This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

Resolved! Minemeld Feed Password OR api security

Hi we have used minemeld for some monthes and i figured out that i want to tighten the security even more.The question that then arose was the posibility to generate an api key or an user based authentication for my output indicators I don't know or think it matters but we run minemeld in two datacenters with mirroring and global loadbalancing.T...

m1.PNG
m2.PNG
Kimwii by L1 Bithead
  • 35325 Views
  • 15 replies
  • 2 Likes

Next-Gen VM-Series and Panorama generates "Invalid Opcode" VSCSI messages on VMware 6.0

We had an issue on our ESXi server and in looking through the logs found a large number of "Invalid Opcode" log messages related to the Panorama VM and Next Gen FW VM trying to access features of the VSCSIFs made available by VMware 6.0. These do not appear to affect the performance of either product, but it does indicate a disconnect between Pa...

kielecm by L0 Member
  • 3854 Views
  • 2 replies
  • 0 Likes

URL Access Error

Hi all,I have setup MineMeld on a VM and it seems to be working correctly but, when I setup the EDL on a PAN firewall and test it, I get a "URL access error" message on the firewallI have generated CA from Palo alto and i have created a certificate signed by this CA (with CN same of minemeld's hostename).After that, I have uploaded the certifica...

clipboard_image_0.png

Resolved! *Urgent* Global Protect.

Hi Team, We require to download the Global protect VPN client updates on our repository. So that users can direct update their existing Global Protect Client VPN software when connected to LAN network.Is there any way of downloading these updated version files from the firewall & sharing it across.

Panorama Unresponsive

Our client has noticed their Panorama VM becomes occasionally unresponsive after upgrade from 8.1.3 to 9.0.6. Has anyone experienced this issue? Is there a known bug?

Source address of PBF Monitor heartbeat ICMPs

I have a Policy Based Forwarding related question. If we have a PBF rule, with Monitoring enabled, and the "disable this rule if next-hop/monitor ip is unreachable" also enabled. So Palo Alto sends ICMPs to the monitored IP address out of the egress interface defined on the same page. However, what is the source-ip of these ICMP requests? Is it ...

*URGENT* URL Filtering

Hi folks, Is there a way to block the entire sub-domains but to allow a particular sub-domain and its related subs ?? For Ex:Domain : *.cloudinary.com/* ( Which covers *.Cloudinary.com/blog/* , *.Cloudinary.com/about/* , *.Cloudinary.com/contact/* ) To block: ( *.Cloudinary.com/about/* , *.Cloudinary.com/contact/* )To Allow: *....

Resolved! Layer 2 Palo Alto to 802.1q subinterface on Cisco ISR

I am thinking to put a small pan between an Internet connected Cisco 4331 ISR and a Meraki switch. Will the PAN just pass all the tagged frames along and will the PAN be able to process the traffic from all those VLANs/tagged frames? Or would I need to configure VLANs on the PAN? [Cisco ISR 4331]-Int Gi0/0 0/0.1 0/0.2 0/0/3------[L2 PAN]-------...

Resolved! GlobalProtect gateway client configuration failed

Hello, We are using PAN-OS 8.0.0 and GP agent version 4.0.2 We cannot set any IP address for the Gateway. If we try then it auto changes to 'None'.The output from the show global-protect-gateway gateway command shows there are two gateways.But according to the WEB GUI, there is only one. show global-protect-gateway gateway GlobalProtect Gateway:...

GW.png
Systemlog.png
Farzana by L4 Transporter
  • 8139 Views
  • 2 replies
  • 0 Likes

Resolved! User Group Count Exceeds threshold

Recently upgraded to 8.0.9 from 7.1.x with mutiple devices from PA200 up to PA3050, Using UserIdAgent against an MS domain. managed via Panorama. Started getting notifications in thes system log along the lines of 'User Group count of 7492 exceededs threshold of 1000' In UserId -> GroupMapping I have an LDAP search filter that returns only th...

SimmSimm by L2 Linker
  • 21617 Views
  • 3 replies
  • 0 Likes

Dataplane Crash in Paloalto after firmware upgrade

Upgrade the Customer device from 7.1.25 to 8.1.12 and after the upgrade, we are facing issues with Dataplane Crash. Attached is the error message. Below bug matches the error. We have also tried to downgrade the Firmware to 8.1.10 and the issue still persists. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMSyCAO Devi...

Server monitoring Not Connected / User-ID Agentless

Hello, I have two Domain Controllers, one is shown as Connected and the other is Not Connected. -The 10.0.12.80 is a replica of 10.0.0.51.-The server 10.0.12.80 is reachable by the management interface. -When creating the LDAP Server Profile & adding in the Server List the address 10.0.12.80, the Base DN does auto populate when clicking the...

2019-05-15 11_09_46-Películas y TV.png
upatino by L1 Bithead
  • 7615 Views
  • 3 replies
  • 0 Likes

Resolved! How to set CLI output in Operational mode

Hi everyone,I'm working with different models of PaloAlto firewall (all of them have PANOS 😎 and I want to develop an automatic service on them to get the CLI output and parse it to get data I'm interested but, to do that as easy as possible, I want to know if is possible set the CLI output to XML or JSON format in Operational Mode (not Config...

Resolved! Packet Descriptor Atomic Size and Total Size what does number indicate??

Today we have routing issue that caused the Packet descriptor to go 100 and Caused the max CPU on 5220 to 100. sh running resource-monitor ingress-backlogs show few sessions using 42/% and 39%. atomic shows 81% total 99 I had to clear the sessions quickly to bring these numbers down.Then we fixed the routing. Need to know what does numbers atom...

MP18 by Cyber Elite
  • 6013 Views
  • 2 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks