This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4234 Views
  • 0 replies
  • 0 Likes

How was determine or verify after with application override bypass L7

Hi Expert , I would like to verify after config and traffic is match with Application Override Policy that it already bypass L7 how to check it via cli or gui so, I have understood about can check with show session id after filter application is already override but I have to clarify and verify it. Sorry to bad english

Shutdown Clustered/HA FWs

Is there any documentation on how to properly shutdown a clustered/HA FW pair and then restore connectivinty power verifying proper function once power is restored?

GMasanz by L0 Member
  • 4815 Views
  • 3 replies
  • 0 Likes

Dynamic TCP port APP query

Hi community, In a situation where there is a security policy allowing: SOURCE Source IP: any Source Zone: outside DESTINATION Destination IP: public IP 1.2.3.4 -> NAT'd to private IP 10.10.10.10 (servername1) (the security policy is using the post NAT zone). The inbound NAT is also correctly configured, and NATing correctly. APP: appX -> ...

ash83 by L2 Linker
  • 3539 Views
  • 3 replies
  • 0 Likes

Resolved! Auth Profile 8.1.x LDAP

We'd like our users to be able to log into Captive Portal or Globalprotect with user@domain.com or just user. We've messed around with seemingly every combination of username modifiers, but have not been able to get it to work both ways. Currently, logging in with user@domain.com works and the filter can see the user's AD group memberships. I...

Resolved! User ID Agent

Where the userid agent save log file ? We want to start audit when User ID update task failed on PAIs there a possibility to move the logs of userid to the siem / syslog server

Resolved! LACP NEGOTIATION LOG FILE

Hello, In order to debug an issue in our LACP interfaces.I need to run lacp debug and to find the log file of lacp negotiation. And there is a log file of all ethernet negoatiation? Thanks in advance.

Resolved! ISP redundancy and route load balancing.

Hi, Community! I'm looking for some help with a customer today 🙂 Here's the situation: a customer has a dual ISP configuration and wants the traffic both to be balanced between the routes of the two providers and that a redundancy scheme is put in place, so that in the case one ISP fails, users can go out to the internet through the other one....

CMachado by L2 Linker
  • 11597 Views
  • 8 replies
  • 0 Likes

PA-220 Not Decrypting any HTTPS Traffic even after I have followed ALL the Palo Alto Live Videos

For some reason SSL Decryption is not working on my PA-220 - I have followed many many many of the palo alto instructions to try to get it to work but some how it is still not working - the PA-220 is simply not decrypting any of the Https Traffic. I cannot even decrypt a single https traffic for some reason. I have installed the Certificate that...

Resolved! Replace passive member in HA (A/P)

Hi, We need to replace the passive member in a cluster. So in the HA preempt is not enabled. And priority in the active member is 100. So i understand that we can directly connect all the cables for new devices and this new member will take passive role since there isnt preempt enable, right???should i connect first of all HA cables in order to ...

BigPalo by L4 Transporter
  • 2913 Views
  • 1 replies
  • 0 Likes

Stuck in Failsafe Bootloader. what now?

My PA-820 is stuck in failsafe bootloader mode. what are my options now? I am no longer getting the option for MAINT mode either. If I let the system boot on it's own I get the below and it just keeps rebooting. Welcome to the PanOS Failsafe Bootloader.U-Boot 8.0.6.0-29 (Build time: Oct 13 2017 - 12:13:40)Octeon unique ID: 044000214719f31e0...

GPL-DDay by L0 Member
  • 9046 Views
  • 4 replies
  • 0 Likes

Resolved! No source user in logs post 8.1.2 upgrade

At the weekend I upgraded all our boxes from 8.0.9 to 8.1.2 as we need to make use of the new GP - Split Tunnel by URL features & Enhanced UserId coolness. Yes, I know - this was brave 🙂 Everything seems to be working as expected & as it was pre-upgrade with the exception of logging, where we no longer get the SourceUser in the logs for...

SimmSimm by L2 Linker
  • 4008 Views
  • 2 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks