Category ✅

Login to the CLI of your device.  Run the command> request tech-support dump Track the progress using:> show jobs all or > show jobs id <job id> Download from GUI:  Device > Support > Tech Support File > Download Tech Support File

This issue is documented under PAN-215869. The global counters (show counter global) can display the traffic loss count. Below are the relevant traffic and threat log counters: Traffic Log Counters: log_traffic_loss_cnt: Number of traffic logs that are lost. log_traffic_loss_queue_full: Number of traffic logs that are lost due to the next queue being full. Threat Log Counters: log_threat_queue_full: Number of threat log queues that are full. log_threat_loss_cnt: Number of thr

These steps are intended to help troubleshoot IPSec VPN connectivity issues. They are divided into two parts, one for each Phase of an IPSec VPN. Phase 1 - To rule out ISP-related issues, try pinging the peer IP from the PA external interface. Ensurethat pings are enabled on the peer’s external interface. If pings have been blocked per security requirements, see if the other peer is responding to the main/aggressive mode messages, or the DPDs. Check for the responses of the “

DPD is a monitoring function used to determine liveliness of the Security-SA (Security Association and IKE, Phase 1) DPD is used to detect if the peer device still has a valid IKE-SA. Periodically, it will send a “ ISAKMP R-U-THERE ” packet to the peer, which will respond back with an “ ISAKMP R-U-THERE-ACK ” acknowledgement. The Palo Alto Networks does not currently have a log associated with DPD packets, but can be detected in a debug packet capture. The following is a PCA

Top Palo Alto Interview Questions and Answers for 2025 Question 1: How many deployment models are available in Palo Alto? Answer: Palo Alto offers multiple deployment models: Tap Mode : Connects the firewall to a switch SPAN or mirror port, passively collecting and logging traffic. Layer 2 Mode : Operates in switching mode, where all interfaces are in the same subnet. Layer 3 Mode : Functions like a router, with interfaces in different subnets, supporting routing, static, an

There are some step need to follow to create s2s vpn on paloalto -- This is the topology - STEP 1   Go to  Network >Interface > Tunnel tab,   click  Add  to create a new tunnel interface and assign the following parameters: Name: tunnel.1 Virtual router: (select the virtual router you would like your tunnel interface to reside) Security Zone:(configure a new zone for the tunnel interface for more granular control of traffic ingress/egressing the tunnel) NOTE:  If the tunnel i

How to Allow a Single/subset of YouTube Videos and Block All Other Videos for that you require two step need to follow- ​ SSL decryption needs to be enabled. QUIC protocol needs to be disabled because it bypasses SSL decryption Create a new Custom URL Category to allow only the wanted YouTube video(s). Get to your URL filtering policy inside of the  WebGUI > Objects > Custom Objects > URL Category. Then click  Add  to create a new Custom URL Category. A new window will pop up

Palo Alto Networks Fireewall Maps IP addresses to usernames Maps usernames to group names PAN-OS Integrated User-ID Agent Runs on the firewall Collects IP address to username information Windows-based User-ID Agent Runs on a domain member Collects IP address-to-username information Sends information to the firewall Palo Alto Networks Terminal Services Agent Runs on Micorsoft and Citrix terminal servers Collects IP and port nubmer to username information     Sends information

Security Profiles in Palo Alto: In Palo Alto Networks, security profiles are a set of configurations that control how network traffic is processed and protected. These profiles are applied to interfaces on the firewall and are used to enforce security policies. Anti-virus : This profile is used to detect and prevent the spread of malware and viruses. Anti-spyware : This profile is used to detect and prevent spyware from being installed on network devices. Vulnerability protec

Online Lab for Palo Alto Firewall Step 1: Access the Website Go to the website: https://portal.netdevgroup.com/learn Create your account and log in using your username and password. Step 2: Purchase the Basic Palo Alto Lab Buy the basic Palo Alto lab for only $30 . Step 3: Lab Topics and Documentation Once purchased, the lab provides you with the following: Proper documentation for the lab setup. You can manually perform tasks such as: Creating basic configurations. Setting u

How to upgrade Paloalto firewall- Why we need upgradation --- -->> Bug fixes that are not available in current version -->> Current version is going to End of Life soon --->> Patches for security vulnerabilities in PAN-OS Before starting upgrade, we need to understand a few things -- -->>  Before you upgrade, make sure the firewall is running a version of app + threat (content version) that meets the minimum requirement of the new PAN-OS   --->> Recommendation is  always run

General Command----show system info  =    //shows the uptime, serial number, ... show system environmentals  =  //e.g. power supply failures show ntp  = / /time server show session info  = / /packet rate, number of sessions, fastpath active, etc. show session id <id> = //session id show interface { all | <interface-name> } = //all interface show routing route     = //routing table (all routes) show routing fib   = //forwarding table (only used routes) show routing pro

SECTION 1: OVERVIEW SECTION 2:   INGRESS STAGE 2.1 PACKET PARSING 2.2  TUNNEL DECAPSULATION 2.3  IP DEFRAGMENTATION SECTION  3:   FIREWALL SESSION LOO KUP 3.1.    ZONE PROTECTION CHECKS 3.2.    TCP STATE CHECK 3.3.    FORWARDING SETUP 3.4.    NAT POLICY LOOKUP 3.5.    USER- ID 3.6.    DOS PROTECTION POLICY LOOKUP 3.7.    SECURITY POLICY  LOOKUP 3.8.    SESSION ALLOCATION SECTION 4:   FIREWALL SESSION FAS T PATH SECURITY  PROCESSING CAPTIVE  PORTAL SECTION 5:   APPLICATION IDE

PaloAlto cheat sheet Show Command-- Debug command-- -->> debug routing pcap <routing-protocol> on -->> debug routing pcap show -->> debug routing pcap <routing-protocol> view -->> debug routing pcap <routing-protocol> off -->> debug routing pcap <routing-protocol> delete -->> tail follow yes mp-log routed.log -->> show routing path-monitor -->> debug routing path-monitor USE Test command-- -->> test routing fib-lookup virtual-router default ip <ip> -->> test vpn ipsec-sa tunn