Articles related to Configuration |
---|
Cannot Change Admin Password After Sudden Firewall Failure | |
How to remove Dynamic tag with register IP address? | |
Cannot Access WEBUI after configuring SSL/TLS Service Profile | |
How to export config bundles to a replacement SCP server with the same IP address as the failed server | |
How To Export a Candidate Configuration | |
Where to find a list of command history on the firewall or Panorama? | |
How to Retrieve License on the firewall | |
How to Configure Static ARP on the Palo Alto Networks Firewall | |
How to manage a firewall with local or overridden settings from Panorama | |
Change System Clock Time on Palo Alto Networks Firewall | |
How to configure or change the Master Key on a High Availability (HA) pair of firewalls | |
How to Delete an Admin Account From the Firewall Command Line | |
How to Configure SNMPv2 on the Palo Alto Networks Firewall | |
How to Configure DNS Proxy on a Palo Alto Networks Firewall | |
Getting Started: Setting Up Your Firewall | |
How to configure Log Forwarding for LPC on PA-7000 series firewall | |
How to Configure a DHCP Relay on Palo Alto Networks Firewall | |
How to Retrieve the Palo Alto Networks Firewall Configuration in Maintenance Mode | |
How to Manually Import and Install PAN-OS from the CLI | |
Setting a Service Route for Services to Use a Dataplane Interface from the Web UI and CLI | |
How to Create Management Users, Assign Roles, and Change Password from the PAN-OS CLI | |
How to perform PANOS upgrade from CLI? | |
How to Generate and Upload a Tech Support File Using the WebGUI and CLI | |
What is a Shadow Rule? | |
How to Import and Export Address and Address Objects | |
How to create a new service object | |
Radius Authentication Failing with FQDN in Server Profile | |
How to Configure the Management Interface IP | |
How to Configure DNS Proxy on a Palo Alto Networks Firewall | |
How to Add and Verify Address Objects to Address Group and Security Policy through the CLI | |
How to view Management Interface Setting in the CLI | |
How to create, add and delete sub-interfaces and static routes via CLI on Firewalls managed by Panorama | |
CLI Commands to Export/Import Configuration and Log Files | |
How to view IP Addresses in an address object via the CLI | |
How to Use the CLI to change GUI Access | |
Back Up Configuration and Device State from the CLI | |
How to View the Management Interface Service Settings from the CLI? | |
How to Add and Verify Address Objects to Address Group and Security Policy through the CLI | |
How to Create a Management Profile using the CLI | |
How to View the PAN-OS or GlobalProtect Version through the CLI | |
How to Configure MTU and MSS Settings from the CLI | |
How log firewall console output using PuTTY | |
How to disable scheduled update for contents from CLI | |
Failed to establish connection due to Server Identity check |
Articles related Commit Issues | |
---|
How to identify the commit failure reasons when no error message is displayed in the GUI. | |
Commit Failed Due To “Error: Non digit (Module: device) Commit failed” | |
Commit Failing With Error: "exceeds maximal number of app/service 128" | |
Commit fails with error message: "Error: Authobj must have auth profile" | |
Commit fails with Error: Failed to parse IPSec manual-key tunnel/profile 'OSPF AuthProfile' authentication key | |
Commit Warning: Next Hop IP is not in Subnet of Outgoing Interface | |
Commit Error Message - Error: Missing service value | |
Commit Failing When NetFlow Profile is Applied | |
Commit fails with error - Error: application 'ms-ds-smb-base' not found | |
GlobalProtect Giving a Warning when Commit/Validate: "tunnel tunnel.x ipv6 is not enabled" | |
Firewall Commit Validation Error "group-tag unexpected here" | |
Commit Error: Invalid Configuration. Please Fix Errors and Try Again. Commit Failed | |
Commit Failed when adding DHCP Relay "Can't get vr id(Module: dhcpd)" | |
Auto Commit Failing on an Application not found | |
Commit Fail When Next Hop Address List Is Specified in PBF | |
Unable to perform commit to Firewall from the Panorama due to new URL Filtering Categories. | |
Commit error "Pre-negotiation can only be enabled on HA Active-Passive mode" | |
How to clear the duplicate certificate subject found warning when issuing a commit command | |
Unable to commit due to plugin validation error | |
Panorama Commit Error: “bad template push candidate on disk” | |
Why security policies referring to different EDL objects generate shadow warnings on Validate Commit | |
How to Check the Status of an Auto-Commit | |
Commit failed warning “Fail to count address groups” | |
Commit Failure with Error 'any' zone is invalid from rule. | |
Commit error: Threat database handler failed, when using custom signatures | |
How to View the Configuration Changes or Differences in a Commit | |
Why is the ‘Commit’ button showing green when there are no pending changes to commit? | |
Can configuration be synchronized between Active and Passive when commit lock is on? | |
How to resolve commit failed error : "high-availability -> group -> mode -> active-passive is invalid" | |
Validation error for URL filtering while committing firewall configuration | |
Device Commit failure with following error "Disk quotas add up to more than 100%. " in MS.log. | |
Commit Warning: Disabled Applications in vsys | |
Commit error "This config has been sanitized of password data because it was exported by a non-superuser or was part of a tech support export" | |
Commit NAT Error: Mismatch of destination address translation range | |
Seeing Commit Warnings "Description and Tag missing for rule entry" | |
Plugin uninstallation failing with error "Please delete plugin user and commit before uninstalling plugin" | |
How to Determine When Auto-Commit is Complete | |
PAN-OS Web Interface Shows Not Ready Status and Commits Fail | |
Commit Error: Not A Valid Server Profile | |
Commit finishes with an error response: cfgpush.s1.dp1.comm.cfg-dp: error pre-installing config | |
GlobalProtect Commit Error: missing both client config and satellite config"" | |
Can't commit changes due to error message "Error: Profile compiler: cannot find tid 40006 in threat database." | |
Commit Failed When 0.0.0.0 is Configured as BGP Router ID | |
Do Interface Link Duplex, and Speed Sync Over to the Passive Device on Commit? | |
PA-7050 extreme latency on commit after upgrade to 8.1.12 or 8.1.13 | |
How to resolve commit error "Total NAT DIPP translated IP xxx exceeds the capacity of 800" | |
How to revert uncommitted changes on the firewall? | |
How to renew a locally generated certificate. | |
Validation error commit failed with application-status is invalid | |
Post Upgrade Firewalls to 9.1 getting commit error :Disk quotas add up to more than 100% | |
Rules that use EDL stops matching after commit is done | |
"Threat database handler failed (Module:Device) commit failed" due to missing app and threats content |
Article Related to FQDN | |
---|
What is the Fully Qualified Domain Name (FQDN) Object Limit? | |
Unable to Perform Dynamic Updates with updates.paloaltonetworks.com FQDN Address Object | |
Reduce FQDN Refresh Timer on Firewall in Order to Prevent Intermittent AWS Connection Outages | |
How to forward traffic to a specific FQDN using Policy Based Forwarding | |
FQDN objects are failing to resolve when DNS Proxy object is configured | |
Commit failing with invalid fqdn format after upgrade to PAN-OS 9.1.1 | |
Commit Fails Due to Missing FQDN Attribute | |
Unresolved FQDNs in Security Policy Result in Shadow Policy Warning During Commit | |
Articles related to NTP | |
---|
Is NTP Polling Time Interval Configurable? | |
Configure Authenticated NTP on Palo Alto firewalls | |
NTP Server error : An error occurred. | |
NTP Syncing to Secondary Server While the Primary is Available and Connected | |
Can all NTP Traffic Going to External Servers be Redirected to an Internal Time Server? | |
How to change the time zone from the GUI or CLI | |
Do Palo Alto Networks Devices Support Daylight Savings Time? | |
Unable to reach the update server | |
Articles related to Syslog | |
---|
Cannot Delete Syslog Certificate with Error Failed to Delete Certificate | |
Connection fails to syslog server | |
How to Forward Custom URL Logs to a Syslog Server | |
How to Forward Config Logs to Syslog Server | |
|
Articles related to SNMP | |
---|
SNMP for Monitoring Palo Alto Networks Devices | |
SNMP OIDs to monitor power supply status on Palo Alto Networks firewalls | |
SNMP Counter Monitoring | |
SNMP Poll Reports Different Memory Usage than show system resources | |
Device is Not Responding to SNMP Polls | |
What is the SNMP OID for monitoring internal temperature or CPU utilization? | |
Incorrect 32-bit counters via SNMP | |
SNMP monitoring tools show passive status as down | |
Sub-Interface throughput doesn't add up to Physical Interface throughput (SNMP monitoring) | |
Unable to poll interface data using SNMP after upgrading to PAN-OS 8.0.14 or 8.1.5 | |
How to create an SNMP V3 mask for Palo Alto Networks OID | |
How to Configure Sending SNMPv3 Traps | |
How to Configure SNMPv3 Polling | |
What is the SNMP OID for PA-7050 Power supplies? | |
How to Find the SNMPv3 Engine-ID | |
CLI Command to Display OID IF-MIB::iflnDiscards Information | |
Clearing snmpd.log due to log overflow |
SNMP sysuptime OID does not return the same values as "show system info" |
Troubleshooting Articles. | |
---|
How to delete configurations through the CLI | |
How to Revert PAN-OS to the last installed software using CLI. | |
Admin Users Created via CLI Are Not Shown in Web Interface | |
Password hash is different between generated by CLI command and displayed in configuration file | |
What Is The Upgrade Path When Upgrading Pan-OS from CLI? | |
How to Shut Down an Interface from the Web GUI or the CLI | |
How to View Active Session Information Using the CLI | |
Error When Restarting the Management-Server Process on CLI | |
Explanation of Job Type in 'show jobs all' CLI Command | |
Dynamic Updates Display Error after Clicking on Check Now Button | |
Backing Up and Restoring Configurations | |
How to Upload Core Files Directly to Support | |
Unable to Download Dynamic Updates on New PAN-OS Software From Not Enough Disk Space | |
What is the difference between running configuration and candidate configuration? | |
How to Delete Saved Configuration Files | |
FAST-DNS Resolution Issues | |
Unable to Connect to or Ping a Firewall Interface | |
Firewall not able to fetch the EDL address objects | |
Firewall Stuck in Initial (Leaving Suspended State) | |
How to Enter Maintenance Mode on the Palo Alto Networks Firewall | |
How to Delete Certificates on a Palo Alto Networks Firewall | |
Correlation Events are not showing on Panorama from the firewall | |
Firewall Automatically Captures Packets in the Traffic Log | |
How To Packet Capture (tcpdump) On Management Interface | |
Accessing Management Plane and Data Plane Uptime on a Palo Alto Networks Device | |
VSYS-Specific Service Routes | |
Root Partition is full due to syslog-tmp files in the tmp folder | |
Other Articles | |
---|
Best Practices for PAN-OS Upgrade | |
Disabling weak ciphers for web GUI access is not working | |
How to Disable Medium Strength SSL Ciphers for SSL/TLS Service Profile | |
How to fix Weak Ciphers and Keys on the Management Interface | |