This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4239 Views
  • 0 replies
  • 0 Likes

Resolved! Minimum supported GlobalProtect version and compatibility

Greetings all, This morning I moved our GlobalProtect from a 4.0.x release to 5.0.7. We're planning on a maintenance tonight to upgrade our firewalls to 9.0.6 and I noticed that there is a minimum supported GlobalProtect version of 4.1 for the 9.0 platform. If I upgrade the firewalls tonight and there are users who still have the older 4.0.x Glo...

jsalmans by L4 Transporter
  • 3618 Views
  • 1 replies
  • 0 Likes

XFF Value 1.1.1.1 when "Strip X-Forwarded-For Header" enabled

Hello, Looking for some help if possible? Trying to set up XFF (PA-3250, 8.1.12), I have tried to set it up following this tutorial:https://live.paloaltonetworks.com/t5/General-Topics/Configuring-XFF-logging-without-a-URL-Filtering-License/td-p/239987 The only part I have not configured is pushing the URL logs to the syslog server.The problem is...

remove disk fromPAN 3220

I need the process of how to remove the hard drive from a PAN 3220 since I cannot enter maintenance mode and before doing the RMA for the firewall, I must clean the disk

Panorama: config output on CLI

Hi,I would like to backup and restore a panorama like I can with the firewall, on the firewall i set "set cli op-command-xml-output on" and get the config via the console, then bootstrap the firewall to restore the config...now i am wondering how I can do the same with panorama...it seems that i can neither set operational output to xml, nor res...

CLIq by L3 Networker
  • 12807 Views
  • 11 replies
  • 1 Likes

Resolved! PA-220 Strange IP Spoofing Behaviour

Hi,My colleague and myself are complete Palo newbies so apologies as this is probably covered elsewhere but I don't know what to search for as I've never seen a firewall do this. We bought a PA-220 for evaluation intending to possibly move away from Cisco.My colleague configured it in a basic way and the box has completely disrupted the test su...

Resolved! Navigation Permits Expire - AD Groups

I recently implemented a policy that allows certain users who belong to a group in my Active Directory to go online. It seems to work well but after a while users report not being able to browse even if the LAN connection is maintained. The funny thing is that if you reboot the PC or simply block and unblock using the AD account the permissions ...

Resolved! Connecting FW on PAN-OS 9.0.1 to Cortex Data Lake (logging Services)

I've sucesfully connected FW 8.1.x to Data lake but am having issues connecting one on 9.0.1. Both are managed by the same Panorama (PAN-OS 9.0.1). The difference is that on non-working one I have disabled Panorma Policy and Objects. But logging service setting is under template setting anyway. License seems to be ok. First error says "No cer...

santonic by L6 Presenter
  • 34462 Views
  • 3 replies
  • 1 Likes

Resolved! PANOS 9.0 DDNS PPPoE

Hi. Can anyone tell me if they have had any sucess using the DDNS feature in PAN OS v 9.0 when using a PPPoE connection.The only option I have is DHCP and this throws an error when commiting the rule base to the firewall, looking at the runtime stats there is no ip information. /M

Marc_T by L2 Linker
  • 9632 Views
  • 6 replies
  • 0 Likes

sensitive information in PA 3200

I have a firewall PA 3220 to send by RMA to Palo ALto , but first, the client wants to make sure that he has no sensitive information inside, can someone tell me if this is the case or what should be done for the return of the equipment without exposing sensitive customer information?

Help needed with pruning ikemgr.log outputs to show only interesting traffic log entries

On Palo Alto CLI the only way I know of to see the logs of VPN tunnel Phase I errors etc is this command from inside the vsys via CLI where the VPN tunnel is built: less mp-log ikemgr.log 1) Are there commands for CLI where I can show just outputs for ONLY certain tunnel information that I'm seeking from the above log command? I've tried stuff ...

Can PAN-OS 9.0 prevent user upload file size?

I want to limit the file size user can upload,for example prevent user from upload file larger than 100MB ,Less than 100MB can upload. Tried but failed.https://live.paloaltonetworks.com/t5/Management-Articles/Limiting-File-Size-Upload-using-Custom-Signature/ta-p/69156 Not sure if it is a version issue, currently it is PAN OS 9.0 and perform encr...

Houran by L0 Member
  • 3027 Views
  • 2 replies
  • 0 Likes

tunnel monitor with VPN tunnel in passive mode

Hello community, Do you think if having tunnel monitor for an IPSec tunnel in passive mode makes any benefit? When tunnel monitor detects tunnel down, the firewall would attempt to accelerate the recovery by negotiating new IPSec keys. If firewall in passive node it wouldn´t be able to initiate the negotiations from its side in order to reestabl...

Carracido by L4 Transporter
  • 7300 Views
  • 4 replies
  • 0 Likes

Traffic over IPSEC slower than usual

Hello, Recently we have been facing issues where traffic over IPSEC tunnel towards AWS is very slow. when downloading a file ( over SCP) getting less than 100KB/s from a resource in AWS over ipsec tunnel. Didn't had this issues for months but it started recently. Phase1 and 2 are established. Tunnel interface MTUs are also same. Any idea where ...

  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks