This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4156 Views
  • 0 replies
  • 0 Likes

Resolved! What happens when a previously unknown App-ID gets added to PA through dynamic updates? How are others handling this situation?

This is a situation that I brought up at work, that we don't really have an answer to. After I brought this situation up a couple of weeks ago, we actually had this exact problem bite us when an App-ID for SCEP was introduced.Let's say there's a server in a DMZ VLAN that we have built rules for, using a Palo Alto firewall. Let's say that the app...

There is a question about a SSL decryption for OWA(outlook Web Access).

Hi there. I have a configuration for SSL Decryption including SSL Certifcation and SSL Decryption policy.It is working well on a gmail, a facebook and etc, but there is not working a ssl decryption on an OWA. I can see the owa traffic on the session browser as a SSL.(It shows a name of application is SSL. but the application is a definitely outl...

willstech by L3 Networker
  • 4346 Views
  • 2 replies
  • 0 Likes

How to inject OSPF information from PA to other OSPF-Routers

Hello,we created a IPSec tunnel between Cisco and PA:Now we have a problem to make the network behind the Cisco Router reachable from the Corporate LAN and the other way (from Corporate LAN to the "Cisco LAN"). Both routers running OSPF. With OSPF we want to make this networks reachable through the PA. The PA already gets the OSPF informations f...

Hithead by L4 Transporter
  • 7728 Views
  • 10 replies
  • 1 Likes

Resolved! Global Protect behind a firewall

Hi,PaloAlto firewall is behind another firewall(Firewall B).This firewall B's port 443 busy with another app.So we have to use another portHow should we configure Paloalto portal and gateway.we used port 18000.Firewall B --- 2.2.2.2 port 18000 Nat to 10.1.1.5 443 which ise public ip of PaloAltowhen we configure portal and gateway as 10.1.1.5and...

Commit only a specific set of config changes?

Hi,Is there any way to commit just a specific set commands to the Palo without committing all changes that are pending? I have an in house written piece of software that is going to make content filtering changes to my Palo's via the XML API. My concern is that if the software runs a commit and someone else has been working on the Palo config it...

Gareth by L1 Bithead
  • 6512 Views
  • 4 replies
  • 0 Likes

Resolved! Global Protect attack

HelloSomeone could say me, what is the cause of the error?Palo Alto: Monitor -> SystemReceive Time: 08/09 9:22:58Type: GlobalProtectSeverity: informationalEvent: globalprotectportal-auth-failObject: Portal_LaptopsDescription, GlobalProtect Portal user authentication failed. Login from 89.140.19x.2, User name: EERR, Reason: Authentication fail...

SOC_CSG by L4 Transporter
  • 4254 Views
  • 3 replies
  • 0 Likes

Blocking an application for all websites except one

I have an Application filter for Streaming Audio and have created a policy to block it. That's going well but I need to allow http-audio which falls under Streaming Audio for one specific site only.I have created a URL Filtering security profile with just this URL in the allow list and then created a policy which allows http-audio with the URL f...

eugenep by L3 Networker
  • 9587 Views
  • 10 replies
  • 0 Likes

terminal Agent - session 0 "no need to handle"

hi all,I've encauntered the issue with terminal agent mapping. Everything is working fine for normal users using terminals but for local console Administrator it is pain in the a... It seems that Terminal Agent is skipping this mapping (local console for session 0) 07/26/13 08:19:26[Debug 1273]: Session 0, name Console. 07/26/13 08:19:26[Debug 1...

pkonitz by L2 Linker
  • 3417 Views
  • 2 replies
  • 0 Likes

full url address

Hi,When looking for url reports from custom reports , some of the url addresses come only with *.domain.comis there a way to see full address of these url's.Especially google ?

Resolved! Certificate chaining with Captive Portal

Hello,We have a PA-3020 running PanOS 5.0.0 in L3 deployment. We have just one Private zone and one Public zone for the instance.I have configured a Captive Portal policy on the Private zone gto ensure that all users that are not authenticated by User-ID (users who are not logged in the domain) have to authenticate beffore accessing resources. I...

ldormond by L3 Networker
  • 13705 Views
  • 9 replies
  • 0 Likes

Resolved! Cannot log in after 5.0.5 upgrade

After upgrading from PAN-OS 5.0.4 to 5.0.5 and rebooting the primary 3020 of an HA pair, the logins we normally use tied to our Active Directory accounts are not working; they are giving us Invalid Logon messages. These Invalid Logon messages occur in both the GUI and CLI. I found an article mentioning the default login, at one point, was admi...

Resolved! Virtual IP

HiWe have a scenario wherein we should create a virtual private IP in Palo Alto and that virtual IP will connect to a public IP. For example:PA LAN IP: 192.168.1.1PA PUBLIC IP: 9.9.9.9Firewall Virtual IP: 192.168.1.254Public IP: 1.2.3.4Users will connect to 192.168.1.254 for ftp and 192.168.1.254 will connect to 1.2.3.4, which is a ftp server ho...

Resolved! Skype-probe rule catching other traffic

I have implemented the suggested Skype-Probe allow rule in order to block Skype. I have noticed that this rule will also catch traffic that is of the Application type Incomple and Insufficient-data. Just currious as to why it is ending up in this rule when the only application for the rule is skype-probe. A lot of times these non-skype-probe ...

merrydc by L1 Bithead
  • 5441 Views
  • 2 replies
  • 0 Likes

Resolved! iPad App fails to connect

I have the global protect license and an active global protect subscription. Windows Laptops, Mac Laptops, and Android devices (using the app) can connect and access network resources. However I try with the iPad and it fails immediately. I get "Cannot connect to Global Protect. There appears to be a problem with your Internet connection or ...

nthen by L3 Networker
  • 7915 Views
  • 6 replies
  • 0 Likes
  • 24338 Posts
  • 124 Subscriptions
Top Liked Posts
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks