This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4131 Views
  • 0 replies
  • 0 Likes

Resolved! Rudimentary TCP Session and Monitor Question

I feel like I should already know this, but I just need a sanity check. I have a rule that allows host A to B via tcp/900. So host A starts to communicate via host B via that port. The firewall allows it and a session is created. Now, assume A and B stop talking but don't formally close the session. After the default timer, the PAN closes ...

mrcs by L0 Member
  • 3512 Views
  • 4 replies
  • 0 Likes

third party VPN clients with PanOS 7.0.3

I was curious if anybody else has seen this issue, or could perhaps try to duplicate it. I have a problem with third party VPN clients after upgrading from PanOS 6.1.6 to 7.0.3 on our PA-3020s. Specifically, the built-in IPSec VPN client on Mac OSX (10.11/el capitan) and iOS (9.1). They can connect, but a simple ping test shows packet loss n...

SSL Decrypt

Hi We have a guest wifi that availave to all and sundry to be used by using their own equipment. We would like use SSL Decryption on this. The main issues is that for guest device we have no control over this to be able to install the CA cert onto it. Is there any solution to this , other than issues instruction to all users on how to inst...

RC-BHF by L2 Linker
  • 3734 Views
  • 2 replies
  • 0 Likes

Can I choose what categorizes I choose for allowing SSL-Opt Out Pages?

Hello All, I am after some help with SSL decryption? We currently want to decrypt ALL SSL traffic. However moving forward there are 3 catorgies we wish to bypass SSL decyption for BUT only with the use of the opt-out pages not a blanket SSL catorgoy bypass. Is this possible on the Palo? We are running currently 6.1.3 but can upgrade to 7...

Resolved! Search GlobalProtect Users on Portal and Satellites

I have several satellites and one portal. I have a lot users connected to the satellites and portal. From a CLI console, I would like to query for GlobalProtect users from a centralized console. Right now, it is a pain because I have to open a CLI console for each satellite/portal and send a command to each device to find information on a ...

mmclimans by L3 Networker
  • 2395 Views
  • 1 replies
  • 0 Likes

we're starting to get "WildFire Public Cloud channel registration received invalid cloud info"

SYSTEM ALERT : high : WildFire Public Cloud channel registration received invalid cloud info" errors all of a sudden. No change on our side. varrcvr.log only reports 2015-11-24 08:25:24.386 -0500 Error: pan_fbd_fwd_report_process(pan_fbd_fwd.c:4029): pan_fbd_cloud_getreport() failed" 2015-11-24 07:33:35.334 -0500 check wildfire license: vali...

ulti by L3 Networker
  • 5583 Views
  • 6 replies
  • 0 Likes

Resolved! AWS Servers trigger Vulnerability

We are seeing a high number of HTTP Non RFC-Compliant Response Found Signature ID : 32880 CVE-2010-2561 All are logged from aws servers, evenly distributed across a large number of servers - 173 in one hour, each with 300-500 hits. I have packet captured the vulnerability and it is logging a seemingly innocuous XML file. I suspect this is ...

djr by L4 Transporter
  • 5433 Views
  • 2 replies
  • 1 Likes

Import named configuration snapshot failure

I'm trying to import my production Panorama VM configuration into my lab Panorama VM and I am getting the following message, and I'm not entirely sure what it means: upload -> config -> content Node can be at most 41943060 characters - current length after decoded 42002198upload -> config -> content is invalid Does this mean the ...

dan731028 by L3 Networker
  • 3885 Views
  • 1 replies
  • 0 Likes

Global Protect Failed to open sub key

Hello All, i have problem with my GP. I configured it and for 99% users work fine. But a few has communicate "resend credential" and stuck. In log file PanGPA.log i have: (T6992) 12/01/15 11:24:08:539 Error( 129): Failed to open sub key 'Software\Palo Alto Networks\GlobalProtect\Settings\pre-vpn-connect' (T6992) 12/01/15 11:24:08:539 Error( 129...

ITBT by L1 Bithead
  • 4072 Views
  • 1 replies
  • 0 Likes

McAfee Evader - did You use it?

HelloI'm courius that someone is using it for testing PA device? What was the resoults?You can download this tool from http://evader.mcafee.com/Do You know other tools like this?With regardsSlawek

_slv_ by L4 Transporter
  • 5862 Views
  • 3 replies
  • 0 Likes

Global Protect DHCP Options

I have a PA-500. I have a basic configuration for Global Protect up and working - certificates, agent settings, etc. All is well. The client can route to internal resources as expected. Now, the next step I need to take for these VPN clients in transitioning from Cisco AnyConnect is that they must receive some custom DHCP options with their VPN ...

mkeller by L1 Bithead
  • 5551 Views
  • 4 replies
  • 0 Likes

OpenVPN behind PaloAlto

Hi! We can't get OpenVPN to work. Our Juniper-SA works well. The setup is only working without Firewall: Laptop (static IP 80.0.0.4) attachted to an switch and the OpenVPN server attached to the same switch (eth1, dmz) Our Policies: Monitor: Konfig - OpenVPN server DMZ: iface eth1 inet staticaddress 80.0.0.5netmask 255.255.255...

palo-config-policy3.png
palo-config-monitor.png
Morneweg by L1 Bithead
  • 9443 Views
  • 7 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks