General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 192 Views
  • 0 replies
  • 0 Likes

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 874 Views
  • 0 replies
  • 0 Likes

I can't decryption some web-site

Hi Expert ,

 

I was found an issue about after that applied decryption policy such as just facebook site but when access facebook occurs htps site restriction   I don't have license URL and threat prevention  

 

 

Kindly please suggest to me.

 

Route daemon configuration load phase-1 aborted

Hello,

 

I am getting "Route daemon configuration load phase-1 aborted" alarms under type-'Routing' , severity as 'Informational' and event as 'routed-config-p1-abort'.

 

Why we have these alarms and what they're indicating? could someone provide details

...

LCAP down on Passive Firewal

Hello team,

 

In an HA environment, with pre-negotiation for LCAP disabled , but passive link state set to "Auto" in the HA configuration, if all physical interfaces show as up, is the AE (Aggregated Interface) supposed to be up or down,  as the partne

...

Browsing Quota Time ?

I am coming from Forcepoint from a proxy perspective.  My questions is, does the Palo Alto support user browsing policies, and user quota times ?

 

I am looking to have some block list and white list created.   I am also wanting to give certain users l

...

Resolved! Commit error in HA

Hello,

 

We are using PA-VM with PAN-OS 8.1.6.

 

When trying to enable the Heartbeat and HA1 backup, we cannot commit as it failed with this error.

 

How to fix this issue?

CommitError.jpg

Security Profiles on Deny Rules

What is the best practice for adding security profiles to deny rules?  I like to add the URL profile to deny rules so I can see what URLs are being denied.  Who else adds security profiles to the deny rules and what benefit do you get? Has anyone had

...

Cisco ASA and Palo Alto 820 with multiple Proxy-ID

Trying to replace a site to site VPN Cisco ASA firewall with Palo Alto PA-850.  Cisco ASA on this side has multiple ACLs configured which is equivalent to Proxy-IDs.  It is configued with IKEv1, policy based, no IKEv2.  I do not have access to the fi

...

Resolved! session_end_reason eq decrypt-error - 8.0.9

Attempting to decrypt inbound ssl traffic to our federation server. I have been unsuccessful and getting decrpyt error.

 

We have been decrpyting other public servers in the same manner with individual certs succesfully for the past couple years. I hav

...

clewis1 by L3 Networker
  • 22973 Views
  • 14 replies
  • 0 Likes

Firewall Throughput

We have a PA3050 in a very simple setup.

1 outside interface and 2 inside interfaces (aggregated). 

 

A few times a week our clients complain about performance. During this time the firewall is generating 1Gb throughput (flat-line).

 

However, the through

...

PA3050-Throughput.PNG
Sjoerd by L2 Linker
  • 3913 Views
  • 2 replies
  • 0 Likes

user-id

Hi Community,

 

I am running PA local user-id agent in PAN os 8.1.3

i am facing an issue that my server monitoring is shows as 'not-connected', i am able to test the authentication and proper service account is configured. it was working fine for long t

...

Resolved! Server with public IP behind the firewall without Natting

 

We need to have a 1 server behind the firewall with public ip address.

We do not want private ip on the server.

 

Firewall -  outside zone

Server is behind the DMZ_Zone.

 

Currently  DMZ has sub interface with private ip address

 

so when traffic comes from

...

MP18 by Cyber Elite
  • 8094 Views
  • 3 replies
  • 0 Likes
  • 24009 Posts
  • 115 Subscriptions
Top Solution Authors
Top Liked Posts
Top Liked Authors
Labels