This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Resolved! PA-VM-300 refuse to boot because master key expired.

Hi all, today i found my PA-VM-300 in maintenance mode, refusing to boot. Maitenance Entry Reason:Cryptod failure. Caused by: Master key expired.This firewall is a backup of our production firewall, in our Disaster Recovery Plan, in addition to VMware SRM.I use the API to push the production configuration to this firewall. In order to allow the ...

2017-08-16_171551.jpg

Virtual Panorama for Log viewing only

Hi all, I hope someone already did something like that to answer my question 😛 We have a virtual Panorama on PAN-OS 8 with a local log collector. On this panorama we manage differdnt firewalls and also store the logs of these firewalls. This panorama is in a secure zone where we ONLY allow acces for firewall administrators.So far so good. Now w...

Remo by L7 Applicator
  • 2095 Views
  • 2 replies
  • 0 Likes

sync issues

My HA pair went into split brain so I rebooted the secondary and now they will not sync

jdprovine by L4 Transporter
  • 3829 Views
  • 7 replies
  • 0 Likes

site 2 site with Meraki NAT'd behind ISP router??

We have a remote site connected behind ISP router and Meraki receives 192.168.X.X IP from it, and all networks locally are connected further to Meraki. The main site has public IP directly on the firewall. Not sure how to make configuration work.

raji_toor by L4 Transporter
  • 7814 Views
  • 7 replies
  • 0 Likes

Resolved! Issues with netflow.

We are having issues getting our information from our PaloAlto 5020's. It looks like it is sending but we do not have any chartable information on either of our netflow servers. We are using Solarwinds Netflow Traffic Analyzer as well as What's up gold flow analyzer. Palo Alto says that I have setup the server profile and applied it to the in...

Best Solution for New Design

Dears,first time for me write in PaloAlto forum I hope to find my answer here. first, we have purchased PaloAlto 3020, and need the best design for the network securityز My network content "1" switch L3 and "2" switches L2 and we have VLANs for users and voice and guest and printers and also we have WIFI for staff and WIFI for the guest and ev...

MOsama by L1 Bithead
  • 2058 Views
  • 1 replies
  • 0 Likes

(DUP!) when pinging from the firewall

Hi guys, Strange issue here which I'm hopeing to get resolved. I was SSH'ed into the our PA VM-100 today and happened to run the command >ping host 8.8.8.8. This resulted in 100% (DUP!) replies on the ICMP replies. However, when I specify the source and host I dont get this issue. Any ideas why this could be happening? Thanks

Resolved! Panorama configuration logs

When making changes to firewalls through panorama, there is a history of those changes made. When you go to the dashboard there is a widget that shows the last handful of config changes, so I know they are there. Where in panorama can I go to view the history of that log? There is no "configuration" section under the monitor tab like there is...

Resolved! Proxy-ID Error message for GlobalProtect Client

We have configured a GlobalProtect Gateway to service clients using both the GP Agent and X-Auth parameters with 3rd Party Clients. We have been receiving the following error messages:'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 10.0.0.0/8 type IPv4_subnet...

Suspicious login attempt found on PA.

Hi All,I have a situation where someone tried to access Palo Alto and failed to login as the authentication was not granted. Any idea where i can go and see what was the source IP and location etc. A bit of forensics. Any suggestions most welcome. Imran(Brighton)

Can I make PA3020 stop advertising default route in OSPF if its internet connection is down?

Hi all, This my first post on here. I was trying to see if these devices have monitor/tracking features e.g. keep testing the internet connection to see if it is still up. I want the PA to form a neighbor relationship with a cisco router and advertise a default route to it with OSPF. But I want the PA to stop advertising its route if its interne...

installing SFP modules on PA-5050

Hi I need to know the correct procedure for installing a 10 G SFP into a PA-5050. Can I install while they are on and running? Do I need a reboot?Do I have to power off and install and power on? I’ve tried to if an answer in the documentation

fribbl3 by L0 Member
  • 3498 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect behind NAT/PAT Cetificate Issue.

Hi, I'm configuring my GlobalProtect VPN and Agent keep saying "CN name mismatch". Here's my infrastructure : The PA220 is behind the NAT of the ISP and all connexions on WAN_IP (that is the public IP) are translated to the address 192.168.7.1. As port 443 is already used, we're using WAN_IP:10443 that translates to 192.168.7.1:443 for the Globa...

Drawing1.png
Naelwan by L1 Bithead
  • 4980 Views
  • 3 replies
  • 0 Likes

Resolved! Question on GlobalProtect access route

Hi All, I've successfully set up globalprotect for my remote users according to this link https://live.paloaltonetworks.com/t5/Configuration-Articles/Basic-GlobalProtect-Configuration-with-User-logon/ta-p/136099 I have a new problem. I want some users all traffic to go through GlobalProtect tunnel and the other users only intranet traffice to g...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks