General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Secondary IP and DHCP

Greetings,

Say we have an interface that is configred the following way:

e1/2.240

Tag: 240

IPv4 Address (two addresses on the interface):

-10.10.100.1/24

-192.168.100.1/24

Now, if that interface is configured as a DHCP relay, which network is it going to se

...

PA 850

hello

we have deployed a HA 850 series cluster

we have users complaining about problems with:

voice quality on MS Teams

screen freezes

video & audio out of sync

Q is there a configuration I should use to optimise the MS Teams network performanc

...

Resolved! Understanding some counters from pow performance during high CPU troubleshooting

Hi all,

I was troubleshooting one of our customers pa 5220 high CPU utilization based on this KB article:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmV2CAK

It gives a pretty good explanation of how to interpret t

...

{"status":500,"timestamp"

i am trying to register a new account to register a product... getting an error message

{"status":500,"timestamp":"2024-01-14T16:30:48.473895602Z"}

Resolved! PA 220 Dataplane restart automatically.

Hi Team,

We have noticed that our PA 220 device data plane has been restarted automatically.

Pan OS: 10.0.6

Please find the logs below,

2021-09-24 10:36:23.126 +0530 INFO: flow_ctrl_pktlog_forwarding: exited, Core: False, Exit code: 0
2021-09-24 10:36

...

Resolved! Failed to check content upgrade info due to Peer certificate cannot be authenticated with given CA certificates started 10/12/2021

Hi,

It looks like the cert on us-static.updates.paloaltonetworks.com applied on IPv6 address is expired.2600:1901:0:669:0:0:0:0.

go to www.ssllabs.com and check it..

option 1. Device > setup > Services > change the update server to the default.

option

...

ARP refresh in firewall if replacing the connected device

we are changing the core device hardware connected to Palo alto firewall inside interface. To minimize downtime we will be moving inside interface of secondary passive firewall to new secondary core and then we will make it active by suspending prima

...

Resolved! Features column in Network Interface shows an IPSec Gateway

I have a HA pair of PA 5220s at the HQ location and a PA-850 at a secondary DR location. We have about 100 remote sites that have a primary Site-to-Site VPN connection to HQ and a secondary connection to the DR location. Each of which have their own

...

Impact of license expiry

I need the impact below license expiry. This is not in terms of any OS version. This is a gen query.

-SD WAN License
-BrightCloud URL Filtering
-GlobalProtect Portal
-GlobalProtect Gateway

I intend to get the below bullets:-

-What one can s

...

description contains 'Failed to connect to address: x.x.x.x port: 3978, conn id: triallr-x.x.x.x-x.x.x.x' )

ipsec vpn, global protect is not set.

34.122.191.141 > google address

200.200.200.200 > loopback address

I found a Cortex logging service error, but I don't know how to solve it in detail.

https://knowledgebase.paloaltonetworks.com/KCSArti

...

PBF Rules being ignored

I have setup several PBFs to force traffic to use a specific egress interface for monitoring that particular path. I then setup a ping monitor on one of the servers, Source Address 192.168.200.15, to ping several different Destination Addresses (DA)

...

Resolved! Confused about HA Path Monitoring recovery (Preemptive loop)

Hello,

So this is a document: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhJCAS

Which states:

When a link or path monitoring (or both) failure condition is detected by the HA daemon on the Active device, it moves in non-f

...

Active Directory Users & Computers slow over GlobalProtect

We are experience an issue that I am curious if anyone else has encountered. When any of us IT folk are VPN'd in via GlobalProtect (tested on different internet connections, hardwired and wifi) whenever we open up MSFT Management Console Active Direc

...

New Area for Engineering Blogs on LIVEcommunity!

We are excited to announce a new Engineering Blogs section on LIVEcommunity, exclusively curated by Palo Alto Networks engineers!

This dedicated area will be home to technical posts about Palo Alto Networks innovations to build scalable and reliabl

...

Resolved! Seeing error on commit: Management Server failed to send ID request to client device.

Seeing error on commit: Management Server failed to send ID request to client device.

Resolution
Restart both management and device server. Run the following commands:
> debug software restart device-server
> debug software restart management-server

Ar

...

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Secondary IP and DHCP

PA 850

Resolved! Understanding some counters from pow performance during high CPU troubleshooting

{"status":500,"timestamp"

Resolved! PA 220 Dataplane restart automatically.

Resolved! Failed to check content upgrade info due to Peer certificate cannot be authenticated with given CA certificates started 10/12/2021

ARP refresh in firewall if replacing the connected device

Resolved! Features column in Network Interface shows an IPSec Gateway

Impact of license expiry

description contains 'Failed to connect to address: x.x.x.x port: 3978, conn id: triallr-x.x.x.x-x.x.x.x' )

PBF Rules being ignored

Resolved! Confused about HA Path Monitoring recovery (Preemptive loop)

Active Directory Users & Computers slow over GlobalProtect

New Area for Engineering Blogs on LIVEcommunity!

Resolved! Seeing error on commit: Management Server failed to send ID request to client device.

SSO Activation

No valid AceMlc2 config: SC 1 (AceMlc2): Config not valid

How to request a URL filtering change to High-Risk?

Management Interface Settings - Can't Change?

Log Container Page Only - impact?

Re: New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Support Portal is down.

Re: sorting question

Re: How to add palo to multiple device groups

Error while logging into PaloAlto Support Website

Unlock your full community experience!

Resolved! Understanding some counters from pow performance during high CPU troubleshooting

Resolved! PA 220 Dataplane restart automatically.

Resolved! Failed to check content upgrade info due to Peer certificate cannot be authenticated with given CA certificates started 10/12/2021

Resolved! Features column in Network Interface shows an IPSec Gateway

Resolved! Confused about HA Path Monitoring recovery (Preemptive loop)

Resolved! Seeing error on commit: Management Server failed to send ID request to client device.