This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4477 Views
  • 0 replies
  • 0 Likes

Resolved! User based ssl decryption

Hi, I try to test ssl forward proxy decryption. It works fine if I use IP address as a source but if I use Users(domain) as a source it doesn't work. I can't use IP's for testing because our IP's floating. What I need to check in configuration? Toni

ToniE by L2 Linker
  • 8573 Views
  • 12 replies
  • 0 Likes

Resolved! GlobalProtect 3.0.2 setting VPN DNS on WiFi adapter

Hi, I'm having a single client, running Windows 10 Pro, that we're having issues with.When the user connects to their network at home, they are unable to connect to VPN, and it seems like the issues is caused by GlobalProtect setting the WiFi adapter's DNS-address to that of the VPN proxy DNS. I have tried against mobile hotspots, and the same i...

arvesynd by L3 Networker
  • 11772 Views
  • 8 replies
  • 0 Likes

Resolved! QOS & Aggregate Interfaces

Hello,In our QOS Aggregate Eth. Interfaces we cannot assign an egress value greater than 1000.(LACP Bundle is 2 x 1Gbit on eth4 + eth5)Why ?Do we throttle down throughput to 1 GBit/sec. in the Aggregate ?Shall we leave egress value in profile and Interfaces “0” ?no Feature description found in “in What's New in PAN-OS 7.0”

rekuhn by L2 Linker
  • 3051 Views
  • 1 replies
  • 0 Likes

Resolved! Globalprotect client authenticate with a certificate not working anymore

Since we use our Palo Alto firewall, our users there Global Protect Client authenticate with the firewall through a certificate that is deployed thorugh Active Directory. Our Global Protect Client version is 3.0.2.Since we updated our Pan-Os version to 7.0.6 this method of authentication does not work anymore.THe client tries to authenticate and...

PA.JPG
PA_Portal.JPG
ZEBIT by L3 Networker
  • 5405 Views
  • 9 replies
  • 0 Likes

Slow download over decrypted TLS sessions?

I've noticed that downloads that occur over decrypted TLS sessions are incredibly slow since upgrading my PA-3050s to PAN-OS 6.1.x (now on version 6.1.12). Sometimes they don't even complete at all, either failing or just sitting forever. For example, I once tried to download a 70 MB file and it was sitting at about 18% complete seven hours la...

Resolved! RSH session issue passing through the Palo Alto

Hi Guys, Interesting one. 1x2.1x4.1x4.1x5 makes an initial connection using RSH the 192.168.0.20 then creates a separate RSH session back to the originating server but this always fails as the Palo seems to ignore the rule and NAT that is in place for this. Any suggestions/advises are welcome. Thanks

Brightcloud connection error

I have a PA-500 that is receiving the error of:opaque: Failed to connect to Brightcloud update server service.brightcloud.com, initiated by 192.168.75.30 eventid: connection-failureThere seems to be no connectivity issues to URLs for the users. Just this sys log being generated. The updates are set to every morning at 3:00am and work perfectly f...

jprice2 by Not applicable
  • 8040 Views
  • 12 replies
  • 0 Likes

Automate GlobalProtect VPN connection

Hi All, We are trying to automate connections using the GlobalProtect VPN with a batch script. There's a way to accomplish it? I've tried to use the PanGPA.exe in "C:\Program Files\Palo Alto Networks\GlobalProtect\" without success. Any kind of help would be greatly appreciated. Kind Regards,FRG

fruiz5 by L1 Bithead
  • 11663 Views
  • 9 replies
  • 0 Likes

DNS-proxy BUG 7.1.2 using capital letters

Just wanted to put it out there.I upgraded to 7.1.2 yesterday and a lot of my static dns entries stopped working. after some playing around i figered out that it was because i was using capital letters in my entries. I changed them to lowercase and everything was working again.I do not know if the bug was already present in any other 7.1.x

Whats PAN's future for TLS decrypt with many sites now moving to Diffie-Hellman based ciphers ONLY?

Does PAN have any plan for better managing the current state of TLS decryption now that Diffie-Hellman based ciphers are becoming the default standard? PAN currently only supports the below ciphers, and when presented with a website that ONLY supports DH ciphers it appears to just reset the connection instead of failing open. Manually whitelisti...

CMG by L2 Linker
  • 9118 Views
  • 8 replies
  • 14 Likes

Application override with custom application and threat detection

I want to build a custom application with application override and still be able to scan for threats.On the website of Palo Alto, there is this text: If you define an application override, the firewall stops processing at Layer-4. The custom application name is assigned to the session to help identify it in the logs, and the traffic is not sca...

Resolved! Block http traffic to numeric URLs

Hi, I was ordered to block all http and hhtps traffic to addresses without a dns name. In other words user have to put in a network name in the browser and are not allowed to type an IP address in the address field. As the thinking behind is blocking malware communication I have to block this traffic at the firewall and not at the browser. S...

PA identifying traffic from AKAMAI as BruteForce.

Hi guys, Context: For the past 24 hours we've had constant reports of a Brute force attack on our servers originating from the Akamai CDN's. I'm unsure whether this is simply a false positive, or if there something to actually worry about. I've submitted a ticket to ccare@akamai.com with the same information - hoping for a response. Bel...

MIGAS by L1 Bithead
  • 8909 Views
  • 8 replies
  • 0 Likes

Panorama not generating summary logs

Hi, I have an unlicensed Panorama (for the sake of testing) to aggregate logs from the Palo Alto. I've set up log forwarding on the firewall, Panorama is receiving logs and detailed traffic is showing up properly, but there are no summary logs generated at all (#show log dailytrsum and others). Basically all summary logs are empty, so no summar...

nikoo by L3 Networker
  • 2243 Views
  • 1 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks