This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Multicast configuration for IPTV

Hi all, I'm lost configuring my PA-500 for IPTV using multicast. My provider has a new option for IPTV. They stated that in order to test the configuration one should try to open: https://www.fiber7.ch/documents/129/Big_Buck_Bunny_Stream.xspf So far I was not able to get this to work. I understand that one needs to enable multicast on the virt...

Resolved! Connecting PA820 to Cisco ASA HA

Hi All, I want to connect PA820 to ASA HA setup. ASA1 and ASA2 need to connect to PA820. Can I use link aggregation on PA820 for this scenario? If one of the ASAs fails will this setup work to pass on the traffic using the other ASA. Thank you.

sajidsil by L0 Member
  • 3820 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect VPN "Always On"

Hello, We are currently migrating from Cisco AnyConnect to a GlobalProtect solution that is hosted on an Azure cloud VM and really like the "Always On" feature. The only set back we have noticed is there is no way to manipulate it to only connect when not on an internal LAN. We had manipulated DNS in the past to disable internal users from conne...

file blocking profile but allow some apps

Hi We have recently enabled file blocking on all our web access rule and it works a treat, but looking at the data filtering logs i can see the likes of Google Chrome being blocked. I have played around creating a seperate rule, that is above the main web access rules, which has a seperate file blocking profile that doesnt and assigned this to ...

CRDF18 by L2 Linker
  • 4066 Views
  • 4 replies
  • 0 Likes

LSVPN Satellite Reconnection Time

Does anyone know how to decrease the time between LSVPN Satellite connection attempts? If one of our satellites drops off (e.g. reboot/power outage/etc), after it comes back up it will take up to an hour to connect to it's nominated Gateway. Also, if the Gateway is rebooted (e.g. after hours mainteance) it takes up to an hour before all of the s...

EDL- Predefined Paloalto IP Lists do not update

Hi guys, my PA is still with the initial set of roughly 500 IPs in the two predefined IP lists which do not update; it is said those lists are part of the AV signature updates which run well. I also have confirmed with the CLI that its is not a GUI problem. Am I missing something here? Can you take a look at your lists and the numbers of IPs wit...

pan219 by L2 Linker
  • 3489 Views
  • 2 replies
  • 0 Likes

Resolved! Getting error when committing more NAT rules "Total NAT DIPP rules 401 exceeds the capacity of 400"

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-rule-capacitiesdescribes the NAT Rule capacities as follows:-----The number of NAT rules allowed is based on the firewall model. Individual rule limits are set for static, Dynamic IP (DIP), and Dynamic IP and Port (DIPP) NAT. The sum of the number of rules used for thes...

Panorama templates for an Active/Passive setup?

I'm in the process of setting up our new firewalls. I went ahead and set up management on each of them, got them updated, got them paired up into Active/Passive, and am now following the Palo Alto 8.1 guide to migrate an HA config over to Panorama. I'm almost to the end but I have a question concerning the templates. The instructions say to d...

jsalmans by L4 Transporter
  • 3790 Views
  • 2 replies
  • 0 Likes

Resolved! 5250 HSCI port compatibility?

Greetings all, I should be getting our new 5250 firewalls in any day now and I'm trying to get my cable shopping list together so we can start working on our install process. I noticed the HSCI port for the A/S config uses a 40/100 port and, giving the units will be close together, I was thinking I'd like to get a twinax style cable instead of ...

jsalmans by L4 Transporter
  • 3775 Views
  • 1 replies
  • 0 Likes

Behaviour of VPN tunnels in HA pair during the failover

HiCan anyone please explain the behaviour of VPN tunnels during the failover on PAN.Does the ISAKMP and IPSEC SA table gets passed on to the standby unit ?Does the VPN tunnels will re-estalish the session again on the new active unit after the failover? what would be the downtime that the users will experience for vpn tunnels? Regards,

R_Sharma by L2 Linker
  • 10725 Views
  • 3 replies
  • 0 Likes

Resolved! different wildfire version

Hello, We have a couple of PA3020 but only one of them have different wildfire version as currently installed once we saw failed wirdfire update messages. Is it normal behaivior to have a different wildfire verison instllaed even though it is the same model? what could be the reasons of failing update? devsrv.log2018-12-27 14:18:172018-12-27 14...

Panorama Templates and default vsys settings?

What is the purpose/consequence of a having a template with a default vsys set to either : vsys1 or None -This is found under: panorama/templates/(specific template name)/Default VSYS/(option of vsys1 OR None) I'm finding that our firewalls with multiple vsys defined, have the setting to "None". On our global templates (templates used across mu...

Sec101 by L4 Transporter
  • 7348 Views
  • 1 replies
  • 1 Likes

What the heck is in /pancfg?

Hi all, I'm trying to figure out what is taking up all the space in the /opt/pancfg filesystem on my Panorama appliance. I've deleted all the old saved configurations and lowered the number of config audit versions from 100 to 50. (Each of these versions is about 500K.) I've taken a look at what anti-virus, wildfire, and content updates are s...

Resolved! Global Protect with multiple portals and gateways.

I have a working portal and gateway on PA3020 running 8.0.12.I want to setup another portal and geteway and repliciate all the settings.Second GP will be used for testing purposes.Only changes would be to use another public ip ,create another tunnel and loopback interface and ip pool.Just want to make sure I dont break prod global protect while ...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks