This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

SSL-VPN Cliente Update

Hi, i want to upgrade my SSL-VPN client in my PA and I have a couple of questions regarding how it will affect the user.. Update the client SSL-VPN. Users who use this type of connection will receive some notice to update the client, when you try to connect for the first time after the upgrade? they will need to update theis SSL-VPN clients? tha...

Panorama - Restrict Firewall Log Access

Does anyone know if there is a way to create admins in Panorama for specific subdomains AND restrict their access to only the logs for the firewalls in that subdomain? I want to give access to users for only their FW logs and not let them see all of the other FW logs. So far my testing has resulted in this not being possible, but wanted to see i...

chrisp by L3 Networker
  • 4057 Views
  • 4 replies
  • 0 Likes

Resolved! What is a "large" deployment for User-ID on the firewall?

We have a pair of 5020s and about 4000 users on 4 AD controllers. Throughout the 4.0 and 4.1 series, we have seen the Windows-based UserID Agent drop groups and users, and are interested in seeing if native event log polling from 5.0 might help. Target date is mid-March, by which point we hope 5.0 to be somewhat stable.The documentation says tha...

rgraves by Not applicable
  • 6751 Views
  • 6 replies
  • 0 Likes

Resolved! Bidirectional Forwarding Detection

Does Palo Alto Firewalls support Bidirectional Forwarding Detection (BFD). Link to RFC http://tools.ietf.org/html/rfc5880 The reason i ask is it is best practice to use this as a OSPF fault detector in lue of reducing the ospf timers.

Global Protect and Android 4.0.4 - problem

HelloI have working VPN for Windows machines. I need to extend it for Android devices, using client from Android OS.I'm using login and passwords (not certs) in my VPN config.I followed by the GlobalProtect-Config-Android-RevB.pdf - part 3When I try to start VPN on Sony Ericsson Xperia S smartfon I see connecting and after 2-3 minuts - connecti...

_slv_ by L4 Transporter
  • 6935 Views
  • 11 replies
  • 0 Likes

User-ID stopped populating mappings - OS 4.0.12

I am running OS 4.0.12 and have an issu with the user-ID / mappings not populating in the logs. show user pan-agent statistics:IPs Activity Timer(s) Domain Indexncmpdcden01 10.250.12.10 5009 vsys1 *connected, ok 989 906651185 21844256 600 ncm 0show user ip-user-mapping:IP Ident. By...

Is there a way to create a filtered report based on specific countries?

On PA 4.1.I have a custom report that uses the traffic log database, with the top 500 entries for the last calendar day, with the Destination Country column enabled. 95% of the Destination Country results is the USA. I'm interested in looking at traffic to other countries. Is there a way to create a recurring report that will filter out the USA ...

Resolved! What happens when a previously unknown App-ID gets added to PA through dynamic updates? How are others handling this situation?

This is a situation that I brought up at work, that we don't really have an answer to. After I brought this situation up a couple of weeks ago, we actually had this exact problem bite us when an App-ID for SCEP was introduced.Let's say there's a server in a DMZ VLAN that we have built rules for, using a Palo Alto firewall. Let's say that the app...

There is a question about a SSL decryption for OWA(outlook Web Access).

Hi there. I have a configuration for SSL Decryption including SSL Certifcation and SSL Decryption policy.It is working well on a gmail, a facebook and etc, but there is not working a ssl decryption on an OWA. I can see the owa traffic on the session browser as a SSL.(It shows a name of application is SSL. but the application is a definitely outl...

willstech by L3 Networker
  • 4323 Views
  • 2 replies
  • 0 Likes

How to inject OSPF information from PA to other OSPF-Routers

Hello,we created a IPSec tunnel between Cisco and PA:Now we have a problem to make the network behind the Cisco Router reachable from the Corporate LAN and the other way (from Corporate LAN to the "Cisco LAN"). Both routers running OSPF. With OSPF we want to make this networks reachable through the PA. The PA already gets the OSPF informations f...

Hithead by L4 Transporter
  • 7687 Views
  • 10 replies
  • 1 Likes

Resolved! Global Protect behind a firewall

Hi,PaloAlto firewall is behind another firewall(Firewall B).This firewall B's port 443 busy with another app.So we have to use another portHow should we configure Paloalto portal and gateway.we used port 18000.Firewall B --- 2.2.2.2 port 18000 Nat to 10.1.1.5 443 which ise public ip of PaloAltowhen we configure portal and gateway as 10.1.1.5and...

Commit only a specific set of config changes?

Hi,Is there any way to commit just a specific set commands to the Palo without committing all changes that are pending? I have an in house written piece of software that is going to make content filtering changes to my Palo's via the XML API. My concern is that if the software runs a commit and someone else has been working on the Palo config it...

Gareth by L1 Bithead
  • 6485 Views
  • 4 replies
  • 0 Likes

Resolved! Global Protect attack

HelloSomeone could say me, what is the cause of the error?Palo Alto: Monitor -> SystemReceive Time: 08/09 9:22:58Type: GlobalProtectSeverity: informationalEvent: globalprotectportal-auth-failObject: Portal_LaptopsDescription, GlobalProtect Portal user authentication failed. Login from 89.140.19x.2, User name: EERR, Reason: Authentication fail...

SOC_CSG by L4 Transporter
  • 4235 Views
  • 3 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks