This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Issue with PA-445 Failover - Interface Reset

We just replaced our active-passive PA-850s with PA-445s and have run into an issue when we failover the firewalls. On failover, all the data-plane interfaces on the new active node go down for 20 seconds before coming back up. This is dropping every active connection through the firewall. We did not see this behavior on the PA-850s (failover...

Resolved! No app ID for for WinRM, port 5985?

I am trying to add WinRM to a allowed policy and I am not finding the app for it. Does PA call it something different? I was thinking there was a way to search the app db by port but nothing is coming up.

jeffm by L0 Member
  • 7935 Views
  • 4 replies
  • 0 Likes

Resolved! QoS profiles on Aggregate interfaces

In advance - thank you for your help.I am trying to create a QoS profile. Here is my scenario. I want to apply a QoS profile to a public IP I own to do one of two things. 1 Give it priority over other traffic OR (complete opposite) rate-limit traffic FROM this IP out of my Internet interface on my PA.What I am testing:Created a QoS Profile ca...

ZachSmith by Not applicable
  • 8260 Views
  • 7 replies
  • 0 Likes

Migrate PA-3260 cluster to 3420 (managed by panorama both)

Hi, i have to do this migration. So my steps will be: 1) Install the same version 11.1.x as the old cluster. 2) install licenses 3) add new cluster tu panorama 3) add the device group old cluster to the new one. 5) clone template old cluster to the new one cluster and check the possible interfaces/clusterHA-ID changes to the new cluster. IS th...

BigPalo by L4 Transporter
  • 953 Views
  • 1 replies
  • 0 Likes

Route & Path Selection

I have a Cisco backround & I am currently studying Virtual Routers & Static Routes in the PA 8.0 admin guide. I am trying to understand how Metrics are used in the firewall because it sounds like Administrative Distance does the same thing. Can someone tell me if my theory is right when it comes to Palo Alto forwarding packets to an in...

Requests from internal company DNS to Root-servers.net

Hi, i'm observing in the fw logs massive requests from company dns servers to root servers (53 udp).These servers are generally named *.root-servers.net.I know that our Dns are configured to interrogate our provider DNS.Do i need to allow communication to root servers? How to securely address the policy rule as i cannot allow all dns query (to a...

Active - Active firewall deployment across two data centers

Hi All, We are exploring the firewall deployment options for one of our customers who have a requirement to stretch few VLANs across 2 data centers most probably using VXLAN/EVPN. The options currently being explored are: 1. Active-Standby firewalls in each data center2. Active-Active firewall with one node in each data center Are there any de...

MGRashmi by L2 Linker
  • 5850 Views
  • 4 replies
  • 0 Likes

Administrator account issue

PA-5050 device with software version 4.1.6.In all my devices except one, I was able to create a new Administrator account (Superuser) with password and log on with the account to administer the device. The problem device allows me to create a new account like the others, but I get an "Invalid Username or password" error when I attempt to log on...

kwaid by Not applicable
  • 10374 Views
  • 7 replies
  • 0 Likes

Resolved! vulnerabilities detected on https://appvpn.xxxx.xxx through our Bitsight

Hi team, We use a cybersecurity tool called Bitsight in order to discover vulnerabilities in our organization. This time the tool has found out some in our https://appvpn.xxxx.xxx subdomain which is a web portal to download the GlobalProtect client. The Bitsight finding in this case are related to the Content-Security-Policy header config...

Alpalo_0-1718719318523.jpeg
Alpalo by L4 Transporter
  • 4349 Views
  • 2 replies
  • 0 Likes

DHCP Server - Conflict IP's

Has anybody else experienced an issue with their DHCP server leases being constantly filled up with conflict IP's by one device? There is no pattern to which device will do this, it seems at random. I'm on version 11.1.6 Any guidance would be much apricated.

CPATT_0-1771337718677.png
CPATT by L1 Bithead
  • 514 Views
  • 1 replies
  • 0 Likes

Assistance with LDAP Authentication

Currently working on a PA-540 running 12.1.3 code. I have setup a LDAP server profile, and setup an authentication profile. If I test from the cli, the bind is successful, but the authentication fails, even if I use the same credentials I used to do the bind. I've also tried this with a domain admin account in case it was a permissions issue ...

DJ_1924 by L2 Linker
  • 631 Views
  • 2 replies
  • 0 Likes

Move FW to a TEMPLATE VSYS

Hi, I have created a new vsys in a 5220 to have all the config that we have in a VM FW. Which is the best way to move all the FW VM config inside the new VSYS in 5220. Copy all the FW VM config and paste it in the template VSYS in panorama? Is there an way to do it by GUI?

BigPalo by L4 Transporter
  • 333 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks