action? In my case, the nDLP only support ICAP in order for it to accept traffic from its peering devices. Since PAN doesn't support ICAP at all and I am in search of an alternate solution. Thx!

rKarki by L1 Bithead
  • 2742 Views
  • 1 replies
  • 0 Likes

Resolved! cannot find matching phase-2 tunnel for received proxy ID

We have a site to site VPN setup that was allowing one IP. On the ipsec tunnel sec proxy-id allow local (10.1.2.1/32) which was working just fine.We had to recently allow two more IP's 10.1.2.20 and 10.1.2.75. I Changed the ipsec tunnel sec proxy-id local to 10.1.2.0/32 to allow a range. When we made this change the VPN is enabled, but we are ...

bino150 by Not applicable
  • 35687 Views
  • 7 replies
  • 1 Likes

Fighting the cli ... sigh - how to import a cert via the cli

Hi So, silly me I manage my cert in panorama, so when my int CA for my management ports came up for renewal, i renewed, and pushed out to all the devices ... except for my panorama 😞now I have cli access only.I have found the location configurepanorama certificate but when it comes time to add my multiline public key ... it will not take multil...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks