This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4466 Views
  • 0 replies
  • 0 Likes

syn without window-scale option

Hi community, i am trying to access a website from LAN side of palo alto, even though correct policy is configured, tcp handshake was not complete. after packet capture i am able to find below points client sending syn packetbut i am not able to get syn-ack packet from server,able to see one ack packets from serverserver is using 3-way handshake...

Passive node strange behaviour matching rules

Hi, We have a cluster in PanOS 8.1.2. Suddenly we were reported that several users didnt work properly. We went to the active node and saw this: In order to solve quickly we decide to do a failover. After that i worked properly. So we would like to know why in a node the behaviour is strange. So PA is applying rule wrongly. Its applying the rule...

rule.jpg
setrule.jpg
BigPalo by L4 Transporter
  • 2187 Views
  • 2 replies
  • 0 Likes

Global Protect not working after upgrade

Hi I have upgraded my passive palo alto firewall to 7.1.20 post which global protect portal is not working. I'm seeing SSL session cache request comming in from external source. But the webpage page cannot load after adding the exception. Same works good in primary firewall 7.0.9 7.0.9 to 7.1.0 to 7.1.20 is the upgrade path that I went. Whenever...

Home internet acccess with 1gb but...

Hello, Looking for suggestions and recommendation, just got an offer from the ISP to upgrade the Internet speed to 1Gig down and 10Mbps up for a very good price. Except I have a PA220, the spec is good for 500Mbps with AppID and 150Mbps with threat. That just won't fly. I am aware the 220 can do better than 500Mbps. I don't think I can go...

Destination mac

I was having issues with DHCP being blocked, so I can a packet capture from the PA to see if I could tell was was blocking the DHCP traffic and if it could possbile be the PA. It shows the mac address of the interface on the PA as the source and then its lists a mac address that I cannot identify as the destination. So if anyone has any ideas of...

jdprovine by L4 Transporter
  • 10803 Views
  • 20 replies
  • 0 Likes

Resolved! LDAP Authentication - Parse error for maxPwdAge attr search

Hi,I'm trying to setup GlobalProtect with Prelogon, but I'm having trouble authenticating the user at the portal. I'm trying to test just the user authentication with the Windows Server 2016 ActiveDirectory DC at 192.168.###.9. Using the Pan-OS 8.0.13 CLI admin@fw-1> test authentication authentication-profile "Corp-LDAP" username "DOMAIN\us...

Global protect with loopback ip address and port number

Hello allWe have one public IP address and two groups of users who must connect to Head Office but get different policiesWe decide to use loopback ip address and NAT it to the public one but with different port (for example loopback ip 1.1.1.1 and public ip is 85.10.10.1 and we NATed 85.10.10.1:446 to 1.1.1.1:443)but when client try to connect t...

Radmin_85 by L4 Transporter
  • 7892 Views
  • 8 replies
  • 0 Likes

Is it secure ?

Hello allWe have configured GP REMOTE ACCESS VPN with OTP authentication.Ones we try to connect to Portal it failed to pass at the first time only second time.In Radius server we see that it tries to authenticate first the Ldap account then VPN accountwe configured the followings and it is ok.And i would like to know is it best practice from se...

196a29e9-25ea-4d60-8419-89dec249898b.jpg
64670083-273b-46e3-a99e-f1db5b8ccf9d.jpg
Radmin_85 by L4 Transporter
  • 3214 Views
  • 3 replies
  • 0 Likes

Resolved! ha syn failure - url filtering

on passive PA we are seeing ( description contains 'No synching file to peer because local state is not Active (Passive).' ) is this normal?

MP18 by Cyber Elite
  • 2796 Views
  • 2 replies
  • 0 Likes

Cannot Sync Running Config in HA active/passive

Hi All, I have a PA3020 with 7.0.5-h2 PAN-os version.I have tried different times to sync manually the running config on passive member without success. I can clearly see from the Active Member's "ha_agent.log" these errors:=========================(active)> tail mp-log ha_agent.log00000001TLV[2]: type 11 (SYSD_PEER_DOWN); len 4; value:000000...

Resolved! MineMeld and Office 365

I've used MineMeld in the past and I've been very happy with all of it's functions. Recently, I've started a new job and I've recommended MineMeld as a solution to get O365 IP's into the firewall for writing policy. Microsoft announced on April 2nd that it will be retiring the HTML/XML/RSS feed. I've included the announcement and link below. ...

Resolved! Changing Firewall Rule Names (Security Policies)

I need to rename a whole bunch of firewall rules (Security Policies).Ive done a search here and looked in the manual; I think I know the answer.I can change Firewall / NAT rule names as needed? There will be nothing else I have to change right? This will not break anything? I do not think firewall names and NAT rule names are referenced anyplace...

choff123 by L3 Networker
  • 5855 Views
  • 3 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks