This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Redundant internet link config for 2 PAs at remote sites connected via L3

Hi, I have read a few articles regarding internet redundancy using a primary and backup ISP link on a single Palo but can someone please explain (if it's possible) how one might achieve redundancy using a primary ISP link on 1 Palo with failover to a backup ISP link on another Palo at a remote WAN site connected to the primary site via L3? Chee...

HA Cluster update issues

I've had an odd issue crop up.I have two PA-820's in a HA cluster.Everything has been working fine for over a year, no issues at all.Starting Friday afternoon of last week, I began getting alerts from the passive device.The alerts are for being unable to load threat protection updates and being unable to connect to the user ID agent. Nothing at ...

Query on PAN-OS upgrade for PA-VM

Hello, We are using PA-VM-100. We are planning to upgrade from 8.0.5 to 8.0.13. Will it impact in any aspect if we increase the disk space of a firewall server by reducing the retention period of log files, such as Threat report, traffic report etc.?

PA500 HA with Layer 3 OSPF connectivity to Core

Hi We currently have 2 PA 500 which are currently configured for HA. But don't think its currently setup correctly.This is what I can find regarding as to what we want to achieve. Active passive with OSPFhttps://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka10g000000CyRYAA0&field=Attachment_1__Body__s But the above article...

Resolved! Application incomplete

Hi,Why Palo Alto is detecting sometimes the application like SSL and sometimes like incomplete??????if the connection has 134bytes is not detected, but with more than 134b is detected..........

SOC_CSG by L4 Transporter
  • 33507 Views
  • 9 replies
  • 0 Likes

Resolved! Always on Global Protect and Open Wifi

I'm in the initial stages of a support case, but am curious if you all have had issues or success with this scenario: A GP user that is: pre-login / always-on / machine cert auth / no split-tunnel (0.0.0.0/0 include route) with access to their local network Here's the problem: A user is at a hotel / starbucks (a place that has an open wifi conn...

Resolved! User-ID Group Mapping Settings - automatically fetching groups that start with name ABC_

Hello! Our goal is to use AD groups in firewall policy rules that start with ABC_xxx_xxx. So I am wondering how we could achieve this without manually adding new groups to PaloAlto Group Include List. I have already tried Custom Group filter with (CN=ABC_*) but this seem to find only users not groups (Link to KB https://knowledgebase.paloaltonet...

kosonju by L0 Member
  • 4782 Views
  • 3 replies
  • 0 Likes

Signatures Minimum OS Version??

critical18754DemonBot Command and Control Trafficreset-both8.1.0 I noticed the above threat in releas 8096.. Which says minimum PAN-OS 8.1.0... We are on 8.0.x , does that mean the above would not be applicable? Thanks Rob

Resolved! Tunnels status VPN between Palo Alto-3260 and AWS VPC.

Folks,Typically when we build a IPSec tunnel from the AWS VPC to the on-prem Palo Alto box we get an option of 2 tunnel's from the AWS. I have options of configuring both the tunnels as UP/UP when the end point is something like a Juniper ISG-1000/ISG-2000 device. However, when I configured it on the PA-3260 only one of the tunnels is seen as up...

nson2139 by L3 Networker
  • 4474 Views
  • 2 replies
  • 0 Likes

Traffic Logs - Resolve Hostname - Micrsoft Public IPs

Dear Commuity,I am very new to Palo Alto Firewalls. I saw, that you can check the "Resolve hostname" checkbox when viewing Traffic Logs. Sadly a lot of IPs are not being resolved. I examed a few random samples and notices, the IPs mostly belong to Microsoft. I am now wondering, if there is some kind of way, that I could see this in Traffic Log d...

tpmeier by L0 Member
  • 4631 Views
  • 3 replies
  • 0 Likes

Resolved! Interface Monitoring / See if traffic gets send to interface

I am having a weired issue with a PaloAlto and a Telekom Router. I configured a specific client address to always use a second Router (with internet connection) to communicate to the WAN.Everything on the PaloAlto looks good to me but when I plug-in the Telekom Router into the configured interface port of the Paloalto I cannot access the Routers...

husetech by L2 Linker
  • 12327 Views
  • 4 replies
  • 0 Likes

Resolved! Firewall - Interface High availablity

Hi All,In my scenario, i have single PA-220 for guest access. In trusted zone i would like to keep the interface lelvel (active/standby) high availablity.Interface type as L2. I couldn't do aggregate interface since it's connected to two seperate switches. How we can achieve this.?? Thanks in Advance..

pa-220-ha.png
gpsriram by L1 Bithead
  • 2583 Views
  • 2 replies
  • 0 Likes

FQDN TTL shorter than refresh time

I have a problem with some sites that uses DNS round robin as loadballancer.As an examble:vs-ssh.visualstudio.com This has the TTL set to 300 sec, the PA's FQDN refresh is default 30 min.So the firewall won't cache all IP's used in the round robin, because when it does a refresh the old value has timed-outSo the rule where I use the FQDN object ...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks