This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Ipsec Proxy_id configuration issue

Hi Team, I'm not able to configure two separate proxy id in PA-3020 firewall. If I configure either the tunnel goes down or one of the proxy configured second is not working. Ipsec tunnel is IKEV2 between sonicwall and PA-3020.I'm getting error "ikev2 child sa negotiation failed when processing traffic selector..."

vpn.JPG

Conditional NAT configuration request

Can you please guide me with this scenario and configuration. I have multiple VPN clients who access two servers (A and B) in DMZ (Outside to DMZ). The server A has evolved and the new replica of the server A now lies on the inside of the Firewall instead of DMZ. In this case, I need to do Destination NAT for server A (which I donot see any pro...

Resolved! Pushing config from Template stack

We have same template name say corp 1 and corp 2 then we have template stack name dept and add these two templates corp 1 and 2 to this. Now if we push config from template stack to PA will it be pushed from both corp 1 and 2 ??? say corp1 has syslog name test1corp 2 has syslog name test2 will it add both to the PA?

MP18 by Cyber Elite
  • 3785 Views
  • 2 replies
  • 0 Likes

Resolved! Panos 8.1.9

Hi Is this a recommend version to move to, currently on 8.1.5. What about 9.x is it ready ?

Resolved! No deny or drop traffic appear on Panorama

Hi All, We recently add palo alto firewall to the customer as 2nd layer firewall - 2PA820 and 1 Hyper-V panorama. Panorama is in panorama mode and we use it for log collector and management the firewall. Now, we have a weird issue that in panorama, we don't see any deny or drop traffic and firewall itself has deny and drop traffic.we are running...

Resolved! DHCP Server and DHCP Relay

2 interfaces with DHCP server configure (interface ip 172.16.13.1) Scope 192.168.12.2-254 and (interface ip 172.16.33.1) scope 192.168.32.2-2542 interfaces with DHCP relay to 172.16.13.1 and 172.16.33.1all the interfaces are on the Palo Alto firewallthe dhcp discover is working but the dhcp offer is not working , the DHCP ofer is in the firewall...

Yevgeni by L1 Bithead
  • 7519 Views
  • 3 replies
  • 0 Likes

Wildfire submission log

I don't understand wildfire work.I have this example that Firewall had wildfire-virus signature but was created wildfire submission log before wildfire-virus identificationwhy?

wildfire log.png
hbshin by L2 Linker
  • 5720 Views
  • 4 replies
  • 0 Likes

Packet capture

We have an issue with SIP sessions randomly hang on the firewall. We are trying to do packet capture on the Palo alto firewall. Since the issue is random, so we need to leave the packet capture on until it happens next time. It seems the firewall automatically turns off the packet capture after about 10 to 15 minutes. Is that by design? Is there...

Prevent Global Protect connecting when on internal network

After some advice please. How can I prevent Global Protect client from trying to connect to an external gateway when the device is on an internal known corporate network ? My connect method is already set to On-demand (manual user initiated connection) but it still attempts to connect at device logon. Thanks

Error: "Detected another instance" An old GlobalProtect instance exists... (Mac 10.14.5)

New Macbook pro, MacOS 10.14.5 the user account and applications were migrated using migration assistant.In the past this works fine. User is getting continual popups: Steps taken: uninstalled using globalprotect installer. Reboot. Reinstall. Same error.Uninstall client again, in terminal ran support document steps to detect enforcer kernel exte...

3097_Screen Shot 2012-06-21 at 6.51.17 PM.png

PA-5220 HA Configuration

Please can someone shed some light on the following issues which we are facing for PA-5220 HA Configuration:We can see port lights on HSCI port but not on HA-1/HA-2 ports even when they are connected,. Should they be enabled somewhere because in GUI i can just see in-band ports till port 24.How can we setup HA using dedicated ports, because in D...

Connection between two DMZ zone with MPLS

Hello,We have a server on the DMZ zone and another server in the other DMZ site.We need to allow traffics between the two DMZ zones with the MPLS connection.I don’t know how can I put this configuration on my PA firewall or maybe I should contact my MPLS provider to do this act on the MPLS router?I will appreciate your help or suggestion to solv...

ra7oub4 by L2 Linker
  • 3117 Views
  • 1 replies
  • 0 Likes

IPSec / returning ESP packets dropped when terminating interface is in a different zone

Hi all,I have an IPSec tunnel connecting to an old SSG. Tunnel came up successfully and SSG can see the traffic and is returning correctly into the tunnel. However PAN's decrypt counter remains 0. When i did a packet capture, the returning ESP packet is dropped shown below Frame 43 and 47:The setup i have is:eth1/1 - ISP WAN in zone "outside"loo...

dropped-ESP.png
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks