This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! Locked user list

I've been getting this error for a user on our Captive portal:User 'neoguest' failed authentication. Reason: User is in locked users list From: 172.16.10.100.I've searched how to unlock the user but I haven't found any info on that.Can anyone send some info on how to unlock this user because I tried deleting and recreating the same user but the...

VPN & Portal on PA2020 running only Virtual Wires

hiOur network has 3 separate connectivity to the internet and all of them are connected via virtual wire on our PA2020 and the only other network connection is the management port on a fixed internal IP... total 7 ports used (3 pairs for the 3 virtual wires & 1 management).is it possible to setup VPN & Captive portal on such a setup?tha...

RonaldGo by L2 Linker
  • 3242 Views
  • 4 replies
  • 0 Likes

PAN OS 5.0.2 missing route

Did anyone see this situation.We have PA 3020 running 5.0.2 and a route based vpn to another PA box.unable to ping the other side of the tunnel or even the other side's tunnel interface IP address. Weird issue never seen this before.Anyone see this before? Please let me know. ThanksJunaid

LDAP Authentication for Global Protect

I am new to LDAP so I'm looking for some help. I have Global Protect setup to authenticate via LDAP using the following:base: ou=People,dc=company,dc=combind DN: uid=fs01,ou=Special Users,dc=company,dc=comThis works. I've confirmed via the system logs.I'd like to have the PA firewall authenticate ONLY users within a specific LDAP group:dn: cn=vp...

mario11584 by L4 Transporter
  • 26987 Views
  • 10 replies
  • 0 Likes

Resolved! System log severity change

Hello!Is there a way to change the severity level of certain system log messages? The PANOS is 4.1.9The issue we are having is that our customer is "spammed" with e-mail notifications from their HA devices that the signature versions do not match.Both devices are scheduled to download-and-install new content every night at the same time, indepen...

Implementing User Identification via AD

Hi everybody,I'm trying to implement user identification via active directory on PA-200. I've added the AD server under Device -> LDAP and added group mapping under Device -> User Identification.Now I guess I need to install user-ID agent on a local machine but I can't find a download link for this app. Is it possible to implement user ide...

How to restrict a vlan to get only the 360p from youtube?

Hi There,Our's is a school and students are always watching youtube videos in full HD quality which makes the bandwidth utilization to the peak. We don't want the students to watch youtube in HD but force them to 360p which is comparatively less bandwidth consumption. Is there any way to accomplish this in PA 2050 with 5.0.3 OS version. I really...

ajay by Not applicable
  • 7065 Views
  • 7 replies
  • 0 Likes

Resolved! Is there a way to force the GlobalProtect client to not connect if the client sees certificate shenanigans?

What I mean by the title of this discussion is that when the GlobalProtect client goes to initiate an SSL VPN session, instead of prompting the user to "cancel or continue," can the client respond to the user with something like "Invalid certificate detected. Due to security concerns your connection cannot be established at this time. Please cal...

Create Policy based on workstation name and AD group membership?

I'm wondering if there is a way to create a policy based on workstations in a certain AD group. Here's what I'm trying to accomplish... I want to have a security group in our Active Directory, say "Privileged Workstations" for a name. Any workstation that is a member of the "Privileged Workstations" group will have a static IP and will need t...

promsos by L1 Bithead
  • 4365 Views
  • 4 replies
  • 0 Likes

Resolved! any way to inject a parameter into a url

Hi I am trying to resolve the issue with the new google safe search changes that have happened. I am from a school and we are having issues with students being able to search for inappropriate content on google images due to their recent changes of not forcing strict safe search on. Previously we have used the work arounds that are on articles 1...

Resolved! Global Protect does not work

HelloI'm running the PAN OS 5.0.2.I'm getting the following error with my GlobalProtect:(T4364) Error(11792): failed to SetDoc. Message: errors getting GlobalProtect configWhere is my problem?Here is my config:<global-protect> <global-protect-gateway> <entry name="GPG_xxx"> <roles> ...

Resolved! Has anyone had problems with random VMWare View client drops through the PaloAlto to the View Gateway?

We had issues with random session drops with VMWare View client connections through a View Gateway security server. After we moved from traversing a Palo Alto VirtualWire to the server in a Cisco ASA DMZ to just a straight L3 Palo Alto deployment the problem went away. We even had the drops with App-ID override but fewer.Now though with the 356-...

bspilde by L4 Transporter
  • 6876 Views
  • 7 replies
  • 0 Likes

Resolved! Possible to forward GlobalProtect HIP data to RADIUS server?

I would like to be able to forward certain information about the client (mainly MAC address and hostname) to my RADIUS server for use in authentication. Is this possible with the PaloAlto firewall? I've been digging through the docs for about a day but I'm not seeing any way to do it.

dshafer by Not applicable
  • 3524 Views
  • 3 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks