This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4243 Views
  • 0 replies
  • 0 Likes

Routing issues LDAP AD server profiles

Hi, Im trying to set up Group mapping and foudn an interesting issue that I wabnted to put out here see if theres any ideas that can help us out. This is the situation: Hardwareethernet1/12 is trunk with subinterfacesethernet1/12.2 vlan 2 tagged subinterface with IP = PAethernet1/12.3 clan 3 tagged subinterface with IP = YAD server is on vlan 3 ...

rcaduser by L0 Member
  • 2763 Views
  • 2 replies
  • 0 Likes

Resolved! Security Rule Behavior when Applications selected with Service select in same rule

I have littel confiusion, need to know about that what will happen if i have rule where i have seleted application and custom (home grown application port) port in service tab. Ex- in applicaiton tab i have- Ping,icmp and ssh. in Service Tab- port 8080 and 8081 (custom web services object) Will this work or traffic will Drop. Thanks in A...

PA220 routing issue

I have three PA220s, let's call them PA220-APA220-BPA220-C They are connected in the following manner: PA220-A ---- PA220-B ----- PA220-C All three have an Inside and Outside Interface. All the Outside interfaces are connected via a Layer2 network. My IP addressing, let's say it's the following: PA220-A - Outisde - 172.16.10.1PA220-A - Inside 19...

Palo Alto change source port with communication Cloud Meraki

Hello,We have a client with 300 branch that use Meraki. These branchs has DSL link on WAN 1 and MPLS on WAN 2.We have a follow problem.The meraki send a packet UDP each 10s by interface ip WAN 2, for example 10.200.2.10:3009 , the traffic goes to network MPLS and throght to datacenter of my client and before of out by internet on Palto Alto itse...

How can we troubleshoot high transmit utilization or high utilization issue on interface?

How can we troubleshoot high transmit utilization or high utilization issue on interface? we recieved alert from solarwind like below for our palo firewalls: Summary: itsg_GSOC-XXXXX-Priority:-P3 ALERT: | Hostname | ip address | PA-3020 | serial number | 7.1.18 | 2 | 83 % High Transmit Percent Utilization Description: Interface ethernet1/1 · In...

Old spyware signatures are not sinkholed

I have dns sinkhole in place but the issue here is firewall is not stopping dns resolutions of old spyware(previous dynamic update version) sihgnatures/domains at dns level. Palo threat databse shows the domain as malware but no sinkhole action is taking place. Is this a known behaviour?

Aggregate Interface Throughput limit - Multi VSYS - Shared Gateway.

Hi Community I have multiple VSYS setup that also uses Shared Gateway for collating access to my Data Centre to and from each VSYS. I have a PA5250 setup running OSPF with a 40G routed connection to my Data Cente (Northbound) - in the shared gateway area on a dedicated P2P 40G interface.. Each VSYS has a secure zone and an unsecure zone. The Uns...

mcnairi by L1 Bithead
  • 9800 Views
  • 9 replies
  • 0 Likes

Syslog - Collecting Internal DNS

Hey Everyone, I noticed my Syslog box isn't receiving internal DNS information from the Palo. I originally thought the URL log type would capture internal information (yes i'm aware what URL stands for, but I could hope). However that doesn't seem to be the case. Is there a particular field, log type, or severity level I can enable to collect ...

Agentless User-ID "Not Connected"

PAN-OS 8.0.9Server 2008-R2 I am in the process of investigating the setup of User-ID, utilising our test network which has a VM500 I am starting using the Agentless option. ( The production site has 500 users, mostly Citrix Terminal Sessions but also Some PC's so I guess I will also need the TS agent further down the line.) I have done the three...

IPSEC VPN issue

I have realy weired issue, I have two sites connected with IPSEC vpn, PAVM200 to PA3020. the sites are connected with IPSEC very stable vpn, remote site trying to access DMZ zone on the local site.The routing confiured and policy rule allowing the access from VPN to DMZ. everything works fine and I was able to see the traffic,suddenly after the...

SShnap by L3 Networker
  • 2849 Views
  • 2 replies
  • 0 Likes

timeout erors

hello.i tried importing a git file in my extensions, and mine is a proxy server.i get time out error.the git file is a taxii new mine.

lahiri by L1 Bithead
  • 2543 Views
  • 1 replies
  • 0 Likes

Resolved! How to fix "Unable to fetch external dynamic list. SSL connect error. Using old copy for refresh"

After upgrading from 8.0.6 to 8.0.10 our local EDL list stopped updating. The logs message states 'Unable to fetch external dynamic list. SSL connect error. Using old copy for refresh'. Anyone have any ideas on how to fix this? I looked in the release notes from some hints and came up empty. Thanks - Lora

Lora by L2 Linker
  • 18543 Views
  • 8 replies
  • 0 Likes

Resolved! User ID Agent Questions (Windows & Intergrated)

I am taking online trainging & I would be super thankful if someone with solid PA experience could answer some questions & provide any helpful feedback. I have a list of true or false questions & I just want to make sure my brain is processing all this information. True or FalseThe Windows agent gets installed on the domain server(s...

Miners do not collect any Information when more than 128 nodes

Hello, I have a problem with my minemeld server. Some days ago I reached 128 nodes (sum of miners, processors and outputs). If I do a commit with 128 nodes or more the minemeld process seems to keep restarting over and over. As soon as I reduce to 127 nodes or less it works again. In the logs I did not find a lot ... 2018-07-24T16:18:32 (7301)...

Remo by L7 Applicator
  • 3141 Views
  • 1 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks