This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4126 Views
  • 0 replies
  • 0 Likes

Bug in password-string when using GlobalProtect with LDAP?

We had some users, who were not able to use VPN. they alway got XML parse-errors in the GlobalProtect Agent log. We finaly found out, that this users had '<' or '>' in theire passwords. when thy changed theire passwords in some string without these characters, the xml-errors disappeared and thy could login. we are using GlobalProtect Age...

inheco by L0 Member
  • 2919 Views
  • 2 replies
  • 2 Likes

PA-VM Update Check Fails

We have recently deployed PA-VM to ESXi for testing and we have found that any attempt to upgrade the unit fails with a very vague message. cfg.platform.serial': NO_MATCHES 'cfg.general.vm-mode-type': NO_MATCHES 2016-03-10 09:14:42.447 -0800 updater error code:-1 2016-03-10 09:14:48.140 -0800 Error: refresh_uploaded_image_info(pan_ops_common.c:...

xandout by L1 Bithead
  • 11810 Views
  • 10 replies
  • 0 Likes

IP SLA - but not dual ISP. Receiving and Forwarding from the same Interface.

hi, I know PA doesn't have IP SLA and i've read documents that talks about using VR and PBF to handle dual ISPs.this works with an ASA but not sure how to do it with PA. But there's a slight difference on my implementation and it seems to fail with a lot of SSL sites: I have two links at each site.First Link, ISP <----> Palo alto (10.1.1.1...

7.0.3 upgrade

I am planning on upgrading the PA 5050 os from 6.1.7 to 7.0.3. I have been reading over the changes and I think it would be beneficial to see examples instead of description of what changes are , anyone have any recommendations

jdprovine by L4 Transporter
  • 15905 Views
  • 27 replies
  • 0 Likes

Global Protect w/ OTP RE: disconnect/recovery timer tolerance?

We have implimented Global Protect with radius authentication, username/password and a second prompt for OTP, this works great most of the time. We have noticed that when our users connect from poor WiFi, or internet connections, there are times where connections drops out momentairly. This results in Global Protect disconnecting. The user the...

pwebber by L2 Linker
  • 3340 Views
  • 3 replies
  • 0 Likes

Resolved! Block Vpn

Hi, How to block ssl vpn and ipsec vpn going from trust to untrust . I suspect few users are using like free vpn services like tunnel beer and hola vpn . How can i search those users from palo alto log. Some users are connected from inside to outside world (for official purpose ) using cisco anyconnect (ssl ) and ipsec .And i don't wa...

sib2017 by L4 Transporter
  • 5570 Views
  • 2 replies
  • 0 Likes

PA doesn't cover DROWN Attack?

A customer has been warned about DROWN attack (https://drownattack.com/) on one of its servers. As a server is behind PA I thought there was no risk. But searching through signature database I didn't find anything about DROWN attack. I've also checked all CVEs connected with attack (CVE-2015-3197, CVE-2016-0703, CVE-2016-0800) and PA doesn't hav...

santonic by L6 Presenter
  • 7278 Views
  • 8 replies
  • 1 Likes

Resolved! Multiple PBF probes?

We would like to configure PBF to failover when several conditions are met. For instance, if we can't ping our next hop AND we can't ping some public server(s). The idea being, while our next hop might be pingable, there may be a routing issue in the ISP. Therefore, you want to know to if you should failover based on remote beacons. However, we ...

cburke by L1 Bithead
  • 4818 Views
  • 5 replies
  • 0 Likes

UserID instances

I would like to know if we can use the same UserID agent software for 2 domains in different windows machines. If we cant do it, we need to know if we can run 2 diferent instances of UserId agent in the same windows machine pointing to 2 different domains.

"Unusual traffic from your computer network"

Hi, Users are often getting the message from google and they are forced to enter captcha "Unusual traffic from your computer network",when i check palo alto it seems very normal . Is there a way to classify or monitor the users who really sending bulk traffic to google . When i capture the traffic from the moment user hit google.com , the so...

sib2017 by L4 Transporter
  • 8710 Views
  • 1 replies
  • 0 Likes

Resolved! Can we tweak a vuln threat sig settings?

I'm looking to tweak the "40015 SSH User Authentication Brute-force Attempt" which currently fires at 20 ssh attempts within 60 seconds - I'm looking to increase that 20 number. For some reason I can't think of how to easily tweak it right now... maybe I need more coffee to join my synapses. Can someone assist?

ulti by L3 Networker
  • 6233 Views
  • 2 replies
  • 0 Likes

Resolved! Subsecond failover with active/passive firewalls running dynamic routing possible?

Has anyone been able to successfully get subsecond failovers to work with active/passive firewalls running dynamic routing protocols such as BGP or OSPF? In our lab testing, it appears we can get the firewall to failover instantly, but then it takes BGP a few seconds to drop/re-establish. Our next testing will be OSPF to see if that helps spee...

jmurphy by L2 Linker
  • 3871 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks