This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4459 Views
  • 0 replies
  • 0 Likes

SSL decryption for public use ?

We provide internet access for public use (wifi hotspot). For better control and visibility, I would like to introduce SSL decryption (we already use it for our internal users). But there is no way I can deploy the certificate to those users (who I don't know and don't control their devices).Is there any way I can enhance control and visibility ...

dieter_b by L4 Transporter
  • 4299 Views
  • 5 replies
  • 0 Likes

Global Protect time out - automatic reconnect attempt?

We're experiencing this with Windows and OSX clients.The user connects on Monday, tunnel times out after 24 hours.User doesn't disconnect but lets the connection time out naturally. Immediately after time out, they receive an attempt to re-auth even though they had not instigated a new connection.This has resulted in some locked tokens and gen...

kk555 by L0 Member
  • 14480 Views
  • 15 replies
  • 0 Likes

Upgrade to PAN-OS 6.0.4 - a virtual wire did not come up

Hello,I have a PAN-OS 6.0.2 box that I upgraded to PAN-OS 6.0.4. I have two vwires: one on interfaces 1/2 and another on 5/6. The vwire on 5/6 did not come up. The interfaces are "up" (green) as far as the web gui is concerned. The "Monitor" shows traffic being "allowed" per the appropriate rules. However, traffic is not flowing.I have not t...

cstech by L2 Linker
  • 5813 Views
  • 6 replies
  • 0 Likes

User-IDs Agent : Error : ldap_parse_page_control

I install User-ID Agent Version 6.0.2-3 on a Windows 2008R2.I use the LDAP proxy on the firewall to read the AD.I have the following message in the logs [Error 727] ldap_parse_page_control (cn = ...... (null)) return (93): Specified control was not found in messageis that it poses a problem to read the groups from AD?

yobitz2 by L0 Member
  • 2399 Views
  • 1 replies
  • 0 Likes

Interface goes Down when speed set to 1000!

Hi,I was getting complains for slow download speed, so I tried to change the speed setting on interface from auto to 1000, but the interface went down.Link status: Runtime link speed/duplex/state: unknown/unknown/down Configured link speed/duplex/state: 1000/auto/up when I set it back to auto, it goes half duplex and speed 100Link status: R...

Besfort by L2 Linker
  • 12090 Views
  • 9 replies
  • 0 Likes

OpenSSL TLS Malformed Heartbeat Request Found - Heartbleed(36397)

HelloI have a PA-2050 with PanOS 5.0.8 and I get this message today"THREAT,vulnerability,1,2014/08/31 16:32:08,216.75.XX.XX,213.0.XX.XX,216.75.XX.XX,10.1.5.92,Access webprv,,,ssl,vsys1,Untrust,DMZ,ethernet1/3,ethernet1/1.938,ACUNTIA,2014/08/31 16:32:13,207017,1,41570,443,41570,443,0x400000,tcp,reset-server,"",OpenSSL TLS Malformed Heartbeat Requ...

SOC_CSG by L4 Transporter
  • 5126 Views
  • 1 replies
  • 0 Likes

With out ARP entry internet is not working.

Dear Friends,I have 2 interfaces in PAN->lan zone and internet zoneISP router-huawei mac is not learned in palo alto firewall..As a result, Internet not workingBut when i add static ARP entry for huawei router in ISP interface, Internet is working fine.Please suggest to me.ThanksRegardsSatish

Satish by L4 Transporter
  • 6271 Views
  • 7 replies
  • 0 Likes

User-ID Problems when I change the User on Group in AD.

Dear sirs, I am facing a strange behavior in my network environment, as the identification of users, every time I change one User Group in my AD group to which he belonged fails to do correctly match the rule that created him and passes out by an "ANY" rule at the end of my policy rule. I've done the troubleshooting solving conventional problems...

Resolved! SSL Inbound Inspection: key vs cert, destination address

The PAN-OS Administrator's Guide for version 6.0 gives a description of setting up SSL Inbound Inspection on page 295. In step 2, it instructs to import the target's certificate. In step 4 it instructs to create a decryption policy by specifying the destination address of the targeted server.Questions:1. Doesn't the PA require the encryption k...

cstech by L2 Linker
  • 4057 Views
  • 2 replies
  • 1 Likes

Resolved! Default antivirus profiles on a "deny" policy

Hello,What does it mean to attach the "default antivirus profile" to a deny policy? Does that mean that traffic matching that rule will be both denied and scanned for viruses? (I have the same question for the other profiles too).Thank you,Chris

cstech by L2 Linker
  • 5783 Views
  • 7 replies
  • 0 Likes

NAT Traversal over IPSEC Tunnel

Guys and Gals,I have been working to set up NAT-T across an IPSec tunnel between two PA-200's in my lab and am not having success. I have followed documentation and suggestions I could find on this site, but I am unable to get NAT-T working and was wondering if anyone out there could help. In testing I first setup the tunnel with NAT-T configu...

dan731028 by L3 Networker
  • 9310 Views
  • 4 replies
  • 0 Likes

URL category blocked but appears as allowed!!

hi,I've applied web filtering where I blocked ulr categories such as peer-to-peer, games etc, but in traffic logs it appears that it is allowed:peer-to-peer url category:and same with games category:But it is also showing that it is blocking those categories on Logs>URL Filtering.is this only for the first few sites that are allowed until FW ...

Besfort by L2 Linker
  • 4367 Views
  • 3 replies
  • 0 Likes

Problems adding an IPv4 Address to a Firewall!

Hi,I've been looking after some Palo Alto Firewalls for about a year and half now; and I'm still not sure quite how to add an IP address correctly! Something is definitely wrong here! 😉The setup in question consists of a pair of PA5020 firewalls configured in Active/Active HA.The firewall pair is managed by a Panorama system.There is both a Te...

ajbool by L3 Networker
  • 6478 Views
  • 1 replies
  • 0 Likes
  • 24378 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks