This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4127 Views
  • 0 replies
  • 0 Likes

Resolved! Per port session TTL

Hi, Am I correct when I state that a PAN firewall cannot set different timeouts per used port?Fortigates and Junipers seem to have this option, where they can set their defaults and specify -if required, for certain ports.On a PAN device, I don't think I'll have this option to do so, without prolonging them for all services and impacting more th...

Arne-VDH by L3 Networker
  • 3357 Views
  • 2 replies
  • 0 Likes

PAN OS 7.1.2

Just updated the FW to PAN OS 7.1.2. The UI looks very mordern ! The ACC page has been re-designed , looks better, is there any way to customise the panes ?

RC-BHF by L2 Linker
  • 3426 Views
  • 4 replies
  • 0 Likes

Single AD Forest Multiple Domains with Group Mapping & Global Protect

Does anyone have any best practives on how to configure Multi-Domain authentication with Global Protect? I see how to map/sync groups in multiple domains in my forest, but not entirely sure the process for the Global Protect end. Right now I am using Kerberos and the realm in one domain. Obviously this won't work in the other. Do I do someth...

NickThen by L2 Linker
  • 2872 Views
  • 1 replies
  • 0 Likes

PAN as VPN Client ipsec psk+xauth

I am a bit new at VPN stuff - I have a PAN-500, i configured VPN for users just fine (IPSec+xauth "cisco compatible" so it works with pretty much anything), as well as static site to site IPSec tunnels. What I cannot figure out how to do is make my box be a client, in this case I want to connect to Cisco Devnet Labs, which works fine with a ci...

Resolved! "LAN" Interface Failover configuration - Primary: dedicated Line, Secondary: VPN

Hi there, maybe it's not that complicated but I didn't find a post for this scenario: The LAN of our Clients are in Location1 (~ 200 km) The LAN of our Servers are in Location2 Location1 and 2 are using the same firewall which is stored in Location 2 because Location 1 has a dedicated line to Location 2. The Primary connection between Loca...

Resolved! global protect client

Connect option grayed out under status tab on global protect client? Anyone know what the cause is and the fix?

jdprovine by L4 Transporter
  • 4554 Views
  • 6 replies
  • 0 Likes

Cannot Change Application Risk Category Customization

I'm running 7.1.2, but the problem started after 7.1 beta update, I believe. Setting an applicaiton risk category manually results in it showing up correctly in the application's open window details; however, the firewall will only recognize the default risk category. This has effectively rendered my applcation filter rule useless. I have trie...

rrubino by L0 Member
  • 3230 Views
  • 3 replies
  • 0 Likes

Rule to block TOR Application blocks all traffic directed to Internet

Hello Community, we have an issue when we try to block TOR application. We do a rule like the image reported below and put it on top of the rulebase: But it seems that all Internet traffic is dropped by the rule named "Tor_Blocking". We see the Application is "Not-Applicable" on all log files. It seems PaloAlto cannot resolve properly th...

Rule_TOR.png
LOG_TOR.png

Sample configurations and logs for PAN-OS and Panorama for VM-Series Base Images

Dear PA, In order to enhance my learning effect with PA products, I installed VM workstation 12 Player and downloaded and ran the PA-VM-ESX-7.1.0 Base Images in it. The PAN-OS (Play virtual machine) runs fantastic on windows 7. I enjoyed playing around in the VM, but I missed the sample configuration and logs in order to understand the outcome...

Captive portal user-id for all services

Hi, I have set up a captive portal for services http and https. The captive portal works well and I get user-id/IP mapping in the logs. The rules are then applied based on the user group membership (AD). However, this user-id mapping does not work for all services and therefore some rules are not applied based on the user-id... The sessions ar...

Screen Shot 2016-05-21 at 6.45.36 PM.png
Screen Shot 2016-05-21 at 6.43.42 PM.png
JBOURDON by L0 Member
  • 3341 Views
  • 3 replies
  • 0 Likes

Terminal Server Agent service account issue.

Configured a new TS on palo alto and installed agent on the server. Already have 2 TS configured on the PA and running fine.This new server has 2 service accounts with both needing internet access. These are adsync and centrify service accounts. I can see mapping of the users who are logging to TS server but service accounts are having issues. c...

Resolved! NSX Tags IP information gets lost between Panorama and 5060's

Hello, We are sending NSX Tags with IP's to Panorama, in Panorama everything shows up great, then when we go to our Physical 5060's Edge Firewalls we see the Tags but the IP information is missing. This makes it hard to build North/South Rules if it dosn't know what the IP addresses are for the Tags. Anyone know what we might be missing? How ...

dschmidt by L0 Member
  • 2764 Views
  • 2 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks