This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4253 Views
  • 0 replies
  • 0 Likes

Ikev2 site to site VPN between Arista ETM and Palo Alto

Hello Mams and Sirs, I need your advice here. I have configured an ikev2 policy based site to site VPN between our Palo Alto and client Arista ETM. I manage the Palo Alto. The status of the VPN shows up. But, communication between the subnets(local and remote) stop abruptly until, I generate some traffic by pinging each of their VLANs/subn...

msdphi by L2 Linker
  • 1450 Views
  • 4 replies
  • 0 Likes

Unable to download updates

When I download the Palo Alto upgrade software(11.1.4-h1),the following error message is displayed: "Failed to download due to Empty file returned by update server." I have click “check now” and Synchronize to the peer

Scanning for Misconfigured Endpoints in Cortex XDR

Hello good day, I wanted to inquire if there is any built-in functionality or available option within Cortex XDR that allows for scanning and identifying misconfigured endpoints. Additionally, is there a specific query or set of queries that can be used to detect endpoints with misconfigurations within the Cortex XDR environment? Our primary...

Disable TLS 1.0 and 1.1 and also weak cipher

How to disable TLS version 1.0 and 1.1, also to disable weak cipher for WildFire Configure Authentication with Custom Certificates on the WildFire Appliance I went through this KB it shows how to disable the 1.0 and 1.1 but how to disable weak cipher in wildfire

In Wildfire how do we disable weak TLS ciphers?

Nessus scanning is picking up TCP/443 TLS v1.0 and v1.1 on our WildFire (WF-500) appliances. Is there a way to turn off TLS v1.0 and v1.1 on the WildFire ? Below is the Nessus scanner notification.--------------------------------------------------------------------------------Policy Violation 443/tcp Nessus ID: 56984-------------------------...

Resolved! Request for Upgrade Advice on Palo Alto Firewall PA-1410

Dear Palo alto network Team,I hope this message finds you well.We are currently running a Palo Alto Firewall PA-1410 with software version 11.2.3 and are planning to upgrade to a newer version. After checking the available software versions, we have attached the relevant file for your reference.Could you kindly advise us on the most suitable ver...

Software list.PNG
Ploalto_Version.png

preferred PAN-OS software versions table

HI, dear PaloAlto team, Why has the preferred PAN-OS software version table been changed? The previous view was much better, because it allowed to select the preferred software version and schedule changes....Now there is only one preferred version and no information about new, monitored realases. GreetingsJacek

Google-base app, what its cpable of in escense of google apps.

Hi Team, Recently, I had to allow an internally developed android and IOS for users that are allowed and not allowed to access internet. this app "externally hosted internally developed" role is consisting of destination IPs and web-browsing app. For the android side, it didnt work untill I allowed the Google-base app in a separate "...

Resolved! Geo Location A1 disapeared

We've been using source region A1 (anonymous IPs) as source in a block rule for over an year. Today, while validating an unrelated change, we came across a validation error stating "Source 'A1' is not an allowed keyword." Panorala and Firewalls are all running PAN-OS, its running 11.1.4-h7 and we have not updated it recently. I must assume a ne...

Dynamic ports to Static

Hi Team, I'm trying to configure the Dynamic ports (49152-655355) to static 37001 . We have destined server which is sending dynamic ports to establish the link and data exchange. what is best option to have this hardening.?

Resolved! Error during Commit operation

Hello, if you encounter this while performing a commit: Error: Certificate 'XXX' failed to load: parse tbs certificate dn failedError preparing global objectsfailed to handle CONFIG_UPDATE_START try these commands in the CLI: debug dataplane reset ssl-decrypt certificate-cachedebug dataplane reset ssl-decrypt session-cache i don't know why...

Resolved! Palo Alto Software Visio files

Hi all, I am looking for the Visio stencils for PAN Azure deployments. There was one floating around that contained all the Azure deployments etc which was really useful. I think it was for Cyberforce members only but I can't seem to find it. https://www.paloaltonetworks.com/company/press-kit I know of the above link but this only contains...

URLfiltering Response page for Override with redirect mode does not work

I created a loopback interface that has the Response Page management option enabled. I setup up the override action for social-networks category in the URL filtering profile and setup the Device->Setup->Content-ID on override with the IP loopback address. Block and Continue actions work properly with other categories, however Override acti...

How to get the full CA Issuer URL when it is truncated in the decryption log

Hi guys, I am checking the decryption logs, to repair the certificate chain as mentioned in the guide below:https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs/repair-incomplete-certificate-chainsThe issue is some cannot provide the full URL of the missing root CA/Issuer, for ...

EVE-NG Setup & VMWare installation for Palo Alto & Multi vendor devices

VMWare installation & EVE NG Setup step by step for Multi Vendors Devices As for every IP Network Engineer readiness of the simulator especially the multi-vendors environment, EVE-NG is a big headache. But honestly, this is very simple and only needs a few minutes to focus. Highly request that Please follow the exact steps that I will do b...

ReadTech_2-1687639601866.png
ReadTech_0-1687639211695.png
ReadTech_1-1687639345038.png
ReadTech by L1 Bithead
  • 32895 Views
  • 14 replies
  • 4 Likes
  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks