General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

DLP (DataPatrol) signed DLL injection into Word blocked by agent — permanent exception?

Our DLP watermarks documents by injecting a signed DLL into WINWORD.EXE on print. The Cortex agent blocks the injection — page prints with no watermark, DLL never loads. Works fine with the agent removed. Persists in Report mode, generates no alert/prevention event. Tried a Disable Prevention rule (signer + thumbprint, all modules, global) — no ...

Override url ocsp and responder ocsp global protect VPN

Hi everyone, present, i have VPN global protec Authentication two factor with certificate and radius, by interface management The current setup is as follows: The Palo Alto firewall acts as both the gateway and the OCSP responder. The OCSP responder is configured to use the management IP address, and the OCSP Override URL also points to the ma...

HAINVH by L1 Bithead
  • 215 Views
  • 3 replies
  • 0 Likes

IBM registry via PaloAlto authentication fails

Hi, Here's a polished rewrite: Just wondering if anyone has come across an IBM Container Registry authentication issue where the registry traffic is routed through PaloAlto Akamai geo-location edge servers (for example, cp.icr.io). I experienced intermittent authentication failures where the login process would hang and never complete. After s...

SIEM posting Botnets , but Firewall do not

We are currently experiencing a situation in which we are receiving requests to our public segment pool. According to a syslog that Palo Alto sends to our SIEM, many of these IP addresses are part of a botnet. However, when we checked Palo Alto, we did not see this information in the traffic log. The SIEM/Sentinel is enriching logs received ...

F.Pinar by L3 Networker
  • 205 Views
  • 1 replies
  • 0 Likes

Resolved! Login issues after password complexity change

We changed the password complexity and history settings on our firewall a couple of days ago.After committing the changes the local users are not able to login on the firewall.So we tried to boot into maintenance mode by connecting through a console cable in order to roll back to a older running config.This did not do anything though, because th...

ilirrama by L1 Bithead
  • 5784 Views
  • 6 replies
  • 0 Likes

MAC and captive portal

Hi, Im having an issue with Macbooks. We have a captive portal that uses SAML authentication. If we open Chrome, the captive portal appears and the authentication completes successfully, but no other applications work besides Chrome. Additionally, if we use any other browser, such as Safari, the captive portal does not appear at all. Any ide...

BigPalo by L4 Transporter
  • 280 Views
  • 1 replies
  • 0 Likes

Captive portal auth doubt

Some people complain of the captive portal redirecting them when they are in the middle of filling out a form, or doing work on a online portal, is it possible for the captive portal to appear in a different tab like a pop-up instead of a redirect?

BigPalo by L4 Transporter
  • 103 Views
  • 1 replies
  • 0 Likes

Validation of the PAN VPN, SSID, and PEAP-TEAP Protocols

Hi Team I got a question : During a previous session with end user, it was determined that, following the migration from PEAP to TEAP on the metropolitan area’s wireless network, 802.1X authentications fail to complete correctly when traversing the site-to-site VPN between a branch and the corporate headquarters.From a technical standpoint, t...

F.Pinar by L3 Networker
  • 291 Views
  • 2 replies
  • 0 Likes

Resolved! SNMP OID to monitor subinterfaces?

Hi AllWe are currently trying to monitor Layer 3 sub-interface bandwidth via SNMP. I've been checking the enterprise MIBs for palo alto, and there doesnt seem to be any such OID. Does anyone have an idea what OID to use, if even possible, to monitor a subinterface, for example, ethernet1/12.12?Many Thanks All!RegardsDavid Vassallo

dvas0004 by Not applicable
  • 5584 Views
  • 6 replies
  • 0 Likes

Avoid reauth in Captive portal

Hi, I have captive portal for auth users with SAML. Users are being prompted to reauthenticate after 20 minutes more or less. Where can the timeout be increased, or how can the requirement to reauthenticate every X amount of time be removed?

BigPalo by L4 Transporter
  • 358 Views
  • 2 replies
  • 0 Likes

GlobalProtect is no longer able to retrieve information for Trend Micro Apex One Security Agent

We are experiencing an issue where GlobalProtect is no longer able to retrieve information for Trend Micro Apex One Security Agent. As a result, our HIP Objects that rely on this product are no longer matching correctly, and we cannot enforce the related security policies. Everything was working as expected until 17 June 2026, when the issue app...

Is PAN-OS 11.1.4-h33 vulnerable?

Dear Community Members, I want to ask couple of things: Is the PAN OS 11.1.4-h33 vulnerable based on CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI and should be upgraded to PAN OS version 11.1.4-h34 and above? For PA-14020 it came with a base of 11.1.0, can this support to move to other based P...

  • 24391 Posts
  • 123 Subscriptions
Top Solution Authors
Labels