General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1686 Views
  • 0 replies
  • 0 Likes

Resolved! Maintenance Page redirection via Palo Alto?

Hey folks,

 

We have an HQ site and Colo site.  We are moving our Colo site to a new datacenter.

 

We have two firewalls in HA.  I've already broken HA and taken the PA#2 over to new datacenter for early standup.  Leaving PA#1 at current site Active with

...

OMatlock by L4 Transporter
  • 5868 Views
  • 6 replies
  • 0 Likes

Resolved! NAT rule best practice for a mail server?

Hello folks,

 

We changed our public ips recently and we have a few recipeints that are blocking our new mail IP.  I am suspecting has something to do with either our TXT (SPF) record or the fact that we are using a destination NAT rule instead of bi-d

...

mail3.jpg
mail2.jpg
mail.jpg
OMatlock by L4 Transporter
  • 9528 Views
  • 7 replies
  • 0 Likes

Client IP Connectivity Issues

Hi All,

 

I have a PA-200 running Version 8.1.0 and providing DHCP addresses to about 175 clients.  The pool is a /24 and recently, the clients have been getting messages stating another device is using your computers IP address.  I've been tweaking th

...

Resolved! Panorama System Alert - failed exporting config bundle via ssh

 

we are getting system alert for Panorama M100 saying 

 

1 - SYSTEM ALERT : critical : Failed exporting config bundle via ssh to 10.71.16.210. No RSA host key is known for 10.71.16.210 ....Host key verification failed....lost connection

 

On Panorama sch

...

MP18 by Cyber Elite
  • 5742 Views
  • 5 replies
  • 0 Likes

Resolved! debug dataplane packet-diag clear log log

on 5220 we can see the packet diag logs via

 

less dp0-log pan_packet_diag.log


IF i run below command

debug dataplane packet-diag clear log log

will that clear the pan packet diag from the DPO?




less dp0-log
bfd.log brdagent.log
dp-monitor.log dp-monitor.lo...

MP18 by Cyber Elite
  • 5897 Views
  • 4 replies
  • 0 Likes

GlobalProtect - Authentication Issues

Hi all,

 

Fairly new to PAN and in the process of an ASA migration. Despite TAC/VAR assistance, I'm still having some issues with my GlobalProtect user experience. Fortunately it's not in production yet but the feedback has been inconsistent.

 

 

Business

...

AdamSC by L1 Bithead
  • 15888 Views
  • 9 replies
  • 0 Likes

Issue FQDN address with dns records with short TTL

I have configured a firewall rule to allow some servers  to ssh to vs-ssh.visualstudio.com to allow the servers to use ssh to connect to the git repo of Azure devops.

 

This rule uses fqdn address object to allow the servers to only connect on ssh to t

...

ECMP + 3 Internet links + Outgoing traffic

Hello friends!

 

We have now 3 ISPs, we started to use load balancing (all methoeds tested);

 

Problem: Sometimes, packets from PA220, interface 1/4 (ISP 1),  goes out to internet thru interface 1/5 (ISP 2).

User's traffic with no problem.. But PA220 inte

...

ScreenShot293.jpg
ScreenShot294.jpg

Local Support for Pan-DB

Hi All,  a client of ours lives in SouthEast Asia and is looking to purchase Pan-DB and wonders if they will need to rely on local support there, which is very spotty.  It looks like this community and the support side of things is very strong.  How

...

Resolved! wildfire questions

Hi All,

 

I recently started applying wildfire profiles for most of my traffic to public cloud on all applications. This includes some senitive information for eg: user trying to print out a document that has some sensitive details.

I know wildfire prov

...

MS Update ActiveX Cab file Denied?

Hello.

 

I just reloaded a Windows 7 x64 computer.  The first check wants to update the Windows update agent.

For some reason PA blocks it as a ActiveX Cab file.

The first check allows, but the it's denied. (picture attached).

I added a Virus exception fo

...

pa1272018a.JPG
catrock by L2 Linker
  • 5447 Views
  • 3 replies
  • 0 Likes

Resolved! Teamviewer and Commit warning

We have to allow only Teamviewer on some pc's, not internet browsing.

I created rule with apps:
teamviewer (apps-group)
teamviewer-web
adobe-flash-socketpolicy-server, ssl, web-browsing

But this rule will allow web-access to all sites.

Ok, i created custom

...

aaobuhov by L2 Linker
  • 5494 Views
  • 3 replies
  • 0 Likes
  • 24216 Posts
  • 117 Subscriptions
Top Liked Authors
Labels