This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! SSL Decryption

Hello We have recentley tuned on SSL Decryption for some users. Since then we are getting some SSL sites that cannot be accessed due to cypher mismatch. It is something we were exepcting, but not the amount of URL this is happneing for. My question, is there a setting that I can turn on that will allow the site to be accessed if the SSL Decr...

RC-BHF by L2 Linker
  • 2955 Views
  • 2 replies
  • 0 Likes

Multi-VR routes and security policies issues

I have an issue where we have mulit-VRs in place 1) default and 2nd) VR that is utilized for DMZ and untrust routes Both VR's share a common zone name "public" for example. I have issues routing where for instance I have my internal network segments in the VR's FIB's and my routed networks fail to return back through the correct interfaces....

CZaloba by L0 Member
  • 3847 Views
  • 2 replies
  • 0 Likes

Global Protect DNS Suffix Not Propogating to Client

Hi, I have a strange issue where my Global Protect SSL Client connects to the firewall with no issues. I get the IP, the routes and the DNS servers but I don't get anything listed in the DNS Suffix entry. I have configured the DNS Suffix correctly under 'Global Protect Gateway', 'Client Configuration', 'Network Settings' and can even see the...

MHaran by L1 Bithead
  • 8166 Views
  • 5 replies
  • 0 Likes

syslog configuration

Hi, I have attached my syslog configuration . but in my syslog i missed most of the logs . then assigned to the policy To forward all the logs , attached configuration what if i choose another facilty ? if i put one interface in tap mode can i forward the log to syslog server Thanks

Palo alto syslog server.png
server pofile.png
sib2017 by L4 Transporter
  • 5354 Views
  • 4 replies
  • 0 Likes

Wildfire

So currently I am using wildfire but only choosing to forward the file. Is anyone using the block option? If so are what are the pros and cons?

jdprovine by L4 Transporter
  • 4749 Views
  • 7 replies
  • 0 Likes

vwire & VLAN tagging?

Hi all,Is there any issue with configuring a vwire for both tagged and untagged traffic. For example use VLAN tag 0 AND whatever my real tags would be, like 1, 100, 200, etc. I'm assuming it will be fine since there is an option for 0-4094.Any issues or limitations I should be aware of? Thanks for your support!

BigIr0n by L0 Member
  • 11101 Views
  • 6 replies
  • 0 Likes

User-ID Group Mapping for Multi Domain Single forest

Hi everyone. I'm trying to setup a User-ID installation for our multi-domain Active Directory environment. Here is a rundown on what we have DomainA = Workstations, groups, users, servers, etc. The main domain where everything is conducted DomainB = legacy domain where some user accounts are located. I've installed the User-ID agent on a Win...

Resolved! Manual failback for PBF

Is there a way to force PBF rules to have to be manually failved back? As it is now, if our primary ISP fails, we failover to a secondary ISP using PBF. However, once the primary is back up, things fail back to it immediately. We would like to prevent the immediate fail back and not use a timer. ISP recoveries often times flap for a period of ti...

cburke by L1 Bithead
  • 7416 Views
  • 9 replies
  • 0 Likes

Losing group mappings suddenly

Hi, We have a PA3020 with PanOS 6.1.10. We are having problem with any groups, suddenly the Palo Alto loses group mappings in 2 groups and the rule stops matching, we dont know why PA stops identifying the groups. I have checked the useridd.log file and i see these errors in the groups...why? Error: pan_ldap_ctrl_search_single_group(pan_l...

Aggregate Ethernet Considerations

Hello Everyone, I just want to double check my understanding of AE interfaces limitations indicated below. Appreciate your feedback. 1. I cannot mix 1G copper interfaces with 1G fiber interfaces in the same AE. Is this correct for all platforms and OS versions? 2. I cannot create more than 8 AE interfaces on the same box. Is this correct...

Resolved! Unable to commit config - Invalid Auth Profile After 7.0.5 update

Hi, We recently updated to 7.0.5 and I cannot commit changes anymore. Error: ______________ Invalid global authentication profile POV-Auth-Profile, only radius auth profile or auth sequence is supported. Configuration is invalid Validation Error: deviceconfig -> system -> authentication-profile 'POV-Auth-Profile' is not a valid refere...

PCoIP traffic getting dropped because it's using SSL

I have VMWare View clients and I'm trying to set up the rule with the vmware-view App-ID, but the traffic gets dropped at PCoIP. The PA logs are showing tcp/4172 as SSL, even though PCoIP has port tcp/4172 defined. Is this an issue with the App-ID not identifying secure PCoIP?

Maxstr by L3 Networker
  • 10870 Views
  • 13 replies
  • 0 Likes

Globalprotect and simple SSL VPN?

It appears that, after a user has authenticated to a Globalprotect portal for the first time, they are prompted to download and install client software. Does Globalprotect (or Palo Alto in general) provide the option of simple client SSL VPN? ie; when a user logs in, an applet is invisibly downloaded and installed in the background to provide VP...

Upgrade 6.1.x to 7.0.x

In the release notes of 7.0.5-h2 there is now this information: Before you upgrade to PAN-OS 7.0.3 or a later PAN-OS 7.0 release, you should review the information about how to upgradea firewall to PAN-OS 7.0. Additionally, if virtual system (vsys) configuration is not enabled on your firewall or appliance, youmust reboot your firewall or appl...

Anon1 by L4 Transporter
  • 9081 Views
  • 10 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks