This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

Adding sub interface to existing interface

We are currently using our 3260 firewall to handle BGP to our MPLS router.the connection is trunked through our core switch, Native 200, allowed 200 & 255 (mgt & bgp respectively)Router 1:G0/1 10.200.254.3 (mgt)G0/1.255 10.255.255.129/30Firewall:E4 10.255.255.130/30 Untagged We are adding a second MPLS router for redundancy, Router 2: G...

Resolved! Disable Server Response Inspection for our SMTP server?

We are having horrible delays with email taking up to 30 minutes to be delivered. Our email servers send mail to a 3rd party email security provider. So, I disabled DSRI from our SMTP server to their SMTP server. Email speed was back to being delivered in seconds. I wanted to have someone else confirm that my thinking is correct on this that it ...

abrrymn by L0 Member
  • 8533 Views
  • 4 replies
  • 0 Likes

How to update the BGP Imports in a Panorama template

I am trying to update the Import values in the BGP parameters in the Virtual Router in a template on a Panorama. My command looks like this: set template Test-Template config network virtual-router default protocol bgp policy import rules Route-IN-MPLS match address-prefix 0.0.0.0/0 exact yes I get a message like this:Server error : Test-Templat...

firebase-cloud-messaging app-id additional ports may be required

Hey there, Here's something that was brought up by one of our teams. According to this kb article cloud messaging also needs these ports.https://firebase.google.com/docs/cloud-messaging/concept-options#ports_and_your_firewall I was able to find logs related to this where the application was identified as google-base or unknown-tcp and denied. An...

icozma by L0 Member
  • 3746 Views
  • 1 replies
  • 0 Likes

How to change from category insufficient-content to Private IP address?

Hi Teams,How to change some intranet website from category insufficient-content to Private IP address?i already use portal to request change.but, when i choose category Private IP address, this category is disable and can't be click.i believe we already use this intranet website long time ago.last time categorized as Private IP address, but just...

Panorama 8.0.2 - Buggy???

We have multiple models of FW hardware running primarliy 7.1.9 and it seems like since upgrading to Panorama 8.0.2 from Panorama 7.1.9 that it is almost painful to make changes. It seems everytime we push to devices something fails. Today specifically we push some changes and it says "failed" look in the log and it says synchonization failed but...

Wald by L2 Linker
  • 2747 Views
  • 1 replies
  • 0 Likes

Shared Objects in Panorama

Is there a concept of shared objects at multiple levels in Panorama ? For example, I can have a top level setting at the shared level which says password length is 15 characters and I want that to go to all firewalls. What I need, is a second shared level beneath that (like at the template stack level) that says anything in "This template stac...

Cisco WLC integration problem with PA.

I have Cisco WLC 5508 , kiwi syslogd and PA.I can see snmp traps in Syslogd but only username is visible , ip address of the client is missing.Can anybody help how to parse it in Palo alto Firewall. Regards,

IPSec VPN with cert authentication: RSA_verify failed

Hello community! Created a VPN Palo Alto - Cisco Asa with certificates for Ikev2 gateway authentication. Cannot establish the VPN. Did a debug and get the following error when the palo alto is trying to validate the ASA´s certificate [PERR]: RSA_verify failed: 1099255804384:error:04091064:rsa routines:INT_RSA_VERIFY:algorithm mismatch:rsa_sign.c...

Carracido by L4 Transporter
  • 7524 Views
  • 3 replies
  • 0 Likes

session time-out need some understanding

We hare seeing some oracle session being aged-out. When i checked session info tim-out it says 120sec. But the application time-out itself is for 14400 sec . Where does this value of 120 sec come from. Session 2071980 c2s flow: source: x.x.x.x [SERVER2] dst: y.y.y.y p...

raji_toor by L4 Transporter
  • 2510 Views
  • 1 replies
  • 0 Likes

mtr

Hi, from the above output the second hope is the pa firewall , the loss is 98.2% , What does it mean ,I dont have traffic shaping in firewall Thanks

Screen Shot 2019-09-12 at 10.17.31 PM.png
simsim by L4 Transporter
  • 4591 Views
  • 1 replies
  • 0 Likes

Resolved! PA-820 & LACP

HiJust wondering if anyone here has successfully gotten LACP to work on a PA-800 series FW (set to passive) and Cisco Switch (set as 'channel-group X mode active')?No matter what I try (fast/slow/active/passive/1 eth/2 eth) I always get "LACP currently not enabled on the remote port" in the Cisco console output.I saw this twice this week at two ...

ShaiW by L4 Transporter
  • 8172 Views
  • 2 replies
  • 0 Likes

Resolved! Changing the /

We currently have one outside interface on the firewall and is connected to our Edge Router. The interface has the IP address of 10.10.10.10.5/24 (for example). This is the only port available for inbound and outbound data to the internet. We would like to create a new outside interface on the firewall and start using it for other services, such...

Shawverr by L3 Networker
  • 4766 Views
  • 5 replies
  • 0 Likes

GP RDP and User-id

Hi I recently upgrade to GP client 5.x. now when i login into my laptop say 10.10.10.10 as alex.samad GP logs me in as well and the PA's know 10.10.10.10 as alex.samad when i rdp to 20.20.20.20. and login as peter pan.. the PA assign peter pan to 10.10.10.10 This didn't happen under 4.1 is there an option to turn this off - i believe there is ?

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks