This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4235 Views
  • 0 replies
  • 0 Likes

Resolved! Panorama System Alert - failed exporting config bundle via ssh

we are getting system alert for Panorama M100 saying 1 - SYSTEM ALERT : critical : Failed exporting config bundle via ssh to 10.71.16.210. No RSA host key is known for 10.71.16.210 ....Host key verification failed....lost connection On Panorama sch config export has no config configured.

MP18 by Cyber Elite
  • 6285 Views
  • 5 replies
  • 0 Likes

Resolved! debug dataplane packet-diag clear log log

on 5220 we can see the packet diag logs via less dp0-log pan_packet_diag.log IF i run below command debug dataplane packet-diag clear log logwill that clear the pan packet diag from the DPO?less dp0-logbfd.log brdagent.logdp-monitor.log dp-monitor.log.1dp-monitor.log.2 dp-monitor.log.3dp-monitor.log.4 masterd.logmasterd_apps.log masterd_detail.l...

MP18 by Cyber Elite
  • 6607 Views
  • 4 replies
  • 0 Likes

GlobalProtect - Authentication Issues

Hi all, Fairly new to PAN and in the process of an ASA migration. Despite TAC/VAR assistance, I'm still having some issues with my GlobalProtect user experience. Fortunately it's not in production yet but the feedback has been inconsistent. Business Requirements:-Use GlobalProtect to tunnel all external user traffic back to HA pair for web filt...

AdamSC by L1 Bithead
  • 18900 Views
  • 9 replies
  • 0 Likes

IPSec S2S VPN Tunnel (PAN OS 8.1) using 2 virtual routers - setup working - but how possible ?

Hi,I've been trying to get an explanation to the following (working) scenario: I have a PA 220 with 2 virtual routers: an "inside-VR" virtual router with a L3 interface (i.e. e1/1 - 192.168.1.0/24 - security zone "INSIDE") + a tunnel interface (also assigned to the "inside-VR" virtual router - security zone "TUNNEL"); the tunnel interface is abl...

CarloInt by L0 Member
  • 6012 Views
  • 4 replies
  • 0 Likes

Issue FQDN address with dns records with short TTL

I have configured a firewall rule to allow some servers to ssh to vs-ssh.visualstudio.com to allow the servers to use ssh to connect to the git repo of Azure devops. This rule uses fqdn address object to allow the servers to only connect on ssh to this server. The problem is that this dns address resolves to 1 ip address, but it changes each ti...

ECMP + 3 Internet links + Outgoing traffic

Hello friends! We have now 3 ISPs, we started to use load balancing (all methoeds tested); Problem: Sometimes, packets from PA220, interface 1/4 (ISP 1), goes out to internet thru interface 1/5 (ISP 2).User's traffic with no problem.. But PA220 internet traffic (VPN establishment for example) is inconsistent. PA220 VPN initial IKE traffic exam...

ScreenShot293.jpg
ScreenShot294.jpg

Local Support for Pan-DB

Hi All, a client of ours lives in SouthEast Asia and is looking to purchase Pan-DB and wonders if they will need to rely on local support there, which is very spotty. It looks like this community and the support side of things is very strong. How likely is it that they would encounter issues requiring local support there, ie, something that c...

Resolved! wildfire questions

Hi All, I recently started applying wildfire profiles for most of my traffic to public cloud on all applications. This includes some senitive information for eg: user trying to print out a document that has some sensitive details.I know wildfire provides great benfits against zero day malware but I have few concerns/questions around it.1.Are the...

MS Update ActiveX Cab file Denied?

Hello. I just reloaded a Windows 7 x64 computer. The first check wants to update the Windows update agent.For some reason PA blocks it as a ActiveX Cab file.The first check allows, but the it's denied. (picture attached).I added a Virus exception for the identity and added MSUpdate as an ALERT only to my data filtering object. Still not working...

pa1272018a.JPG
catrock by L2 Linker
  • 6009 Views
  • 3 replies
  • 0 Likes

Resolved! Teamviewer and Commit warning

We have to allow only Teamviewer on some pc's, not internet browsing.I created rule with apps:teamviewer (apps-group)teamviewer-webadobe-flash-socketpolicy-server, ssl, web-browsingBut this rule will allow web-access to all sites.Ok, i created custom URL category profile "Only teamviewer":teamviewer.com*.teamviewer.comBut traffic is not hit this...

aaobuhov by L2 Linker
  • 5976 Views
  • 3 replies
  • 0 Likes

DLP Options

Im exploring some various DLP options for one of my clients. Im niot finding much in regards to DLP functionality on Palo Altos (I have a pair of 3020's) Does anyone know what Palo Altos DLP solutions consist of? If any?Im primarily concerned with the loss of IP/sensitive data. Thanks!

Resolved! revert configuration automatically

I had a situation where checking log at start session box in a security policy while troubleshooting, after 2 minutes to commit changes, I lost comunication with the fw, because data plane get 100%. I would like to know if there is a commit revert command that, revert to the previous configuration in a time schedule. for example a commit that af...

Marivi by L2 Linker
  • 4405 Views
  • 1 replies
  • 0 Likes

useful custom reports

Hey all,I want to create some custom reports to get more useful information about what is going on in my network.I would like to know - just informational - which reports do you use in your daily business?Respectively which reports you consider as useful.Until now, I created one report that shows me the denied packets for every last week.Can you...

MPI-AE by L4 Transporter
  • 12044 Views
  • 21 replies
  • 0 Likes

Where is the BPA tool located??

I want to run BPA reports against my configs but I can't find the tool anywhere??? I know it exists as I have a Initial Analysis from our 3rd party supplier, but I would prefere to cut them out of the loop. Any ideas? Cheers Rob

  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks