This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4236 Views
  • 0 replies
  • 0 Likes

Resolved! PA not installing antivirus automatically

On Active PAssive PA both devices are configured to download and install the antivirus every hour.Today PAssive PA installed the software but on Active it only downloaded the antivirus update. I need to manually install the antivirus on the active PA. below is fail reason how jobs id 34946Enqueued Dequeued ID Type Status Result Completed--------...

MP18 by Cyber Elite
  • 3893 Views
  • 2 replies
  • 0 Likes

Resolved! Single packet threat pcap and disk space alert

I have enabled threat signature to capture single file only. but from last 3 days i see so many same threat logs with pcap done. i got email today of disk space alert i checked disk space show system disk-spaceFilesystem Size Used Avail Use% Mounted on/dev/md2 3.8G 3.3G 341M 91% //dev/md5 7.6G 3.4G 3.8G 48% /opt/pancfg/dev/md6 3.8G 2.7G 910M 76%...

MP18 by Cyber Elite
  • 2684 Views
  • 1 replies
  • 0 Likes

Resolved! losing panorama config pushed to firewall

wondering if we have pushed all the config from panorama to pa.PA has all the global security polices. what will happen if we lose that panorama device like hardware failure? or if we delete all the config from panorama and give it reboot?

MP18 by Cyber Elite
  • 3014 Views
  • 2 replies
  • 0 Likes

Resolved! ssl decryption and policy deny

I have configured ssl decryption and rule is there to allow the traffic IT is hitting the right rule but policy says denied? what can be reason for this?

Capture.PNG
MP18 by Cyber Elite
  • 8003 Views
  • 5 replies
  • 0 Likes

Resolved! session offfload and flow basic

When we do session offload then PCAP can not capture the session offload traffic .if i am also doing flow basic on that then flow basic will not be impacted by session offload? RegardsMike

MP18 by Cyber Elite
  • 4907 Views
  • 4 replies
  • 0 Likes

Resolved! Wildfire appliance on a darknet

I have recently been given the responsibility of installing and managing a previously purchased WF-500. It was purchased for an environment that is completely disconnected from the Internet, totally dark. My question is - is there a way to manually download wildfire signatures and updates and install them on the appliance?

Resolved! ssl-decrypt exclude-cache ---SSL_CLIENT_CERT

when i run below command show system setting ssl-decrypt exclude-cache VSYS SERVER APP TIMEOUT REASON DECRYPTED_APP PROFILE EXCLUSION_LIST_MATCH13.71.172.130:443 ssl 42077 SSL_CLIENT_CERT undecided default No does this mean that PA can not decrypt the ssl traffic due to client cert? what can be actual reason behind this?

MP18 by Cyber Elite
  • 5177 Views
  • 2 replies
  • 0 Likes

Resolved! Decryption Profile ----No decryption

i am using default decryption profile. Under tab no decryption i see below block sessions with expired certs need to understand when does this setting is used when i am doing the ssl decryption or not doing ssl decryption? also does it only apply to ssl decryption policy ?

MP18 by Cyber Elite
  • 3797 Views
  • 4 replies
  • 0 Likes

show counter global | match proxy

Need to verify if below output looks good from ssl decrypt show counter global | match proxyctd_fwd_session_proxy_deny 384306 0 info ctd pktproc Content forward: action init denied for decrypted sessionsctd_switch_proxy 4 0 info ctd pktproc switch to proxyproxy_process 217482856 146 info proxy pktproc Number of flows go through proxyproxy_inval...

MP18 by Cyber Elite
  • 4347 Views
  • 3 replies
  • 0 Likes

Resolved! LDAP over IPsec?

Hello. I'm trying to configure UserID via our domain controllers in AWS. The setup:We have an HA PA-820 pair on-prem connected to our domain in AWS via a redundant IPsec tunnel. Traffic is passing between LAN and IPsec zones; on-prem workstations can ping both domain controllers. I have configured an LDAP Server Profile, an Authentication Prof...

Tunnel Migration

Hello, I am going to migarte my production firewall PA5050 into new location, already done the setup of firewall. Can any one please suggest the best possible way to migrate my all IPVPN tunnels in New Palo Alto, is basilcy to move one palo alto to another one, do we have a specified tool for that? or i need to do it manually. Thanksamit

Resolved! Working temperature

Hello everyoneWhat are the normal working temperature for palo-alto pa-820, pa-500 and pa-3020 ? It seems that it's beyond to the normal specifications ( above 40 °C )Thanks's you for your answer

Learner by L1 Bithead
  • 7146 Views
  • 6 replies
  • 0 Likes

Resolved! Microsoft authentication issues with Akamai IPs blocked by Palo Alto (?)

There was a massive outage on Microsoft sites. It has been resolved now, but I was wondering if this something related to Palo Alto Dynamic updates.https://www.reddit.com/r/sysadmin/comments/9nc9oj/microsoft_authentication_issues_with_akamai_ips/We just got nailed this morning with issues caused by Palo Alto Firewalls adding an Akamai IP/IP-rang...

  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks