This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Which is the best monitoring option for redundant IPSec Tunnel?

Hello. I'm trying to configure dual ISP and automatic IPSec tunnel failover.Network diagram looks like picture in here(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFiCAK).And IPSec peer devices are Fortigate. Not like above article, I didn't make two virual router and I use static route monitoring feature to primar...

yhlee1 by L2 Linker
  • 3038 Views
  • 1 replies
  • 0 Likes

Issue with UserId agent

Hi, We are having an issue connecting our UserID agent (version 7.x) with a DC in W2016. We have Userid agent version 7, we know that its not compatible useridagent 7.x with Windows server 2016, but we have several DCs in useridagent 7.x and one of them has already connected. We know that we should upgrade UserIdagent to 8.0.5 or later, but why...

BigPalo by L4 Transporter
  • 2706 Views
  • 1 replies
  • 0 Likes

Resolved! MineMeld whitelist not working

Hello, I have the problem that minemeld whitelists don't seem to work on our self-hosted minemeld version. I have the following setup:removed miner names for privacy reasonsThe wlDomeinAggregator contains a few domainnames, so they should be removed from the CEF output node. When investigating the issue I found out that no 'withdraw' event is tr...

Capture.PNG
folmer by L2 Linker
  • 3687 Views
  • 1 replies
  • 0 Likes

Upgrading HA setup in large steps

Hi,I'm going to upgrade a PANOS 5.0.14 to version 7.1.As I understand, the correct sequence is:Update PAN-OS 5.0.14 to 7.1.x:Download 6.0.0Download + install latest 6.0.x release (reboot)Download 6.1.0Download+Install latest 6.1.x release (reboot)Download 7.0.1Download + install latest 7.0.x release (reboot)Download 7.1.0Download + Install lates...

Unrusted Cert Warning on IE

We have created SSL cert for the PA web gui from our internal CA.When we access PA web gui via Chrome it is good. When I use IE it get the cert untrusted cert warning message?How can i fix this ?

MP18 by Cyber Elite
  • 4227 Views
  • 7 replies
  • 0 Likes

Odd duplicate ping issue. DUP

I have a strange issue. I am setting up a new 850 HA pair A/P To the outside world is a LACP Aggregate, connected to a HP switch. All was going well when testing, I can ping a dummy device (laptop) fine on the outside switch from the firewall. But when I connect to the firewall to the upstream router, pings to google all get ( DUP ). If I conne...

Do I need a NAT for traffic to pass??

I have an SD-WAN device at my internet edge that will be doing the NATing for the network. This is so that the device can decide which of 3 ISPs to use to forward traffic. My Palo Altos sit behind this device and will do the firewalling and URL filtering. I did not deploy in vwire mode, I cant seem to get traffic to pass through so my quesiton i...

F5 failover connected behind PA

We have two F5 devices configured as active standby behind PA. The issue is on failover F5 failover ARP table on the PA is not updated quickly enough for smooth transition. Is there a way to mitigate this problem and increase ARP update time for that interface only.

raji_toor by L4 Transporter
  • 4757 Views
  • 3 replies
  • 0 Likes

Resolved! Block rogue VPN

I am seeing this in my system logs. IKE phase-1 negotiation is failed. Couldn't find configuration for IKE phase-1 request for peer IP 172.250.246.42[500]. How can I block this? I been a Cisco guy for a longtime and new to Palo Alto. On my old cisco asa I could block an ip at the control plane like this. access-list cp-outside deny udp host 172....

Panorama VM 8.1.5

Hi all, just got this case, where the client shutdown the Panorama 8.1.5 for maintenance. But once reboot, and login to the device he will not see the ">". if he performs any commands there are outputs. But the prompt is missing. He reloaded the device and has been is this state for over 24hr now.Usual CUP load is 5% on their network. But now...

Shadow by L2 Linker
  • 4792 Views
  • 2 replies
  • 0 Likes

NTP synchronization issue

Hi Team, The primary NTP server toward Microsoft NTP Server(172.27.35.111) and also Configured the Cisco router(172.27.9.253) as secondary NTP Server. All the Network device is synchronized with secondary NTP server (172.27.9.253 ) but paloalto firewall not able to pull time information. Can anyone help to resolve this issue. Thanks

Resolved! Checking Report Status in Panorama

I have clicked on run now on 30 day custom report and below is status show report distributed-states reportid 6314Last Updated Time : 2019/05/30 09:48:32Current Report State : RUNNINGCummulative Docs Processed : 15318545-----------------------------------------------------------------------------------------------------------------------------...

MP18 by Cyber Elite
  • 5009 Views
  • 3 replies
  • 0 Likes

troubleshooting ipsec with dynamic side

Hello, everyone,Currently I have the problem to build an IPSec tunnel between a PA200 (A) and a PA220 (B).My one side A has a Telekom hybrid Internet connection (its a german product with LTE and cable connection) to a Speedport router. Thus only one dynamic official IP.The other side B is a normal company connection with a fixed IP address. I h...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks