This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Resolved! Globalprotect client authenticate with a certificate not working anymore

Since we use our Palo Alto firewall, our users there Global Protect Client authenticate with the firewall through a certificate that is deployed thorugh Active Directory. Our Global Protect Client version is 3.0.2.Since we updated our Pan-Os version to 7.0.6 this method of authentication does not work anymore.THe client tries to authenticate and...

PA.JPG
PA_Portal.JPG
ZEBIT by L3 Networker
  • 5216 Views
  • 9 replies
  • 0 Likes

Slow download over decrypted TLS sessions?

I've noticed that downloads that occur over decrypted TLS sessions are incredibly slow since upgrading my PA-3050s to PAN-OS 6.1.x (now on version 6.1.12). Sometimes they don't even complete at all, either failing or just sitting forever. For example, I once tried to download a 70 MB file and it was sitting at about 18% complete seven hours la...

Resolved! RSH session issue passing through the Palo Alto

Hi Guys, Interesting one. 1x2.1x4.1x4.1x5 makes an initial connection using RSH the 192.168.0.20 then creates a separate RSH session back to the originating server but this always fails as the Palo seems to ignore the rule and NAT that is in place for this. Any suggestions/advises are welcome. Thanks

Brightcloud connection error

I have a PA-500 that is receiving the error of:opaque: Failed to connect to Brightcloud update server service.brightcloud.com, initiated by 192.168.75.30 eventid: connection-failureThere seems to be no connectivity issues to URLs for the users. Just this sys log being generated. The updates are set to every morning at 3:00am and work perfectly f...

jprice2 by Not applicable
  • 7710 Views
  • 12 replies
  • 0 Likes

Automate GlobalProtect VPN connection

Hi All, We are trying to automate connections using the GlobalProtect VPN with a batch script. There's a way to accomplish it? I've tried to use the PanGPA.exe in "C:\Program Files\Palo Alto Networks\GlobalProtect\" without success. Any kind of help would be greatly appreciated. Kind Regards,FRG

fruiz5 by L1 Bithead
  • 11217 Views
  • 9 replies
  • 0 Likes

DNS-proxy BUG 7.1.2 using capital letters

Just wanted to put it out there.I upgraded to 7.1.2 yesterday and a lot of my static dns entries stopped working. after some playing around i figered out that it was because i was using capital letters in my entries. I changed them to lowercase and everything was working again.I do not know if the bug was already present in any other 7.1.x

Whats PAN's future for TLS decrypt with many sites now moving to Diffie-Hellman based ciphers ONLY?

Does PAN have any plan for better managing the current state of TLS decryption now that Diffie-Hellman based ciphers are becoming the default standard? PAN currently only supports the below ciphers, and when presented with a website that ONLY supports DH ciphers it appears to just reset the connection instead of failing open. Manually whitelisti...

CMG by L2 Linker
  • 8915 Views
  • 8 replies
  • 14 Likes

Application override with custom application and threat detection

I want to build a custom application with application override and still be able to scan for threats.On the website of Palo Alto, there is this text: If you define an application override, the firewall stops processing at Layer-4. The custom application name is assigned to the session to help identify it in the logs, and the traffic is not sca...

Resolved! Block http traffic to numeric URLs

Hi, I was ordered to block all http and hhtps traffic to addresses without a dns name. In other words user have to put in a network name in the browser and are not allowed to type an IP address in the address field. As the thinking behind is blocking malware communication I have to block this traffic at the firewall and not at the browser. S...

PA identifying traffic from AKAMAI as BruteForce.

Hi guys, Context: For the past 24 hours we've had constant reports of a Brute force attack on our servers originating from the Akamai CDN's. I'm unsure whether this is simply a false positive, or if there something to actually worry about. I've submitted a ticket to ccare@akamai.com with the same information - hoping for a response. Bel...

MIGAS by L1 Bithead
  • 8558 Views
  • 8 replies
  • 0 Likes

Panorama not generating summary logs

Hi, I have an unlicensed Panorama (for the sake of testing) to aggregate logs from the Palo Alto. I've set up log forwarding on the firewall, Panorama is receiving logs and detailed traffic is showing up properly, but there are no summary logs generated at all (#show log dailytrsum and others). Basically all summary logs are empty, so no summar...

nikoo by L3 Networker
  • 2186 Views
  • 1 replies
  • 0 Likes

CVE-2004-2761 and CVE-2008-5161 vulnerability applicable to PAN 7.0.3

Hi all, Hope everyone doing great. I have a Palo alto firewall running in 7.0.3 version. Recently there was an audit happened and submitted some vulnerabilities found in our firewall. I am very curious to know that whether captioned vulnerability appiicable to PAN 7.0 or not. Below are the description for the vulnerabilities: • SSL Certifi...

Resolved! How to downgrade HA pair from 7.1.X to 7.0.X version.

Hi Guys, What is going to be a right way/steps to downgrade PA from the version mentioned above? 1) Disable "preemption" on the both nodes. Commit changes. 2) On the "passive" node load config that matches your version. Let say l am going to install 7.0.1. So config has to be compatible with this version. Install and reboot. 3) Passive back ...

Resolved! EBL Issues

I've just started to test working with an EBL to quickly update a block list without having to apply the URL Filter to all of the different groups that we have. I've verified that I have connection to the document and that the Palo Alto sees it but I can't actually get it to stop showing traffic, instead the HTTP Request Brute Force Attack reset...

BPry by Cyber Elite
  • 8304 Views
  • 11 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks