This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Resolved! Userid Not detected for some traffic

We are using 4 User-id Agents and today some users started experiencing problems with certain sites they use. The same sites for all users.... but not all sites. We have many ad group based rules and some are still working while others seem to have stopped working.Looking at the logs I see their userid isn't detected for the blocked traffic bu...

cdp181 by L1 Bithead
  • 8032 Views
  • 3 replies
  • 0 Likes

Resolved! PAN OS Upgrade 6.0.5 failure and success

Hello AllOut of the box, my 3050 Firewall had PAN OS 5.0.x and I wanted to upgrade it to.the latest 6.0.5 release. My Firewall does not have internet access yet, and so all the following things were done offline by downloading files on my laptop.So, I updated Application and Antivirus signatures, uploaded the base image of 6.0.0 to the firewall ...

VMware View rules configuration

Does anyone have any information on how to get user-id to work with a VMware View security server sitting in the DMZ? Right now the only way we can get PCoIP traffic to flow to is by specifying the ip of the VDI machine that is being connected to. What we would like is to define an AD group for remote access and populate the users into that grou...

Global Protect Troubleshooting

I have a portal and 3 gateway's setup. From my home network and a couple other home networks Global Protect works with no issues, We can disable the client, re enable it, change to different gateways on the fly and it connects right up.Now for some others, and my dsl at work, coffee shop downstairs, they can connect to the GP Portal the primar...

markk96 by L3 Networker
  • 5795 Views
  • 4 replies
  • 0 Likes

Upgrade to 5.0.14-h3 stopped traffic

We just attempted to upgrade some 5020's to 5.0.14-h3(mainly to patch the evasion vulnerability) and quickly found that the upgrade broke traffic traversing the firewall. During the short period of time it we were running on 5.0.14-h3, there were a whole lot of "incomplete" sessions for TCP and a lot of UDP sessions with zero packets received.D...

jambulo by L4 Transporter
  • 4116 Views
  • 6 replies
  • 0 Likes

Resolved! What SSL/TLS versions are allowed for WEBUI

Hello, I'm trying to verify which SSL/TLS versions and Ciphers the PANs accept for WEBUI connections. Specifically I am trying to verify that it does not accept connections using weaker Protocols or Cipers and if it is configurable.Please note that this is for Management connections to the PANs only, not user traffic.Any help would be appreciat...

Netflix application rolled in to web-browsing?

Last week I ran an ACC report for the top 25 applications. Netflix was #3 (university environment, so it's to be expected). Today, I ran the same report and Netflix (as an application) is no where to be found. I launched Netflix on my computer to generate some traffic and I'm not seeing it (I waited 20 minutes to make sure the session was end...

bhelman by L2 Linker
  • 5055 Views
  • 3 replies
  • 0 Likes

Resolved! App-ID for Apple iOS Update

Hi All,I'm preparing for tomorrow's iOS8 update. Last year with iOS7, we got slammed on bandwidth. This year now that we have the Palo Alto, I'm configuring QoS so that the iOS update doesn't eat all of our bandwidth.Does anyone know what App-ID the iOS update service falls under? There is an apple-update app-id, but it appears to be only for...

wocomike by L1 Bithead
  • 7798 Views
  • 5 replies
  • 0 Likes

User-ID IP mapping

Why does some traffic in the logs not have a user tied to the IP address at times even tho in the logs the IP has a user mapped to it most of the time. This is causing policy to be dropped down to a different level.

markk96 by L3 Networker
  • 3878 Views
  • 5 replies
  • 0 Likes

Login problem - old user, new laptop and a confused administrator

PAN-200Version: 6.0.1GP Agent: 2.0.4Having a problem with a laptop (Windows 8.1) and authenticated using certificates and active directory. Palo Alto and network newbie. New to Windows .. I've been a linux admin for so very long. Help ...So .. we doubled the size of our IT department with a new hire, Ben. Ben used a loaner laptop for a week,...

bdunbar by L3 Networker
  • 2966 Views
  • 2 replies
  • 0 Likes

Issue with static routes.

I look after a PA2050 running OS 4.1.8I am trying to setup 2 new static routes in my virtual router but they are not being picked up when I do a show routing route or show routing fib after a commit.One of the routes is a new one and the other is a reassigned subnet that was used on an old decommissioned site (this route was removed).In simple t...

phild by Not applicable
  • 10613 Views
  • 12 replies
  • 0 Likes

Resolved! How to remove an address-group member via XML API

Hi,I would like to remove a single member from an address-group, here is the query I am sending:https://firewall1.it.mydomain.net/api/?type=config&action=delete&xpath=/config/devices/entry/vsys/entry[@name='vsys1']/address-group/entry[@name='NameOfTheGrpoup']/member[text()='NameOfTheMember']&key=MyKeyThe query returns the following: ...

Alextc by Not applicable
  • 17381 Views
  • 3 replies
  • 0 Likes

Using FQDNs pointing to a CNAME instead of A Record does not work

My PA can not resolve FQDNs pointing to a CNAME.This is dangerous, if you are using FQDN instead of IPs in policies. They can stop working.We configured a FQDN hostname host.mydomain.de and bound it to a policy.Few months later moved this Service to another server using CNAME. host.mydomain.de. CNAME newhost.mydomain.dePA can not resolve this ne...

rkra by L2 Linker
  • 9118 Views
  • 9 replies
  • 0 Likes

PAN in Layer 2 mode and Microsoft NLB

Hi!Customer configured Palo firewall to work in Layer 2 mode to protect VLAN. In that VLAN there are two servers in MS NLB configuration. In VLAN configuration in Palo, static MAC entry is configured for virtual MAC address, but that entry isn't displayed with show mac command. See attached picture and listing:mkopcic@PA-4020> show mac Bridge...

mkopcic by L2 Linker
  • 5793 Views
  • 4 replies
  • 0 Likes

Resolved! App and Threat Compatibility MisMatch

Hey there,I have 2 PA-500's currently on:Software Version6.0.2GlobalProtect Agent1.2.3Application version461-2402 (10/14/14)Threat Version461-2402 (10/14/14)Antivirus Version1391-1863 (10/13/14)URL Filtering version4392Software Version6.0.2GlobalProtect Agent1.2.3Application version461-2402 (10/14/14)Threat Version461-2402 (10/14/14)Antivirus Ve...

Zewwy by L3 Networker
  • 9627 Views
  • 9 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks