This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4231 Views
  • 0 replies
  • 0 Likes

Unable to Update License from the License Server

Hi, I am very new to Palo Alto and trying to active licence on new PA-850. the devices are already registered on support portal using serial key and authcode. when i click Retrieve license keys from license server, z dialogbox opens and tells me retrieving licenses from Palo Alto Networks license server. Please wait... and then suddenly dialo...

zebust by L1 Bithead
  • 18161 Views
  • 6 replies
  • 0 Likes

Resolved! Error in EBL Refresh job

Hi guys! I have two PA-5060 in HA and in this moment my secondary is active. In secondary I've seen the following messages:EBL(dyn-block-list-ip-sadc) EBLRefresh job failed. No valid IPs found in listEBL(dyn-block-list-ip-sadc) Unable to fetch external list. Using old copy for refresh.EBL(dyn-block-list-ip-sadc) EBLRefresh job failed. No valid ...

Resolved! TAXII output deduplication problem

Hello! Could you tell me why taxii output doesn't do data deduplication? Is it normal behaviour or bag? This problem is very important for us because we have huge amount of IOCs (about 450K). TAXII output just multiply this list. Additionally after the output toked 1000000 IOCs it just stop to accept new data until deletion of some old IOCs. The...

KVasiliy by L2 Linker
  • 14159 Views
  • 11 replies
  • 0 Likes

Miner Node show error "HTTPSConnectionPools" and "ConnectTimeoutError"

I have errors from retieve feed file form any source. It shows "HTTPSConnectionPool (host='source',port=443): Max retries exceeded with url: xxxx.txt (Caused by ConnectTimeoutError (<requests.packages.urllib3.connection.Verified object at 0x7fdd988ad310>, 'Connection to souce timed out. (connect timeout=20)')) But I can use wget fil...

28-08-2017 11-51-35.jpg
28-08-2017 12-19-13.jpg
28-08-2017 13-47-57.jpg
28-08-2017 15-12-59.jpg

Resolved! Single vWire to Multi vSys

Hello, I wonder if someone can help - I currently have a firewall deployed in a vWire configuration, however the requirements for the site are changing and we now need to utilise the Multi-vSys feature.I've had a look but can't see any information that specifically states whether or not when this license is applied and Multi-vSys is enabled, whe...

lscott01 by L0 Member
  • 4327 Views
  • 2 replies
  • 0 Likes

Resolved! Troubleshooting Slowness with Traffic, Management

Hi, I am reconfiguring my PA-100 VM, as i am changing the network design, but after i changed the interfaces IP, Router configuraattion, NAT policy, and security policy. I cannot get to internet and in monitroing end reason is "aged-out" From CLI i can ping and traceroute using the management and external interface as source, but i cannot use my...

GWASSEF by L1 Bithead
  • 8847 Views
  • 6 replies
  • 0 Likes

Resolved! How to create IPSec VPN tunnel between two Palo Alto 200 firewalls?

Hi folks, I went and bought another used PA 200 from Ebay to go along with my existing one to test my first IPSec VPN connection.Neither have a support or threat license at all and not registered.PA 200 #1 has PANOS 7.0.5-H2 and PA 200 #2 has PANOS 7.1.9. I am using PA administrator's guides and other material to create an IPSec Tunnel, but stil...

OMatlock by L4 Transporter
  • 16702 Views
  • 19 replies
  • 1 Likes

Resolved! How to create an internal type NAT?

Hello folks, Not sure if my question is worded just right, but here goes. 🙂 We have a partner company that has a Juniper NAT type of device plugged into our PA 3020 that does a NAT to a server in there environment, which we communicate with fine using the 10.1.5.x network.I am being asked to do something similar on our side. Today they are abl...

PANAT.jpg
OMatlock by L4 Transporter
  • 4549 Views
  • 6 replies
  • 0 Likes

Resolved! Advertise/Redistribute iBGP routes/prefixes to eBGP neighbours.

Hi All, Guys don't judge me, but l have a very little knowledge about the BGP process (iBGP and eBGP) and looking for assistance.Watched a nice video on youtube on how to advertise eBGP learned routes by iBGP peer to other iBGP peers using route reflector technic: https://www.youtube.com/watch?v=yaMUq6WTUTc This part is clear. We have a PA conne...

Hands on Palo Alto practice

Hey Guys, I'm looking for a place I can practice using a PA firewall without actually purchasing one. Are there any rentals like INE's rack rentals for other technologies?

Willjdm by L0 Member
  • 3509 Views
  • 2 replies
  • 0 Likes

Resolved! push the commit on one member of the cluster only?

Hello,To test the link monitoring of the high-availability, i want to shut one interface on the active member.I set up the interface at down but i do not find how to do the commit on the active member only.Is there a solution to push the commit on one member of the cluster only?Thanks for your help.

pmartyn by L1 Bithead
  • 4335 Views
  • 5 replies
  • 0 Likes

U Turn NAT from External to Internal with FQDN Object

I know how to create a standard U-Turn NAT from outside to inside and that works fine as long as the INTERNAL object is an IP Netmask address. On the NAT Policy Rule the Original Packet is a static IP on my external facing range. The Translated Packet needs to point to a device that will have a dynamic IP. This is a mobile cart that can trave...

TNaami by L1 Bithead
  • 2896 Views
  • 1 replies
  • 0 Likes

GlobalProtect Certificate Profile not on Gateway and Portal

Is there any specific why someone would configured a certificate profille only on a GP Gateway and not on a GP Portal (or vice versa)? In tutorials or videos, I've always seen it configured on both, but on some networks I've seen people only configure on one of them

ce1028 by L4 Transporter
  • 2155 Views
  • 2 replies
  • 0 Likes

Resolved! Policy behaviour change

Hello, We know that policy behaviour changed from version PAN-OS 7.1 as per the link below. https://live.paloaltonetworks.com/t5/Configuration-Articles/PAN-OS-7-1-Policy-behavior-change-application-default/ta-p/75664 However, we upgraded from 8.0.0 or 8.0.2 to 8.0.4 and noticed that it was not enforced in 8.0.0/8.0.2. Was there still a bug/issue...

Farzana by L4 Transporter
  • 2529 Views
  • 2 replies
  • 0 Likes

Traffic for frontapp.com getting blocked

Hello, We need some assistance in allowing URL: https://frontapp.com through our FW. It is hitting the interzone-default policy and getting blocked. We made sure the category: computer-and-internet-info is allowed. Also, tried adding *.frontapp.com in the Allow list of URL filtering profile and added the application 'front' from the application ...

Policy.jpg
LogView.jpg
Deny-Traffic.jpg
Farzana by L4 Transporter
  • 2503 Views
  • 1 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks