This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4452 Views
  • 0 replies
  • 0 Likes

GP issues after a fail over test

So we have an annual BCP fail over test, during the fail over test when we shut the primary TOKYO PA 850 it fails over to PA 850 SEC, however when we connect to the VPN we cannot on our TOKYO we are not able to connect. I'm a bit newbie on PA and needing your assistance. Please provide me a detail troubleshooting steps on GP. The local IT s...

weezy by L3 Networker
  • 1101 Views
  • 1 replies
  • 0 Likes

RJ-45 10GB interface and cat7 cable

Hi All, Anyone deployed a ngfw (pa-3430) using the 10gb ports with a cat7 copper cable yet? same process as normal cat5/6 connection no additional changes needed? have a deployment for a client with fiber sfp but they did not purchase the sfp modules.. so in a bit of a pickle as needing to put these FWs in as vwire on the fiber connection betw...

PA_nts by L4 Transporter
  • 1116 Views
  • 1 replies
  • 0 Likes

Resolved! Trial VM-Series OVA-deployed VM stuck at PA-HDF login prompt for over 24 hours; multiple hosts and multiple attempts

Hello! I reached out to receive a trial for the VM-Series NGFW so I could practice/lab out some configs during my certification path. I have followed all of the instructions provided, confirmed ESXi version was fine, increased vCPU and RAM allocated following the sizing guide, and tried being patient, but multiple attempts at getting the VM-se...

VRT-JH by L1 Bithead
  • 20910 Views
  • 8 replies
  • 0 Likes

Resolved! Captive portal 403 forbidden

Hello, I've configured a new Captive portal but when i'm trying to reach it I receive 403 forbidden. The CP is enabled on the inside interface where the traffic is coming in. The zone have the user id enabled. The interface have the Management profile with User-id and Response page on. I've created a Auth Rule with Default-web-form but when I te...

rustdesk for remote support

Hello Friends, I have a question considering your valuable openinion regarding remote support applications. For financial issues I am moving to use an Open source "RustDesk" for remote supprt in my company. I can see that the application has its app-id in the paloalto application DB which is encouraging, but since I will inst...

issue about sdwan bgp routing

HI , Bro I setup a hub-spoke sdwan on my pnet labHub can learn site1 and site2 internal routing , but it can not pass these routing entry between site1 and site2.which cause hub and spoke(site1 and site2) can access each other , but the spoke (site1 and site2) can not access each other.

SD WAN using loopback on Palo Alto

I configuring a HUB for SDWAN with vpn, however this firewall currently have vpn tunnels to 3rd parties. Due to this I am planning on using a separate wan ip for sd-wan. However I do not have free ports on my firewall for this. Is it possible to configure a SDWAN HUB to use a natted loopback? If so I am not seeing any place to configure teh ...

mmercald by L1 Bithead
  • 2469 Views
  • 4 replies
  • 1 Likes

Resolved! looking for efficient way to clear specific security rule hit counts

I have Panorama managing 2 HA paired firewalls. The security rules are pushed to both HA pairs. I want to clear the hit counts for specific rules. If I login to the active firewall then I can run this command and it works fine. show rule-hit-count vsys vsys-name vsys1 rule-base security rules list [ "asdf1" "asdf2" "asdf3" ] And the clear ve...

PBF Monitor Target

Scenario is dual-ISP scenario using PBF to connect via primary ISP but switch to secondary if primary goes down. In a Policy Based Forwarding rule in the Monitor section of the Forwarding tab, there are 2 checkboxes: one for Monitoring itself, and the second one labelled "Disable this rule if nexthop/monitor ip is unreachable". Firstly, what is ...

Resolved! uniqe id for policies

Good Morning, we are using a pa-1420 and manage it via the web-browser. We sort and group the policies with tags. The rules have a name and an order. Both are changeable. Is there also a unique ID that can be used to permanently identify rules? I didn't find a column like "unique ID" regards Andre

Get EDL Entries on Panorama

Hi gurus, May I know if I can get ip/url/domain EDL entries on Panorama? As I can only see predefined-ip amd predefined-url types on my Pamorama instance, I am not sure if it relates to my Pamorama license. When I try to get entries of my custom EDL, the API returns below error: <response status="error" code="17"> <msg> ...

jyao_0-1727285892307.png
jyao_1-1727285892389.png
jyao by L1 Bithead
  • 948 Views
  • 1 replies
  • 0 Likes

Getting the error "Unable to fetch external dynamic list. Couldn't resolve host name. Using old copy for refresh.

We have PA 5250 which has configured with multiple EDL. Suddenly all the EDLs are failing that throws the "Unable to fetch external dynamic list. Couldn't resolve host name. Using old copy for refresh." As a workaround we rebooted the firewall and it resolved the issue. Looking for the experts advise to resolve this issue permanently.

Trouble setting up Proxy ID's for a S2S with a Checkpoint peer and continuous rekeys

Hello, I'm quite new to PA and not much firewall experience. We are having trouble with a S2S VPN with a partner who has a Checkpoint FW. The clients are on our side, the server is on their side. What I see in our logs are constant rekeys for the IKEV2 tunnel every 2-3 seconds: ipsec-key-expireikev2-send-p2-deleteipsec-key-deleteikev2-nego-chi...

PID.jpg

arp Flooding

Cisco router is getting flooding from Palo Alto firewall Source NAT is basic getting scan from outside random countries We deal with users in other countries and blocking by countries will not work. the ranges from outside to our public ip address It looks like a scanning because it's rang of our public ip address what can we do to stop it or pr...

How to allow particular URL via Global Protect Split Tunnel and DNS should resolve for that particular URL.

Our BI team has snowflake setup in the azure, they have whitelisted on-prem public ip addresses and Global protect public ip addresses to allow the snowflake access. We have a split tunnel GP VPN so tried with including domain and port number of the snowflake in the global protect config. which is having a DNS resolution issue? is any one have...

tthapa23_0-1726688400290.png
tthapa23 by L2 Linker
  • 2646 Views
  • 1 replies
  • 0 Likes
  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks