This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4314 Views
  • 0 replies
  • 0 Likes

Source address of PBF Monitor heartbeat ICMPs

I have a Policy Based Forwarding related question. If we have a PBF rule, with Monitoring enabled, and the "disable this rule if next-hop/monitor ip is unreachable" also enabled. So Palo Alto sends ICMPs to the monitored IP address out of the egress interface defined on the same page. However, what is the source-ip of these ICMP requests? Is it ...

*URGENT* URL Filtering

Hi folks, Is there a way to block the entire sub-domains but to allow a particular sub-domain and its related subs ?? For Ex:Domain : *.cloudinary.com/* ( Which covers *.Cloudinary.com/blog/* , *.Cloudinary.com/about/* , *.Cloudinary.com/contact/* ) To block: ( *.Cloudinary.com/about/* , *.Cloudinary.com/contact/* )To Allow: *....

Resolved! Layer 2 Palo Alto to 802.1q subinterface on Cisco ISR

I am thinking to put a small pan between an Internet connected Cisco 4331 ISR and a Meraki switch. Will the PAN just pass all the tagged frames along and will the PAN be able to process the traffic from all those VLANs/tagged frames? Or would I need to configure VLANs on the PAN? [Cisco ISR 4331]-Int Gi0/0 0/0.1 0/0.2 0/0/3------[L2 PAN]-------...

Resolved! GlobalProtect gateway client configuration failed

Hello, We are using PAN-OS 8.0.0 and GP agent version 4.0.2 We cannot set any IP address for the Gateway. If we try then it auto changes to 'None'.The output from the show global-protect-gateway gateway command shows there are two gateways.But according to the WEB GUI, there is only one. show global-protect-gateway gateway GlobalProtect Gateway:...

GW.png
Systemlog.png
Farzana by L4 Transporter
  • 8163 Views
  • 2 replies
  • 0 Likes

Resolved! User Group Count Exceeds threshold

Recently upgraded to 8.0.9 from 7.1.x with mutiple devices from PA200 up to PA3050, Using UserIdAgent against an MS domain. managed via Panorama. Started getting notifications in thes system log along the lines of 'User Group count of 7492 exceededs threshold of 1000' In UserId -> GroupMapping I have an LDAP search filter that returns only th...

SimmSimm by L2 Linker
  • 21666 Views
  • 3 replies
  • 0 Likes

Dataplane Crash in Paloalto after firmware upgrade

Upgrade the Customer device from 7.1.25 to 8.1.12 and after the upgrade, we are facing issues with Dataplane Crash. Attached is the error message. Below bug matches the error. We have also tried to downgrade the Firmware to 8.1.10 and the issue still persists. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMSyCAO Devi...

Server monitoring Not Connected / User-ID Agentless

Hello, I have two Domain Controllers, one is shown as Connected and the other is Not Connected. -The 10.0.12.80 is a replica of 10.0.0.51.-The server 10.0.12.80 is reachable by the management interface. -When creating the LDAP Server Profile & adding in the Server List the address 10.0.12.80, the Base DN does auto populate when clicking the...

2019-05-15 11_09_46-Películas y TV.png
upatino by L1 Bithead
  • 7660 Views
  • 3 replies
  • 0 Likes

Resolved! How to set CLI output in Operational mode

Hi everyone,I'm working with different models of PaloAlto firewall (all of them have PANOS 😎 and I want to develop an automatic service on them to get the CLI output and parse it to get data I'm interested but, to do that as easy as possible, I want to know if is possible set the CLI output to XML or JSON format in Operational Mode (not Config...

Resolved! Packet Descriptor Atomic Size and Total Size what does number indicate??

Today we have routing issue that caused the Packet descriptor to go 100 and Caused the max CPU on 5220 to 100. sh running resource-monitor ingress-backlogs show few sessions using 42/% and 39%. atomic shows 81% total 99 I had to clear the sessions quickly to bring these numbers down.Then we fixed the routing. Need to know what does numbers atom...

MP18 by Cyber Elite
  • 6041 Views
  • 2 replies
  • 0 Likes

Resolved! 'unknown ikev2 peer - Azure

Hi, I have several Azure sites with an active-active gateway and 2 different ip.I have a Palo Alto pa-820 with 8.1.12 firmware, 2 interfaces with 2 different communication providers and different public ip.What makes a tunnel ikev2, bgp and peers.Scheme:pa-820-Supplier1-IP1---- IP1-AzureGW1pa-820-Supplier2-IP2----IP2-AzureGW1 In Azure I have con...

Zero-trust region policies

We are testing out using a Zero-trust policy to block traffic to and from all regions but a few known good or needed regions. I am running into issues with Microsoft, AWS websites and services that roll to different data centers and IPs around the globe. Does anyone have any suggestions to allow traffic to these sites and services without having...

drischar by L0 Member
  • 2072 Views
  • 1 replies
  • 0 Likes

Resolved! Global protect Compatibility Check

We are planning to go with the Preferred GP version 5.0.7. As currently the users don’t have the privilege to upgrade to this version on their laptop, is it ok to first install the GP on client systems through Active Directory Group Policy and then upgrade the GP on the firewall to 5.0.7? On the firewall it’s currently 5.0.4 and this firewall is...

Certificate

Hello All. I set up the directory service for the first time yesterday. Everything works, but I noticed the certificate I have to create is only valid for a few months. Do i have to renew it in the future?https://4kpornindex.com/

  • 24365 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks