| Articles related to Configuration |
|---|
| Cannot Change Admin Password After Sudden Firewall Failure | |
| How to remove Dynamic tag with register IP address? | |
| Cannot Access WEBUI after configuring SSL/TLS Service Profile | |
| How to export config bundles to a replacement SCP server with the same IP address as the failed server | |
| How To Export a Candidate Configuration | |
| Where to find a list of command history on the firewall or Panorama? | |
| How to Retrieve License on the firewall | |
| How to Configure Static ARP on the Palo Alto Networks Firewall | |
| How to manage a firewall with local or overridden settings from Panorama | |
| Change System Clock Time on Palo Alto Networks Firewall | |
| How to configure or change the Master Key on a High Availability (HA) pair of firewalls | |
| How to Delete an Admin Account From the Firewall Command Line | |
| How to Configure SNMPv2 on the Palo Alto Networks Firewall | |
| How to Configure DNS Proxy on a Palo Alto Networks Firewall | |
| Getting Started: Setting Up Your Firewall | |
| How to configure Log Forwarding for LPC on PA-7000 series firewall | |
| How to Configure a DHCP Relay on Palo Alto Networks Firewall | |
| How to Retrieve the Palo Alto Networks Firewall Configuration in Maintenance Mode | |
| How to Manually Import and Install PAN-OS from the CLI | |
| Setting a Service Route for Services to Use a Dataplane Interface from the Web UI and CLI | |
| How to Create Management Users, Assign Roles, and Change Password from the PAN-OS CLI | |
| How to perform PANOS upgrade from CLI? | |
| How to Generate and Upload a Tech Support File Using the WebGUI and CLI | |
| What is a Shadow Rule? | |
| How to Import and Export Address and Address Objects | |
| How to create a new service object | |
| Radius Authentication Failing with FQDN in Server Profile | |
| How to Configure the Management Interface IP | |
| How to Configure DNS Proxy on a Palo Alto Networks Firewall | |
| How to Add and Verify Address Objects to Address Group and Security Policy through the CLI | |
| How to view Management Interface Setting in the CLI | |
| How to create, add and delete sub-interfaces and static routes via CLI on Firewalls managed by Panorama | |
| CLI Commands to Export/Import Configuration and Log Files | |
| How to view IP Addresses in an address object via the CLI | |
| How to Use the CLI to change GUI Access | |
| Back Up Configuration and Device State from the CLI | |
| How to View the Management Interface Service Settings from the CLI? | |
| How to Add and Verify Address Objects to Address Group and Security Policy through the CLI | |
| How to Create a Management Profile using the CLI | |
| How to View the PAN-OS or GlobalProtect Version through the CLI | |
| How to Configure MTU and MSS Settings from the CLI | |
| How log firewall console output using PuTTY | |
| How to disable scheduled update for contents from CLI | |
| Failed to establish connection due to Server Identity check |
| Articles related Commit Issues | |
|---|
| How to identify the commit failure reasons when no error message is displayed in the GUI. | |
| Commit Failed Due To “Error: Non digit (Module: device) Commit failed” | |
| Commit Failing With Error: "exceeds maximal number of app/service 128" | |
| Commit fails with error message: "Error: Authobj must have auth profile" | |
| Commit fails with Error: Failed to parse IPSec manual-key tunnel/profile 'OSPF AuthProfile' authentication key | |
| Commit Warning: Next Hop IP is not in Subnet of Outgoing Interface | |
| Commit Error Message - Error: Missing service value | |
| Commit Failing When NetFlow Profile is Applied | |
| Commit fails with error - Error: application 'ms-ds-smb-base' not found | |
| GlobalProtect Giving a Warning when Commit/Validate: "tunnel tunnel.x ipv6 is not enabled" | |
| Firewall Commit Validation Error "group-tag unexpected here" | |
| Commit Error: Invalid Configuration. Please Fix Errors and Try Again. Commit Failed | |
| Commit Failed when adding DHCP Relay "Can't get vr id(Module: dhcpd)" | |
| Auto Commit Failing on an Application not found | |
| Commit Fail When Next Hop Address List Is Specified in PBF | |
| Unable to perform commit to Firewall from the Panorama due to new URL Filtering Categories. | |
| Commit error "Pre-negotiation can only be enabled on HA Active-Passive mode" | |
| How to clear the duplicate certificate subject found warning when issuing a commit command | |
| Unable to commit due to plugin validation error | |
| Panorama Commit Error: “bad template push candidate on disk” | |
| Why security policies referring to different EDL objects generate shadow warnings on Validate Commit | |
| How to Check the Status of an Auto-Commit | |
| Commit failed warning “Fail to count address groups” | |
| Commit Failure with Error 'any' zone is invalid from rule. | |
| Commit error: Threat database handler failed, when using custom signatures | |
| How to View the Configuration Changes or Differences in a Commit | |
| Why is the ‘Commit’ button showing green when there are no pending changes to commit? | |
| Can configuration be synchronized between Active and Passive when commit lock is on? | |
| How to resolve commit failed error : "high-availability -> group -> mode -> active-passive is invalid" | |
| Validation error for URL filtering while committing firewall configuration | |
| Device Commit failure with following error "Disk quotas add up to more than 100%. " in MS.log. | |
| Commit Warning: Disabled Applications in vsys | |
| Commit error "This config has been sanitized of password data because it was exported by a non-superuser or was part of a tech support export" | |
| Commit NAT Error: Mismatch of destination address translation range | |
| Seeing Commit Warnings "Description and Tag missing for rule entry" | |
| Plugin uninstallation failing with error "Please delete plugin user and commit before uninstalling plugin" | |
| How to Determine When Auto-Commit is Complete | |
| PAN-OS Web Interface Shows Not Ready Status and Commits Fail | |
| Commit Error: Not A Valid Server Profile | |
| Commit finishes with an error response: cfgpush.s1.dp1.comm.cfg-dp: error pre-installing config | |
| GlobalProtect Commit Error: missing both client config and satellite config"" | |
| Can't commit changes due to error message "Error: Profile compiler: cannot find tid 40006 in threat database." | |
| Commit Failed When 0.0.0.0 is Configured as BGP Router ID | |
| Do Interface Link Duplex, and Speed Sync Over to the Passive Device on Commit? | |
| PA-7050 extreme latency on commit after upgrade to 8.1.12 or 8.1.13 | |
| How to resolve commit error "Total NAT DIPP translated IP xxx exceeds the capacity of 800" | |
| How to revert uncommitted changes on the firewall? | |
| How to renew a locally generated certificate. | |
| Validation error commit failed with application-status is invalid | |
| Post Upgrade Firewalls to 9.1 getting commit error :Disk quotas add up to more than 100% | |
| Rules that use EDL stops matching after commit is done | |
| "Threat database handler failed (Module:Device) commit failed" due to missing app and threats content |
| Article Related to FQDN | |
|---|
| What is the Fully Qualified Domain Name (FQDN) Object Limit? | |
| Unable to Perform Dynamic Updates with updates.paloaltonetworks.com FQDN Address Object | |
| Reduce FQDN Refresh Timer on Firewall in Order to Prevent Intermittent AWS Connection Outages | |
| How to forward traffic to a specific FQDN using Policy Based Forwarding | |
| FQDN objects are failing to resolve when DNS Proxy object is configured | |
| Commit failing with invalid fqdn format after upgrade to PAN-OS 9.1.1 | |
| Commit Fails Due to Missing FQDN Attribute | |
| Unresolved FQDNs in Security Policy Result in Shadow Policy Warning During Commit | |
| Articles related to NTP | |
|---|
| Is NTP Polling Time Interval Configurable? | |
| Configure Authenticated NTP on Palo Alto firewalls | |
| NTP Server error : An error occurred. | |
| NTP Syncing to Secondary Server While the Primary is Available and Connected | |
| Can all NTP Traffic Going to External Servers be Redirected to an Internal Time Server? | |
| How to change the time zone from the GUI or CLI | |
| Do Palo Alto Networks Devices Support Daylight Savings Time? | |
| Unable to reach the update server | |
| Articles related to Syslog | |
|---|
| Cannot Delete Syslog Certificate with Error Failed to Delete Certificate | |
| Connection fails to syslog server | |
| How to Forward Custom URL Logs to a Syslog Server | |
| How to Forward Config Logs to Syslog Server | |
|
| Articles related to SNMP | |
|---|
| SNMP for Monitoring Palo Alto Networks Devices | |
| SNMP OIDs to monitor power supply status on Palo Alto Networks firewalls | |
| SNMP Counter Monitoring | |
| SNMP Poll Reports Different Memory Usage than show system resources | |
| Device is Not Responding to SNMP Polls | |
| What is the SNMP OID for monitoring internal temperature or CPU utilization? | |
| Incorrect 32-bit counters via SNMP | |
| SNMP monitoring tools show passive status as down | |
| Sub-Interface throughput doesn't add up to Physical Interface throughput (SNMP monitoring) | |
| Unable to poll interface data using SNMP after upgrading to PAN-OS 8.0.14 or 8.1.5 | |
| How to create an SNMP V3 mask for Palo Alto Networks OID | |
| How to Configure Sending SNMPv3 Traps | |
| How to Configure SNMPv3 Polling | |
| What is the SNMP OID for PA-7050 Power supplies? | |
| How to Find the SNMPv3 Engine-ID | |
| CLI Command to Display OID IF-MIB::iflnDiscards Information | |
| Clearing snmpd.log due to log overflow |
| SNMP sysuptime OID does not return the same values as "show system info" |
| Troubleshooting Articles. | |
|---|
| How to delete configurations through the CLI | |
| How to Revert PAN-OS to the last installed software using CLI. | |
| Admin Users Created via CLI Are Not Shown in Web Interface | |
| Password hash is different between generated by CLI command and displayed in configuration file | |
| What Is The Upgrade Path When Upgrading Pan-OS from CLI? | |
| How to Shut Down an Interface from the Web GUI or the CLI | |
| How to View Active Session Information Using the CLI | |
| Error When Restarting the Management-Server Process on CLI | |
| Explanation of Job Type in 'show jobs all' CLI Command | |
| Dynamic Updates Display Error after Clicking on Check Now Button | |
| Backing Up and Restoring Configurations | |
| How to Upload Core Files Directly to Support | |
| Unable to Download Dynamic Updates on New PAN-OS Software From Not Enough Disk Space | |
| What is the difference between running configuration and candidate configuration? | |
| How to Delete Saved Configuration Files | |
| FAST-DNS Resolution Issues | |
| Unable to Connect to or Ping a Firewall Interface | |
| Firewall not able to fetch the EDL address objects | |
| Firewall Stuck in Initial (Leaving Suspended State) | |
| How to Enter Maintenance Mode on the Palo Alto Networks Firewall | |
| How to Delete Certificates on a Palo Alto Networks Firewall | |
| Correlation Events are not showing on Panorama from the firewall | |
| Firewall Automatically Captures Packets in the Traffic Log | |
| How To Packet Capture (tcpdump) On Management Interface | |
| Accessing Management Plane and Data Plane Uptime on a Palo Alto Networks Device | |
| VSYS-Specific Service Routes | |
| Root Partition is full due to syslog-tmp files in the tmp folder | |
| Other Articles | |
|---|
| Best Practices for PAN-OS Upgrade | |
| Disabling weak ciphers for web GUI access is not working | |
| How to Disable Medium Strength SSL Ciphers for SSL/TLS Service Profile | |
| How to fix Weak Ciphers and Keys on the Management Interface | |