This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4452 Views
  • 0 replies
  • 0 Likes

Resolved! Cannot see Dynamic IP lists

We are currently going through the process of setting up new PA-820s for use in our environment.We should have access to the following External Dynamic IP lists on these devices based on our licensing, however they are not being displayed.I have enabled all licenses / authorization codes in the portal. Unit has Internet access. Using Mgnt interf...

Old PA220.png
New PA820.png

Traffic Log query for FQDN object errors with "ip range [fqdn] expansion exceeds maximum number of items allowed"

I created a new FQDN object and added it to a security policy. After committing changes, I tried to validate the rule was working, but I get this error in the traffic log when searching for (addr in 'my-FQDN-object'): The security policy rule is not working either. It should allow access to this FQDN address, but is not triggering I can s...

MatthewHale_0-1732120150610.png

I want to allow gmail access to specific users on my LAN segment.

I have created a policy which says "Src: FQDN of 2users" "DST:Any" "App: gmail-base, gmail-posting, ssl, stun, vidyo, web-browsing" "URL CATEGORY: Computer and internet info, web-based-email" "Action: Allow" But the logs I see is, those users are not hitting this policy (They are still passing through the default policy even the above created ...

Information about Cortex tenant upgrade.

Hi Community I am looking for information in an official document that mentions the automatic update of the Cortex XDR tenant. I cannot find any information on the subject. I appreciate any information on the subject. Thanks for the support.

Removing Previous Commits on Panorama which are Stuck

Is there a way to clear old commits on Panorama which have never succeeded? Our firewall which we were committing to dropped off the network during that time and the commit is still pending. Any CLI commands to clear this other than restarting the management plane on Panorama?

Stuck_Commit.JPG
tulrich by L0 Member
  • 27352 Views
  • 9 replies
  • 0 Likes

Resolved! Step to change standalone for both device

Hi All, All our PA is managed by Panorama and there are a couple of HA pairs in our environment. we just want to change one of the HA pair to standalone. Currently our set up is active passive. We would like change to standalone on both device. Is there any steps to make this happen? Thanks !!

Resolved! Two Virtual Routers

Hello,When I configure two virtual routers on a PA-5060, how do I get them to see each others’ routes?Do I need to configure some kind of virtual internal circuit between the two routers?Thanks!

AWS GWLB VPC Endpoint Associations no longer work post-upgrade

Hello, We have recently upgraded our VMSeries Firewalls from 10.2.8-h5 to 11.2.3-h3. However, now, none of our AWS VPC Endpoint associations work via the CLI. We're running the following as per the documentation - as we always have: admin@PA-VM> request plugins vm_series aws gwlb associate vpc-endpoint vpce-0c9fbeeeae9387c49 interface ethe...

C.Stuart by L1 Bithead
  • 1987 Views
  • 2 replies
  • 0 Likes

Heartbeat Backup showing down on both HA peers

I have an active passive configuration which seems to be working and has failed over successfuly in the past (possibly a year ago). According to the PA docs I read the heart beat is a ping that runs every 1000ms. I assume since the heartbeat backup is down on both that if the active firewall were to break right now ther would be no failover co...

Active.PNG
Passive.PNG

Chrome (HSTS) NET::ERR_CERT_AUTHORITY_INVALID - with 10.1.14h4 update

We updated PANOS (on Friday before h6 was released on Sat) to 10.1.14-h4, rebooted and now our users are sporadically complaining about when using google Chrome (Edge not effected), getting a "Your connection is not private" NET::ERR_CERT_AUTHORITY_INVALID - specifically going to some banking sites (Chase.com, being a major culprit). Doesn't ha...

internet issue

i have PA 440 trying to access the internet and i have set virtual router with default route to dataplane interface however when i try to ping anything on the internet the reply comes from the mgmt interface. (attachment)

Telemetry decided to stop sending

UPDATE: This was a bug and was fixed after installing 10.2.10 I have seen a couple others post this same issue on Reddit but figured this would be the place to ask. Does anyone know how to kick telemetry back into a working state? It was working and then last month on the 25th was the last time it sent. no errors, no fail messages, no chang...

hafenlabs by L1 Bithead
  • 13757 Views
  • 17 replies
  • 3 Likes

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics: Customer Support Portal Overview License Management RMA Best Practices Dive into the three-part Fuel Workshop video series and learn how to efficiently manage your Palo Alto Networks assets, accounts, and support needs. Led by experienced pro...

kiwi by Community Team Member
  • 1107 Views
  • 0 replies
  • 0 Likes
  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks