This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

Failed active/passive HA Upgrade from 8.1.4-h2 to 9.0.3

Hello community - I have a case open with support, but I am looking to see if anyone else has an idea for me while they are looking at my tech support files. I attempted to upgrade an active/passive HA pair following the Palo Alto Doc. I upgraded the secondary from 8.1.4-h2 to 9.0.3 and rebooted. I am now at the step where I would suspend the pr...

Rename Panorama template and template stack

Hello, We have a few firewall clusters managed by Panorama and are looking to change the naming schema for templates and template stacks. Does anyone know if changing these would have any affect on firewall operations? We previously changed the zone naming of firewalls and saw that it had major affect on VPN tunnels terminating on that zone as i...

URL Filtering Whitelist

Hi, We have a case that 1 user would like to access URL (example a.com) that is currently blocked in existing URL filtering profile. We know we can allow this by 1. clone existing URL profile and add a.com into allow list or add it through custom URL.2. create firewall policy above existing rules to internet to allow this specific user id / IP a...

L1_ENG by L1 Bithead
  • 5769 Views
  • 4 replies
  • 0 Likes

Resolved! DNS sinkhole database view or test

We are finding that even domains configured as malware/c2 are not getting sinkholed. I'm aware from other posts, that these are not the same database on the firewall. Why are these not persistent? Why would you not flag on a DNS lookup that is out to resolve a malware/c2 domain - and NOT sinkhole it? Is the DNS database something that get...

Sec101 by L4 Transporter
  • 8012 Views
  • 4 replies
  • 0 Likes

DNS proxy

HelloIn one of my subnets I'm using google 8.8.8.8 as DNS server (received via DHCP).But only form one entry I want to provide my own FQDN and IP.Could I use DNS proxy feature for this ? (enable DNS proxy with primary DNS server 8.8.8.8 and add static entry with my FQDN and IP) Thank youKonrad

polak71 by L1 Bithead
  • 2162 Views
  • 1 replies
  • 0 Likes

NFS datastore change

Customer integrated NFS datastore with panorama to store logs. Now they are planning to change old NFS data store with new NFS data store, But their concern is they want old NFS datastore logs to be retained in new NFS datastore after migration and then new logs need to be logged to new NFS datastore. Please let me know if this is doable, I’m no...

SSL decryption troubleshooting

I am trying to get SSL Forward Proxy working properly, generally it seems to be OK but I have a site I have tested is for the bank hsbc that gives an error.. Certificate ErrorThere is an issue with the SSL certificate of the server you are trying to contact.Certificate Name:IP: 91.214.6.22Category: not-resolvedIssuer:Status: unknownReason: I h...

HA traffic through Cisco Switch

Hi Team ,Can we route HA traffic between two 3260 firewalls through cisco switch using L2 vlan. My requirement is to run firewalls in HA and devices will be in different buildings. Buildings are connected with dark fiber. As PAN dedicated HA ports are ethernet i have to use another converter or switch to make them communicate in HA ports. i did ...

Resolved! Panorama Dynamic updates

HelloI use Panorama to manage my firewalls, I configured Panorama for Dynamic updates (antivirus, Application & Threats) but, when I go to "Device Deployment / Dynamic updates", all versions are in middle of December 2019. When I "check now", I have no issue about an connection error but the new version of antivirus, App & Threats are no...

Resolved! Minemeld O365 doesn't have latest IPs

Seeing an issue using minemeld and O365 IPs and not having the same IPs that Microsoft is advertising that need to be allowed. Is there any easy way to confirm what is there and and what isn't via minemeld? I've been using for awhile but only now did I notice that some of the CIDRs aren't coming across via minemeld.

drewdown by L4 Transporter
  • 12344 Views
  • 10 replies
  • 0 Likes

Resolved! 64-bit User-ID Agent Software

Hi,The Installation instructions for the User-ID Agent software remind you to ensure you've downloaded the correct version of the software (32 or 64-bit).However I can't find the 64 bit version of 8.1.10 anywhere, only of the Credential Agent. Anyone know where it is?? I've tried installing the 32-bit version to Windows Server 2016 instead but t...

Anyone else notice these "Load Config Partial" syntax changes in PAN-OS 9.0?

Doing my first migration to PAN-OS 9.0. We've migrated the config using expedition, but when I try to use the load config partial commands I keep getting a "Invalid syntax." error Example on how it used to work- load config partial from MT-fixed.xml from-xpath /config/devices/entry/vsys/entry/tag to-xpath /config/devices/entry/vsys/entry/tag m...

VPN

Hi. who can help me this topic?Person A must configure vpn with person B. Person A must configure two vpn connection and all data flow to vpn 1 node but if vpn node1 goes down, aoutomatic all traffic must flow through with node 2.

URAN_725 by L1 Bithead
  • 2445 Views
  • 1 replies
  • 0 Likes

Free space in /dev/md2 partition

HelloWe have a Firewall PaloAlto with free space 509MB in partition /dev/md2, and 609MB in partition dev/md5, actually we need to upgrade the PanOS since 7.1.18 to 8.1.12, and there are 5 PANOS to upgrade, so the information is keep in /dev/md5 but before the installation We would like to know if the /dev/md2 root partition has little free space...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks