This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4136 Views
  • 0 replies
  • 0 Likes

port 2000 and NMAP

I'm having an issue where any traffic through palo alto using destination port 2000 will create a tcp handshake and no more traffic will pass. I've talked to support and no traffic is being dropped by the firewall. i've added a rule to allow tcp 2000 as a service so it shouldn't be doing anything with the appid and no difference in behavior. A...

Mat_FA by L1 Bithead
  • 8511 Views
  • 5 replies
  • 0 Likes

Automatic VPN Failover

Dear Friends, IF 1 ISP link goes down of operator END we unable to automatically forward to another ISP link. please suggest how to do this. i am using PAN-3020 with 1 ISP and Operator END cisco with 2 ISP. Regards Satish

Satish by L4 Transporter
  • 4544 Views
  • 6 replies
  • 0 Likes

GlobalProtect Portal Banner Message

Would anyone have a simple example that would allow me to put a warning banner below the login table on the GP Portal page? I'm no HTML expert and have tried to follow some of the posts and documents here, but am not having any luck. I have made sure to set the custom login page in the portal configuration page, but the text I tried to add doe...

dan731028 by L3 Networker
  • 2613 Views
  • 2 replies
  • 0 Likes

Resolved! SSL Decryption

Hello We have recentley tuned on SSL Decryption for some users. Since then we are getting some SSL sites that cannot be accessed due to cypher mismatch. It is something we were exepcting, but not the amount of URL this is happneing for. My question, is there a setting that I can turn on that will allow the site to be accessed if the SSL Decr...

RC-BHF by L2 Linker
  • 2861 Views
  • 2 replies
  • 0 Likes

Multi-VR routes and security policies issues

I have an issue where we have mulit-VRs in place 1) default and 2nd) VR that is utilized for DMZ and untrust routes Both VR's share a common zone name "public" for example. I have issues routing where for instance I have my internal network segments in the VR's FIB's and my routed networks fail to return back through the correct interfaces....

CZaloba by L0 Member
  • 3752 Views
  • 2 replies
  • 0 Likes

Global Protect DNS Suffix Not Propogating to Client

Hi, I have a strange issue where my Global Protect SSL Client connects to the firewall with no issues. I get the IP, the routes and the DNS servers but I don't get anything listed in the DNS Suffix entry. I have configured the DNS Suffix correctly under 'Global Protect Gateway', 'Client Configuration', 'Network Settings' and can even see the...

MHaran by L1 Bithead
  • 8036 Views
  • 5 replies
  • 0 Likes

syslog configuration

Hi, I have attached my syslog configuration . but in my syslog i missed most of the logs . then assigned to the policy To forward all the logs , attached configuration what if i choose another facilty ? if i put one interface in tap mode can i forward the log to syslog server Thanks

Palo alto syslog server.png
server pofile.png
sib2017 by L4 Transporter
  • 5186 Views
  • 4 replies
  • 0 Likes

Wildfire

So currently I am using wildfire but only choosing to forward the file. Is anyone using the block option? If so are what are the pros and cons?

jdprovine by L4 Transporter
  • 4623 Views
  • 7 replies
  • 0 Likes

vwire & VLAN tagging?

Hi all,Is there any issue with configuring a vwire for both tagged and untagged traffic. For example use VLAN tag 0 AND whatever my real tags would be, like 1, 100, 200, etc. I'm assuming it will be fine since there is an option for 0-4094.Any issues or limitations I should be aware of? Thanks for your support!

BigIr0n by L0 Member
  • 10879 Views
  • 6 replies
  • 0 Likes

User-ID Group Mapping for Multi Domain Single forest

Hi everyone. I'm trying to setup a User-ID installation for our multi-domain Active Directory environment. Here is a rundown on what we have DomainA = Workstations, groups, users, servers, etc. The main domain where everything is conducted DomainB = legacy domain where some user accounts are located. I've installed the User-ID agent on a Win...

Resolved! Manual failback for PBF

Is there a way to force PBF rules to have to be manually failved back? As it is now, if our primary ISP fails, we failover to a secondary ISP using PBF. However, once the primary is back up, things fail back to it immediately. We would like to prevent the immediate fail back and not use a timer. ISP recoveries often times flap for a period of ti...

cburke by L1 Bithead
  • 7227 Views
  • 9 replies
  • 0 Likes

Losing group mappings suddenly

Hi, We have a PA3020 with PanOS 6.1.10. We are having problem with any groups, suddenly the Palo Alto loses group mappings in 2 groups and the rule stops matching, we dont know why PA stops identifying the groups. I have checked the useridd.log file and i see these errors in the groups...why? Error: pan_ldap_ctrl_search_single_group(pan_l...

Aggregate Ethernet Considerations

Hello Everyone, I just want to double check my understanding of AE interfaces limitations indicated below. Appreciate your feedback. 1. I cannot mix 1G copper interfaces with 1G fiber interfaces in the same AE. Is this correct for all platforms and OS versions? 2. I cannot create more than 8 AE interfaces on the same box. Is this correct...

Resolved! Unable to commit config - Invalid Auth Profile After 7.0.5 update

Hi, We recently updated to 7.0.5 and I cannot commit changes anymore. Error: ______________ Invalid global authentication profile POV-Auth-Profile, only radius auth profile or auth sequence is supported. Configuration is invalid Validation Error: deviceconfig -> system -> authentication-profile 'POV-Auth-Profile' is not a valid refere...

PCoIP traffic getting dropped because it's using SSL

I have VMWare View clients and I'm trying to set up the rule with the vmware-view App-ID, but the traffic gets dropped at PCoIP. The PA logs are showing tcp/4172 as SSL, even though PCoIP has port tcp/4172 defined. Is this an issue with the App-ID not identifying secure PCoIP?

Maxstr by L3 Networker
  • 10610 Views
  • 13 replies
  • 0 Likes
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks