This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

IKE gateway is not allowed

Hi all, I've just installed a PA 3220 and there're dynamics VPNs tunnel. IKEs are up. However, phase 2 (tunnel) aren't coming up. Looking at the logs I see the following logs for all VPNs ."initiate negotiation to dynamic peer from IKE gateway is not allowed" My outside interface is allowing IKE and IPSec, I don't see packets being dropped.

WRibeiro by L1 Bithead
  • 7623 Views
  • 5 replies
  • 0 Likes

Policy Based Forwarding PBF based on destination country or self defined region?

Can this be accomplished without something like a Performance Routing service or hybrid WAN systems a couple companies offer? Is it a roadmap feature of PAN-OS PBF? PBF seems to be one of few things that do NOT support Regions.I'd like to PBF my connections to Country A through a different path than directly out my Country B firewall to achieve ...

bspilde by L4 Transporter
  • 6861 Views
  • 4 replies
  • 0 Likes

Monitor > Logs > Traffic - App-ID 'ping' not logging from endpoints.

Good day everyone and thank you in advance. Just to be sure I'm not losing my mind entirely - I thought I'd post up here and see if any veterans have any ideas. I was troubleshooting something earlier today with a re-IP on some printers traversing the PA's up to our Data Center behind ASA's. All was well with traversal, and the ASA's were gat...

MineMeld engine showing failed to start?

Hey guys, just attempted to setup minemeld . when we login to minemeld, i noticed that it is showing that minemeld engine has failed to started. attempted to restart engine but it does not seems to have any difference in results. we did harden the server according to CIS ubuntu standard so i'm not sure if that could be causing any issue. attac...

Resolved! Issue with config backup

PANOS 8.1.9 When we are doing the config backup we do not see all the config is getting backed up – for example, the firewall rules, NAT and port forwarding rules are not seen in the backup – Apparently a very fraction of the configuration is saved. Can you please suggest how to fix this?

"OSPF-neighbor-down"- software bug??

I'm currently running 8.1.10 on PA-820 firewalls. They are in A/P failover pair. Last night, all of a sudden primary firewall started showing "( eventid eq routed-OSPF-neighbor-down )" in system logs and OSPF went down. I failed over to secondary and connections were restored. These 2 firewalls are connected to 2 switchports which are both part ...

Resolved! Panorama and VMs in Google Cloud (GCP) : VM information sources

Hi Everyone, I am testing 8.x and 9.x VM series NGFW in Google Cloud Platform and I am testing integration into Google SDN fabric.I successfully created a VM information source feed and some Dynamic address Groups using GCP fabric filters (network tags, hostname, etc) I noticed that the information retrieved from the fabric is only related to th...

Resolved! Use destination networks even with App-ID specified?

I've been creating security rules to allow Traps Management (with the traps-management-service App-ID) pretty tightly by also defining destination networks (using FQDN objects for the multiple <tenant>.traps.paloaltonetworks.com and common contentprod and distributions hosts). According to the documentation on https://docs.paloaltonetworks...

GlobalProtect client not consistent

I am building out a test environment using GP as always-on/prelogon. The issue that I am seeing is that one test user, this seems to work fine and another test user it does not. Both users are running the same PC type and same Windows 10 updates into the same AD environment for in office authentication. Current GP version 4.1.12 (I am trying to ...

High CPU on fresh minemeld ansible install

Hello, I just installed minemeld on Ubuntu 18.04 (with a few tweaks from here) and the setup was working. But now I have a VM that consumes 2 full CPUs since about 30 minutes. When I try to login to the admin web interface I get after a few seconds the message "error checking credentials - timeout" in the right top corner and nothing happens. Is...

Deas.h by L1 Bithead
  • 5339 Views
  • 7 replies
  • 0 Likes

URL filtering

Hi All,Hope all doing good.When i access one of internet website PA categorize as ssl/443-allowed and one of the user accessing the same website PA categorize it as web browsing/80 and is blocked/Threat.Why is it behaving this way? Is this issue with website or from source side.Can someone please explain?Traffic log- 443/ssl allowed and 80/web b...

Nizmytom by L0 Member
  • 3850 Views
  • 4 replies
  • 0 Likes

Delay in SSH

Iam facing delay issue of 10-20 seconds occurs between the time the username is input and a password prompt.

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks