This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4254 Views
  • 0 replies
  • 0 Likes

vwire & VLAN tagging?

Hi all,Is there any issue with configuring a vwire for both tagged and untagged traffic. For example use VLAN tag 0 AND whatever my real tags would be, like 1, 100, 200, etc. I'm assuming it will be fine since there is an option for 0-4094.Any issues or limitations I should be aware of? Thanks for your support!

BigIr0n by L0 Member
  • 10996 Views
  • 6 replies
  • 0 Likes

User-ID Group Mapping for Multi Domain Single forest

Hi everyone. I'm trying to setup a User-ID installation for our multi-domain Active Directory environment. Here is a rundown on what we have DomainA = Workstations, groups, users, servers, etc. The main domain where everything is conducted DomainB = legacy domain where some user accounts are located. I've installed the User-ID agent on a Win...

Resolved! Manual failback for PBF

Is there a way to force PBF rules to have to be manually failved back? As it is now, if our primary ISP fails, we failover to a secondary ISP using PBF. However, once the primary is back up, things fail back to it immediately. We would like to prevent the immediate fail back and not use a timer. ISP recoveries often times flap for a period of ti...

cburke by L1 Bithead
  • 7340 Views
  • 9 replies
  • 0 Likes

Losing group mappings suddenly

Hi, We have a PA3020 with PanOS 6.1.10. We are having problem with any groups, suddenly the Palo Alto loses group mappings in 2 groups and the rule stops matching, we dont know why PA stops identifying the groups. I have checked the useridd.log file and i see these errors in the groups...why? Error: pan_ldap_ctrl_search_single_group(pan_l...

Aggregate Ethernet Considerations

Hello Everyone, I just want to double check my understanding of AE interfaces limitations indicated below. Appreciate your feedback. 1. I cannot mix 1G copper interfaces with 1G fiber interfaces in the same AE. Is this correct for all platforms and OS versions? 2. I cannot create more than 8 AE interfaces on the same box. Is this correct...

Resolved! Unable to commit config - Invalid Auth Profile After 7.0.5 update

Hi, We recently updated to 7.0.5 and I cannot commit changes anymore. Error: ______________ Invalid global authentication profile POV-Auth-Profile, only radius auth profile or auth sequence is supported. Configuration is invalid Validation Error: deviceconfig -> system -> authentication-profile 'POV-Auth-Profile' is not a valid refere...

PCoIP traffic getting dropped because it's using SSL

I have VMWare View clients and I'm trying to set up the rule with the vmware-view App-ID, but the traffic gets dropped at PCoIP. The PA logs are showing tcp/4172 as SSL, even though PCoIP has port tcp/4172 defined. Is this an issue with the App-ID not identifying secure PCoIP?

Maxstr by L3 Networker
  • 10729 Views
  • 13 replies
  • 0 Likes

Globalprotect and simple SSL VPN?

It appears that, after a user has authenticated to a Globalprotect portal for the first time, they are prompted to download and install client software. Does Globalprotect (or Palo Alto in general) provide the option of simple client SSL VPN? ie; when a user logs in, an applet is invisibly downloaded and installed in the background to provide VP...

Upgrade 6.1.x to 7.0.x

In the release notes of 7.0.5-h2 there is now this information: Before you upgrade to PAN-OS 7.0.3 or a later PAN-OS 7.0 release, you should review the information about how to upgradea firewall to PAN-OS 7.0. Additionally, if virtual system (vsys) configuration is not enabled on your firewall or appliance, youmust reboot your firewall or appl...

Anon1 by L4 Transporter
  • 9000 Views
  • 10 replies
  • 0 Likes

Bug in password-string when using GlobalProtect with LDAP?

We had some users, who were not able to use VPN. they alway got XML parse-errors in the GlobalProtect Agent log. We finaly found out, that this users had '<' or '>' in theire passwords. when thy changed theire passwords in some string without these characters, the xml-errors disappeared and thy could login. we are using GlobalProtect Age...

inheco by L0 Member
  • 2971 Views
  • 2 replies
  • 2 Likes

PA-VM Update Check Fails

We have recently deployed PA-VM to ESXi for testing and we have found that any attempt to upgrade the unit fails with a very vague message. cfg.platform.serial': NO_MATCHES 'cfg.general.vm-mode-type': NO_MATCHES 2016-03-10 09:14:42.447 -0800 updater error code:-1 2016-03-10 09:14:48.140 -0800 Error: refresh_uploaded_image_info(pan_ops_common.c:...

xandout by L1 Bithead
  • 12005 Views
  • 10 replies
  • 0 Likes
  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks