This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Some Users not Mapping in User-ID

Hi All, I'm currently experiencing some issues with user-id mapping. Some users are not being mapped to IP addresses. Current setup: I have 3 domain controllers - all have Service Accounts with correct privileges. They are also showing as 'Connected' I ran the command 'show user server-monitor state all' on the CLI and noticed that one of th...

Bocsa by L3 Networker
  • 14403 Views
  • 9 replies
  • 0 Likes

Did Factory Reset a PA-200 and system now automatically reboots in Maintenance Mode

Hi all, maybe someone can help me with this. Just did a factory reset on a PA-200 via maintenance mode (via console) and now system reboots automatically in maintenance mode. I followed instruction from here: https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Factory-Reset-a-Palo-Alto-Networks-Device/ta-p/56029 When I go in System...

Resolved! Applications On Non-Standard Ports

It's perfectly possible I'm being unusually dumb here, but I can't see an elegant way of allowing application usage on non-standard ports - for example ssh on tcp/32777. The obvious way of doing it is to allow a rule that allows appid:ssh on service:ssh-ports (being a service group consisting of tcp/22 and tcp/32777). That works fine, but is ...

visualize custom regions on traffic/threat map

Is it possilbe to show custom regions with gps coordinations on the threat/traffic map with the correct gps coordinates? We have set custom regions for departments with private subnets and gps coordinations.In the traffic or threat map we can only see a great dot for each custom regions. Example: We think, we have the correct cooridnations for t...

PaloMap.jpg
PaloRegions.jpg

NAT question when migrating config.

Converting config from Nortel Connectivty switch to PA200. 3 interfaces untrust - public ip - 202.3.41.0/28 trust:private ip - 10.10.10.0/24. dmz-203.4.42.96/28 There is one to one mapping of few untrust ip to trust ips( to access trust ips from outside) and also few one to one mapping from dmz to trust. When translating this to PA200. I can d...

Moving a VSYS from one PA device to another

HelloQuestion here , how can we move a VSYS from one device to another ? please note that in this scenario we cannot backup everything a restore on target since target is running other things that need to be running .Any ideas ? what are important things ? shared objects ? ... etc . unfortunatly I did not fnd any guidelines.

Microsoft Remote desktop service server with captive portal on PA200.

Hi PA200 PANOS-7.03 Working Production Config: I have captive portal working with local users. User are in 4 groups (1 to 4) . There are 4 url profiles(1 to 4) associated with 4 local user groups. When user tries to go to any site via browser he get prompted for username/pass. Once authenticated user can browse as per 4 secrutiy policies for brw...

Resolved! Global Protect Traffic is being blocked to Trust Zone, after 10-15 minutes i set up the client.

I have an issue with my Global Protect Client when i set up to my PAN Firewall. Version Client Global Protect 2.3.3-5 Version PAN 6.0.8 I have Zone Global Protect that all my users-clients GP are defined, I connect through the Untrust Interface that is my peer. Also i have a Ip address Pool defined in my global Protec Zone 192.168.10.1-192.168.1...

Resolved! Get information on Security Profiles our of PANOS?

Hi all, My team is currently undergoing an audit and one of the requests is for the configuration of the security profiles, including URL filtering, from our firewalls. As we are fairly new to PANOS this has not been requested before. I don't see anything in the CLI reference guide for PANOS 6.3.1, our current version, that would give me thi...

RSKadish by L2 Linker
  • 5786 Views
  • 4 replies
  • 0 Likes

Resolved! Security flaw with GlobalProtect?

Hi,While setting up a computer with fingerprint authentication+windows password, I discovered that after installing GlobalProtect I could circumvent the whole two-factor authentication by choosing to login with GlobalProtect(clicking the GP icon in the login screen of windows, instead of using the "security key"). The OS used was Windows 8.1 x64...

SSL decryption issues with latest Firefox

I'm having SSL decryption issues with the latest versions of Firefox.In Firefox i get following error when visiting a https site:Secure Connection FailedAn error occurred during a connection to live.paloaltonetworks.com. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der) The page you are trying to view...

dieter_b by L4 Transporter
  • 16057 Views
  • 17 replies
  • 0 Likes

qos report

Hi How can i generate a throuput report on my untrust interface .And how can i genearate qos report like class 1 and class 2 usage for a period of time ) Thank you

sib2017 by L4 Transporter
  • 4220 Views
  • 4 replies
  • 0 Likes

Minemeld AWS user data error

hi all, I spun up a linux server in AES and followed the instruction to import user data from here https://minemeld-dist.s3.amazonaws.com/0_9/minemeld-cloud-init-0.9.0rc2.b64 according to the instruction, the user data was encoded in base 64, but it doesnt seem to work. see attachment.

TS agent on XenApp 7.7?

Hi! As i can see the newest TS agent(7.0.2) is only supporting XenApp 5.0/6.0/6.5. I have a customer that wants to get UserIDs from Citrix and then use AD groups to limit access to resources. BUT the customer is running on XenApp 7.7. Anyone who has tried if this is working on XenApp 7.7?

Global Protect Slowness

We recently installed a PA-3020 on a 1G circuit and are experiencing very low speeds when clients are conecting in using GlobalProtect. When connecting in from home on a 20M connection we are seeing speed drops down to a max of 5M (mostly lower). We do not have QoS set up for the tunnel so they shouldn't be limited on the PA. We are only seeing ...

drischar by L1 Bithead
  • 10826 Views
  • 10 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks