This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4115 Views
  • 0 replies
  • 0 Likes

DHCP redundancy / HA solution with the PA (200) possible?

We are a very centralized company with a lots of decentralized business units.All these decentralized locations are connected to the HQ, but can run their primary business process withouth this connection.This is also a principle we use, so the "primary" proces must always run, even when the connection to the HQ is down.Now we're looking for a D...

Mass static route migration

I need to migrate about 600 static routes into a PAN box . Does anybody know how I can do this efficiently and quickly . My goal is to copy all the 600 routes into the running cofig .Thanks

usvi by L3 Networker
  • 2971 Views
  • 3 replies
  • 0 Likes

Custom URL Category with Wildcards

HelloI have a question. www.example.com _________|_________ | |www.example.com/sales-team www.example.com/marketing-teamMy customer want function belowThe sales team access "www.example.com" and "www.example.com/sales-tea...

request restart software - Clarification ?

Newb question, but I can't seem to find the answer I'm looking for so I'll just ask..The command 'request restart software' is *JUST* the management software itself, like logging, ssh, snmp, etc, but does *NOT* affect any time of forwarding happening through the box (dataplane), correct?There is the command 'request restart dataplane' which is o...

steveo by L3 Networker
  • 7542 Views
  • 4 replies
  • 0 Likes

PA random packet captures

I've noticed that our 5020 is taking (what seems like)random packet captures. I searched this forum about this, and have read that the PA does do packet captures if the traffic is identified as "unknown-tcp" and "insufficient-data". The traffic I see that is generating pcaps seems random. For example, there are pcaps for "ciscovpn", "apple-pu...

jambulo by L4 Transporter
  • 2789 Views
  • 3 replies
  • 0 Likes

SSL decryption - File blocking problem IE v8

I have a file blocking policy defined to block specific attachments via external web mail portals. I get correct matches for the application and also get successful SSL decryption. My problem is that Internet Explorer v8 clients can still send the attachments even though they show up as "deny" in the logging. The Mozilla Firefox or Google Chr...

Global Protect Routing

I just recently setup GP and I'm in the testing phase. My tests are failing. The very first time I connected I could ping out to the internet, I could ping devices via IP address inside our network (behind the firewall), and I could ping via hostname. After I connected a second time I can't ping anything except the internet. I have fiddled with ...

Invalid username/password with LDAP for Captive Portal

Running a PA-500 on software version 5.0.2I was wondering if anyone could point me in the right direction, I'm trying to get a captive portal working that using LDAP groups to provide access through the policy.The LDAP servers are configured ok, as I can browse the OUs and add the necessary CNs, and if I run the show user group name "cn=groupnam...

Resolved! SSL Decryption Problem

Hi,I have a problem with some untrusted issuer.For example Microsoft TechNet site (https://technet.microsoft.com) is blocked from my PA500 with this error:Certificate ErrorCertificate name: technet.microsoft.com IP Address: 65.52.103.106 Issuer: MSIT Machine Auth CA 2 Status: untrusted Reason: I downloaded MSIT Machine Auth CA 2 certificate fro...

diennea by L3 Networker
  • 3507 Views
  • 3 replies
  • 0 Likes

static nat + intrazone u-turn and interzone u-turn at same time

I'm currently having problems on PAN OS 5.0.1 replicating a standard Screenos MIP configuration. Whereby static nat and interzone/intrazone u-turn nat are all active at the same time.We have multiple zones (5) all of the hosts inside each need to be able to access DMZ servers by their NATd public ip address (multiple dmz zones). Also unfortunate...

CMG by L2 Linker
  • 3163 Views
  • 1 replies
  • 0 Likes

global protect internal

HiCan anyone give me some feedback on how to configure my globalprotect client to register/connect when on internal LAN? - so I can help my pan-user agent tag what users are connectedThanks

felixn by Not applicable
  • 6612 Views
  • 9 replies
  • 0 Likes

GlobalProtect new Version (1.2.3?)

Hello,do you know when the new GP Agent will release? We expect some debug fix, regarding our certificate problems...(PaloAlto Support is informed about).THX

Hithead by L4 Transporter
  • 2971 Views
  • 2 replies
  • 0 Likes

Zone protection reconnossainse protection

Hi,I am testing "reconnossainse protection" feature on a PA-200. I built a reconnossainse protection profile over zone protection tab and I mark over "reconnossainse protection" and I checked "tcp port scan", "host sweep" and "udp port scan" (with default settings). I activated zone protection profile on each zone.I am executing "nmap" over a su...

ENAGAS by L0 Member
  • 2406 Views
  • 1 replies
  • 0 Likes

LDAP and User ID

Hi,I am beginner to palo alto networks.I am working with user id concepts.My task is to get User - IP mapping from Active directory to PA device.I am running Windows 2008 Server.Can anyone help me , how to configure LDAP in it and get the user - ip mapping to PA device.Thanks

  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks