This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Resolved! Does Palo Alto plan to offer on-prem versions of the DLP, OT discovery and Strata Cloud Manager for data sovereignty?

As data sovereignty becomes a big issue for some customers palo alto has great features but some like DLP, OT discovery and Strata Cloud Manager are only SaaS based. My question is does Palo Alto plan to offer on-prem versions of the DLP, OT discovery and Strata Cloud Manager? Not like appliances or Virtual Machines like Panorama but maybe k...

HA ACTIVE firewall is failing when commit

The problem is that after performing a Commit&Push, the primary (active) firewall generates a status change that affects the signaling of the Cisco Nexus switch ports, causing them to enter suspended mode on both switches in the VPC configuration. After the switch stops seeing the primary firewall, the primary firewall does not switch. Disco...

F.Pinar by L3 Networker
  • 473 Views
  • 2 replies
  • 0 Likes

Resolved! About threatID action.

The followin theatID action is "Alert".Would you tell me the reason why action is default set to "Alert"?Would you tell me if there is policy for the default action? 30941316843197132351343213475736415391543990954465548015905585253866469016693719 Best Regards,Atsushi Takara

Configure VPN GP wit Microsoft Authenticator

Hi, i would like to configure my VPN using MAuthenticator. Anyone has a guide for this? i was checking this link but im not sure if this config should be used if you have EntraID AD in the cloud or not: https://learn.microsoft.com/en-us/entra/identity/saas-apps/palo-alto-networks-globalprotect-tutorial We have AD in server onpremise.

BigPalo by L4 Transporter
  • 1419 Views
  • 3 replies
  • 0 Likes

PAN OS 11 and DHCPv6 with Prefix Delegation

I wanted to make sure I had the settings correct for configuring DHCPv6 on my WAN interface for Starlink. I can confirm that I did get an allocation of IPv6 addressing with a /56 prefix and was successfully able to get an IPv6 address assigned to my internal interface. The issue is, it appears I have not gotten an actual perm or temp address o...

ChazKlinkbeil_0-1705503939918.png

Resolved! Blocking Google Games

Has anyone had any success in blocking the Google browser based games yet? I have seen a few threads with no answers. I'm going to bust out the Fiddler and see where it is going during this but I don't want to interfere with normal users and their Google searches. I was thinking there would be an app-id for it but I may have to find domain nam...

Resolved! PAN-OS-PHP Combining actionss

Hi I am trying to use the PAN-OS-PHP to bulk edit some rules. My question is can I chain/combine actions together. The documentation says that I can but when I try I get a syntax error Before I send the command to the Firewall I just want to check the rules that will be updated I don't think I am to far away but its just the sytax. If a...

PAN-OS-PHP-Action.jpg

PAN-OS 12.1, IPv6 and Region/GeoIP

Hi, With PAN-OS 12.1, IPv6 addresses are now also showing what Region they belong to. However, this seems to be limited to logs. Security policies, using specific regions/countries, will still not match the IPv6 addresses, even though the same IPv6 addresses shows the appropriate country code in the logs. Is this a known issue (internally perh...

TCP-RST-FROM-CLIENT and TCS-RST-FROM-SERVER

Hi All, As captioned in subject, would like to get some clarity on the tcp-rst-from-client and tcp-rst-from-server session end reasons on monitor traffic. Even with successful communication between User's source IP and Dst IP, we are seeing tcp-rst-from-client , which is raising some queries for me personally. Are both these reasons are normal ...

Jimmy20 by L2 Linker
  • 309905 Views
  • 7 replies
  • 2 Likes

Expired license CDSS

Hello, we received an alert regarding the expiration of CDSS licenses on February 11, 2026, following a change in operation on the Palo Alto side. All our equipment is running at least version 10.2.13-h5. The partner portal does not show any affected devices. We would still like to know if this will have any impact on certificate management, act...

Resolved! Reason Why Logs Are Received by SLS but Not Stored

In Strata Logging Service, ACTUAL RETENTION DAYS was shown as 0 for certain log types (such as firewall_traffic). Meanwhile, we observed that system and dns_security logs have increasing ACTUAL RETENTION DAYS.I understanding is that when ACTUAL RETENTION DAYS is 0, it indicates that SLS is not retaining logs for that log type.We have confirmed t...

S2S IPsec VPN with Multiple Domain Encryption

We have experiencing difficulties having more than one domain encryption in IPsec tunnel, specifically when both are in the same subnet. Only one domain encryption remains active in the IPsec phase2. There are few times you can bounce IPsec gateway and restore connection to affected domain encryption, but after some time again connection lost to...

R.Thakar by L1 Bithead
  • 3509 Views
  • 5 replies
  • 0 Likes

PALO ALTO BACKDATE SUBSCRIPTION POLICY

Could you please advise where we may obtain an official document or website link from Palo Alto Networks that formally states the backdating policy as described below? Backdating on subscriptions: Lapsed Orders placed after the expiration date with standard term end dates on the renewal quote will result in subscriptions starting the date of...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks