This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4226 Views
  • 0 replies
  • 0 Likes

Resolved! phase 1 up phase 2 down

( description contains 'IKE phase-1 negotiation is failed. Peer\'s ID payload 10.175.150.0 (type ipaddr) does not match a configured IKE gateway.' ) and ( description contains 'IKE phase-1 negotiation is failed as responder, main mode. Failed SA: 198.160.191.5[500]-173.182.112.167[500] cookie:5357205146f1b40c:a194d23cbec27a50. Due to timeout.' ...

MP18 by Cyber Elite
  • 12229 Views
  • 2 replies
  • 0 Likes

ALB Health Checks -> Palo Alto -> ALB

Trying to get the Palo Altos to register as healthy. Can anyone provide some assistance on NAT policies, or configurations for getting TCP 80 checks from ALB to Palo Altos to ALB which sits in front of two App servers? ALB (Palo Altos) |Palo Altos |ALB (App Servers) | App Servers

Resolved! IpSec VPN between Palo and Vyatta

Hi all, I try to configure an IPSec tunnel between PA-500 (version 7.1.4) and vyatta.Config seem to be ok, phase 1 is ok but nego for phase 2 is block in "No Proposal chosen". I select in phase 2 all possibility given by the palo. Any body already succeed to do that ?help .. please 🙂 Vincent

VinceM by L5 Sessionator
  • 9636 Views
  • 8 replies
  • 0 Likes

Resolved! Custom URL Filter - Site Definition Format

We started using Custom URL Categories, and it seems when we define a site, we have to add both a wild card to cover any subdomain, and a / to cover all URI/URL of the domain, IE:*.acme.corp (To cover subdomains)acme.corp/ (To cover all URLs/URIs to the domain) My question is (I'm getting into this deployed late) is that my predecesso...

Resolved! GUI does not show system logs

On GUI i see traffic logs but no system logs.LAst system logs are from yesterday. Ran the below command show log system direction> equal equaladmin@EOCDC-G3-NGFW-2(active)> show log system direction equal backwardTime Severity Subtype Object EventID ID Description=============================================================================...

MP18 by Cyber Elite
  • 5602 Views
  • 4 replies
  • 0 Likes

How do I see what the value of variables on remote firewall from the command line?

I've had a problem when I change the value of a variable for a firewall in Panorama, for some reason it doesn't get pushed to the remote firewall. I can log in to the GUI of the remote firewall to see the variable value where it's applied in the config. But, that takes a lot longer than if I could see it in the CLI. For example, I have a ser...

vickif by L1 Bithead
  • 3822 Views
  • 1 replies
  • 0 Likes

UserID

Hello Is Userd Identification feature works only whith Active Directory users account or also with Computers accounts ? I would like to create a security rule who allow access on our internal ressources only for computer with an active computer account in our AD and for computer without an valid computer account or disable account, the traffic m...

Knowledge Base Single Sign-On Error

Hello! Every few days I get this error and can't access knowledge base. It is VERY FRUSTATING!!!! Error started to appear after last tool upgrade. Does PAN have mailing list for resolving partner access issues? Regards,Maja

Capture.JPG
mkopcic by L2 Linker
  • 3335 Views
  • 1 replies
  • 2 Likes

Resolved! Open port

I need to create security rule and/or not to allow port 6965 to a device. Do I need both a NAT and security rule? Need to find out from vendor if port is TCP, UDP or both. I have PA-3020 running PAN-OS 8.0.13.

Asymmetric traffic and URL log retention

shown below is my log storage quota settings. My traffic logs can show past 16 days data but URL filtering logs has only past 8 days data. how can I ensure I store same log retention period for traffic and URL filtering?

log db.PNG

Resolved! Minemeld with AWS Guard Duty Integration

Hi, I just went through the python extension install successfully of the Guard Duty miner for Minemeld. It looks like it installed successfully, but after I restarted Minemeld I can't see anything. I create a role for my Minemeld instance to have access to Guard Duty. Is there something I am missing in this install that would get this in...

Artman by L1 Bithead
  • 4273 Views
  • 2 replies
  • 0 Likes

Resolved! Active/Active Firewalls and Panorama Templates

So I'm trying to keep firewall configuration as much in Panorama as possible. With Active/Passive I can accomplish this with one template per firewall pair. With an active/active firewall pair will I need a template stack to do this? One template per firewall, then a template to cover both, in a template stack? Is there an easier way to do this,...

tcasw86 by L3 Networker
  • 4603 Views
  • 1 replies
  • 0 Likes

Feed with mixed IP \ domains

I have an IoC that is a mixture of IP addresses and hostname\domains; what is the best way of handling this? The processed output will be a mixture of PA firewalls and other non-PA systems so, to be absolutely sure I'd like to split them out. The best way I can think of is to create 2 miners and use regex filters to access the same feed twic...

apackard by L4 Transporter
  • 3047 Views
  • 1 replies
  • 0 Likes

Resolved! Email alert for Logs not generated in GUI

Currenlty we do not get email alert notification for logs being not generated on the PA.We have configured email alert for system. Is it possible to get the email alerts when PA stops generatingt the logs like traffic or system in gui?

MP18 by Cyber Elite
  • 3679 Views
  • 3 replies
  • 0 Likes

Import XML FW config from desktop to Panorama?

Scenario: I have a new firewall out in the field, I'd like to put a basic configuration on the FW in the field including the Panorama server IP. I'd then like to log into Panorama and import the config from my desktop and then push the full config to the FW in the field. I have searched and do not see anything of this nature. Seems like a pretty...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks