This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4104 Views
  • 0 replies
  • 0 Likes

Resolved! Perimeter FW in A/P HA directly connected to Palo Alto vwire in A/A HA

the basic topology is: Internet FW are non-palo alto in HA A/P directly connected (no switch in between) to a pair of Palo Alto in A/A HA -in Vwire mode (no Layer 3 on the Palo Alto but in transparent-zone) then Palo Altos in A/A HA are connected to the Core switch where the rest of the environment connects to as well. The internet FW will send ...

pa-410 lost monitor log function and ACC function

I have a PA410. After upgrading the software recently, I found that the original monitoring log has reduced a lot of functions, and even the ACC function has been lost.I checked the website information and found that this function was cancelled after 10.1.2. These are the ones I use the most and I can't even find any replacements or anything abo...

Resolved! Telemetry error - CDL Receiver Key Empty

Hi All, We have a client who all of a sudden started to receive the following telemetry error - 'CDL Receiver Key Empty' on PA-440. No changes have been made. Currently running PAN OS 10.1.2. They are not using CDL and are just sending Telemetry data to PA with a certificate. This looks like it may be a an issue on the PA backend. Can anyone cl...

BenPrice_0-1641256179346.png
Ben-Price by L4 Transporter
  • 27438 Views
  • 14 replies
  • 3 Likes

Resolved! UNABLE TO PING MANAGEMENT INTERFACE FROM LAN

I have a fairly simple network setup in my LAB Management Interface 192.168.1.1 /24 LAN Interface 192.168.100.1/24 DESKTOP IP 192.168.100.100 I have allowed all the Internal Subnet on the Management interface which is 192.168.100.0 /24 in permitted list I cannot ping the Management Interface 192.168.1.1 FROM 192.168.100.100 NO SECURITY POLICIES ...

Resolved! Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

We have just configured 2 IPSEC tunnels with a remote palo. Both sides have 2 IPSEC tunnels with tunnel monitor and DPD configured. For some odd reason, the when the primary tunnel is active and has active routes going to it, the secondary tunnel still shows active. Traffic is still flowing the way it should, I never see the traffic change to...

Resolved! NTP not working once authentication is enabled

Hi Guys, NTP was working well. But when authentication was enabled below msg is seen on the Firewall (NTP Stopped working) NTP server is a local one using IP address (not FQDN) PAN-OS Version 10.1.5-h1 All the other devices are syncing except for the Firewall. Has anyone else seen this issue? Any help would be greatly appreciated. Regards,...

paragkarki143_1-1663308368803.png
Pras by L4 Transporter
  • 12130 Views
  • 10 replies
  • 0 Likes

Resolved! TYPICAL NAT QUESTIONS

Hello,I have a web server in DMZ with private ip address 192.168.10.100/24 and I would like all the traffic from outside should come to this server. My public ip is 1.1.1.2/255.255.255.248 which will bind to 192.168.10.100To perfom this I can create a destination rule FROM TO Source Destination Destination Translation Address (Static)Untrust--&g...

Resolved! GlobalProtect expand IP Pool

We have an existing GP setup and it's working, but the IP Pool is set to a range of IPs 192.168.10.10-192.168.10.100 instead of a subnet 192.168.10.0/24. I want to either expand the range or change it to a subnet. I tested this by expanding the range to 192.168.10.5-192.168.10.150, but clients that got an address in the newly expanded range ...

SAML Immediately logs me off???

Hello -I've set up SAML and by all accounts it looks like everything is working fine. In the Monitor > System logs I see four different events: saml-client-redirect, saml-idp-activity, saml-signature-validated and finally auth-success. The issue is this:I click on "Use Single Sign-On" > (same result with/without optional Username) Continu...

Shawverr by L3 Networker
  • 4717 Views
  • 4 replies
  • 0 Likes

Updates required for NGFW customers of User-ID

Hi Team, Can someone please confirm if the incoming expiration of the certificate used by NGFW, and user-ID, going to impact Cloud Native solutions as PrismaCloud and Twistlock defenders? I'm not sure if anything needs to be performed before the date on some PrismaCloud defender which are currently monitoring the AWS Accounts. Version: d...

A_Canu by L0 Member
  • 1226 Views
  • 1 replies
  • 0 Likes

tacacs+ authentication

Hi All, i need to undersatnd if tacacs+ is cisco properiety , so how come juniper and paloalto use it ? second question here , tacacs+ used mainly for cisco command authorization , so what is the need for that inside paloalto ?

Resolved! User-ID agent upgrade path

Greetings, I am running NGFW x 35 (10.2.10-h3) and User-ID Agent 10.2.2-111, which I believe needs to be upgraded to avoid the Nov-18 issue. My question is, does the User-ID Agent need to remain in the same stream as NGFW (ie. 10.2.x) or can it go to the 11.0 stream? A side question (because I inherited this environment) ...If I have the 'st...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks