General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Captive portal reauth

Im using captive portal in Palo Alto and each 3-4 hours i receive this: I need to reauth. Why is happening this? any timeout o cookie? where should i check?

Captura de pantalla 2026-07-02 132032.jpg
BigPalo by L4 Transporter
  • 12 Views
  • 0 replies
  • 0 Likes

MAC and captive portal

Hi, Im having an issue with Macbooks. We have a captive portal that uses SAML authentication. If we open Chrome, the captive portal appears and the authentication completes successfully, but no other applications work besides Chrome. Additionally, if we use any other browser, such as Safari, the captive portal does not appear at all. Any ide...

BigPalo by L4 Transporter
  • 302 Views
  • 2 replies
  • 0 Likes

Orphaned Cortex XDR Agent enforcing USB read-only on personal laptop

Hello, I have a personal Windows 11 Pro laptop with Cortex XDR Agent 9.2.0 installed. The agent is no longer connected to any management server and the GUI shows: Connection: No connection to server However, Device Control is still active. Every time I connect my Samsung T7 Shield external SSD, I receive the notification: "Cortex XDR | Device Co...

Options to parse Syslog messages containing linebreaks

Hello everyone! I am facing a problem and hope someone can provide me with answers I have yet to find.I am parsing syslog data into XSIAM, from a certain kind of our systems.One of the entries in the original data for one of these systems may contain a linebreak (\n).As this linebreak is not (properly?) escaped, this breaks the original messag...

IPSec Dynamic Peer VPN, failure to send traffic over attached tunnel interface

Is anyone aware of a known issue with sending traffic over an IPSec tunnel interface when using multiple dynamic peers with FQDN (host) peer identification? I have multiple existing branch locations connected to the PA with IKEv2 IPSec tunnels using dynamic FQDN (host) peer identification from Cisco branch routers. Up to now it has worked fine...

IBM registry via PaloAlto authentication fails

Hi, Here's a polished rewrite: Just wondering if anyone has come across an IBM Container Registry authentication issue where the registry traffic is routed through PaloAlto Akamai geo-location edge servers (for example, cp.icr.io). I experienced intermittent authentication failures where the login process would hang and never complete. After s...

DLP (DataPatrol) signed DLL injection into Word blocked by agent — permanent exception?

Our DLP watermarks documents by injecting a signed DLL into WINWORD.EXE on print. The Cortex agent blocks the injection — page prints with no watermark, DLL never loads. Works fine with the agent removed. Persists in Report mode, generates no alert/prevention event. Tried a Disable Prevention rule (signer + thumbprint, all modules, global) — no ...

Override url ocsp and responder ocsp global protect VPN

Hi everyone, present, i have VPN global protec Authentication two factor with certificate and radius, by interface management The current setup is as follows: The Palo Alto firewall acts as both the gateway and the OCSP responder. The OCSP responder is configured to use the management IP address, and the OCSP Override URL also points to the ma...

HAINVH by L1 Bithead
  • 240 Views
  • 3 replies
  • 0 Likes

SIEM posting Botnets , but Firewall do not

We are currently experiencing a situation in which we are receiving requests to our public segment pool. According to a syslog that Palo Alto sends to our SIEM, many of these IP addresses are part of a botnet. However, when we checked Palo Alto, we did not see this information in the traffic log. The SIEM/Sentinel is enriching logs received ...

F.Pinar by L3 Networker
  • 224 Views
  • 1 replies
  • 0 Likes

Resolved! Login issues after password complexity change

We changed the password complexity and history settings on our firewall a couple of days ago.After committing the changes the local users are not able to login on the firewall.So we tried to boot into maintenance mode by connecting through a console cable in order to roll back to a older running config.This did not do anything though, because th...

ilirrama by L1 Bithead
  • 5800 Views
  • 6 replies
  • 0 Likes

Captive portal auth doubt

Some people complain of the captive portal redirecting them when they are in the middle of filling out a form, or doing work on a online portal, is it possible for the captive portal to appear in a different tab like a pop-up instead of a redirect?

BigPalo by L4 Transporter
  • 115 Views
  • 1 replies
  • 0 Likes

Validation of the PAN VPN, SSID, and PEAP-TEAP Protocols

Hi Team I got a question : During a previous session with end user, it was determined that, following the migration from PEAP to TEAP on the metropolitan area’s wireless network, 802.1X authentications fail to complete correctly when traversing the site-to-site VPN between a branch and the corporate headquarters.From a technical standpoint, t...

F.Pinar by L3 Networker
  • 301 Views
  • 2 replies
  • 0 Likes
  • 24395 Posts
  • 123 Subscriptions
Top Solution Authors
Top Liked Authors
Labels