This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Import Certificate using new Cloud Option

Hi Has anyone recently imported any SSL certificate using the new Cloud option where it lets import AWS/AZURE certificates on panorama (photo attached). How does this feature work, it only lets you put the Cloud Secret name, tried putting the ARN but it errors out.. Panorama is integrated with AWS tenant for Cloud ngfw management, so is it usi...

Failed to validate client certificate, thread : 0, 1-0!

Hi team Version PA 11.1.6-h3 Model 1420 Version USER_ID 11.0.1 Windows 2019 We have had an incident with the User ID agents, which have been disconnected from the firewall. In the logs of the firewall itself the error message was: “Redistribution Agent <agent name>: details: close connection to agent”. On the other hand, reviewing the ag...

Alpalo by L4 Transporter
  • 1330 Views
  • 2 replies
  • 1 Likes

Resolved! URL Category - Is a trailing / necessary when adding sites?

This question relates to the creation of URL Category objects. When adding a new site, PAN-OS shows the following disclaimer: "For domain entries, we recommend you use an ending token. Acceptable tokens are: . / ? & = ; +. If you choose not to use an ending token, you may block or allow more URLs than anticipated. For example, if you want to...

deeryolk by L1 Bithead
  • 2527 Views
  • 2 replies
  • 0 Likes

PA1420 IKE packet disappear between receive (ingress) and firewall session state

Hi, we have an PA-1420 Active/Passive HA-Cluster. Behind that Cluster we also use a Cisco FirePower 1150 as our VPN-Gateway, so IKE traffic (udp-500 and udp-4500) is passing our PA-1420. Our PA-1420 has to ISP connections for failover, both are dedicated interfaces eth1/1 ISP1 (primary) and eth1/2 ISP2 (backup). Our VPN-Tunnels on the Cisco Fi...

LJenne by L0 Member
  • 1137 Views
  • 1 replies
  • 0 Likes

Resolved! Clone Rule as Disabled

Feature Request. Add an option to automatically disable a rule when it is cloned on the NGFW. This eliminates the need for manual disabling—a step that can be easily missed—and streamlines the workflow. Cloning is the fastest and most efficient way to create new rules, but it also introduces risk: incomplete or unreviewed rules can be unintenti...

Do Palo Alto VMs support GCP N4 gve driver?

Dear community! Do you know if Palo Alto VM series firewalls is compatible with Google Cloud N4 machine family?? With N4 family the dataplane interfaces type=gve are not recognized > debug show vm-series interfaces allInterface_name Base-OS_port Base-OS_MAC PCI-ID Drivermgt (interface-swap)...

Carracido by L4 Transporter
  • 727 Views
  • 1 replies
  • 0 Likes

Resolved! CVE-2026-0229 and 11.2.7-h4

We are running version 11.2.7-h4 with Advanced DNS Security feature. This is hitting vuln CVE-2026-0229. https://security.paloaltonetworks.com/CVE-2026-0229 Has anyone upgraded ro a later version of 11.2.x ? What would you recommend?

Panorama 11.1 Recommended AWS Instance Size

Running Panorama that manages two firewalls in a small deployment, the current instance size is c5.4xlarge, which I believe is excessive for CPU and memory usage. Is it okay to use a different instance size, like m6i.2xlarge or smaller? I understand the documentation recommends 16 CPUs and 64GB RAM for 11.1 and later. https://docs.paloaltonetw...

Resolved! L3 Subinterface Traffic's Not Passing

Hi Team, Seeking for you advise, or your input that one my recent setup. I have made the Palo L3 subinterface for three VLAN's and the firewall port have been connected with Cisco L2 switch and the port of cisco has configured with trunk. After made the above, i can see the switch in the firewall connected interface, the VLAN details are apper...

Palo Alto Webinars

Hi,I've attended two Palo Alto webinars:- PAN-OS 10.1 Expert-Led Webinar on the 10th of February- Live upgrade demo on the 18th of FebruaryI was told we would be given the video recordings and slides from these webinars, but I don't know where they are. The tutors were saying the recordings would be available on the Live community page, but I ca...

Badbox malware

Hi, Our ISP keeps alerting us that we have a malware infection with something called android.badbox somewhere on our network but the source as they see it is our DNS server. They've provided the DNS query which they're seeing (for an A record) but we don't have the facility to log client queries on our DNS system. We've searched the paloalto thr...

Address Group and Tag limitations

The necessary firewall rules for each application are defined by labels. If a workstation needs access to it, the label is requested and assigned (XML-API), so each Workstation has its own set of firewall rules. I tried implementing this requirement using different approaches, but unfortunately, everything failed due to several limitations. Fir...

HeinzP by L1 Bithead
  • 1628 Views
  • 7 replies
  • 0 Likes

Palo Alto - Barracuda IPsec VPN problems

We've a IPsec-VPN IKEv2 between Palo Alto (10.0.7) and Barracuda (8.0.5-0341) with 10 IPsec tunnels, one VPN-tunnel per subnet-pair, on Palo side "proxy IDs".At least once every day, some of these ipsec-tunnels go down and can only be forced to come up again with manual "initiate" on Barracuda.The Palo Alto is set to passive.Normally, every 35 -...

ChrisCon by L2 Linker
  • 18552 Views
  • 13 replies
  • 0 Likes

Cortex - many aged-out connections on 35.244.133.254

Hello,We are experiencing a high number of aged-out connections from our Cortex agents and brokers on 35.244.133.254.When the connection is successful, the app-id traps-management-service is detected by our firewall.Do you also encounter this behavior?Thanks !

RezhoPsq by L0 Member
  • 829 Views
  • 2 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks