This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4239 Views
  • 0 replies
  • 0 Likes

SSL decryption - File blocking problem IE v8

I have a file blocking policy defined to block specific attachments via external web mail portals. I get correct matches for the application and also get successful SSL decryption. My problem is that Internet Explorer v8 clients can still send the attachments even though they show up as "deny" in the logging. The Mozilla Firefox or Google Chr...

Global Protect Routing

I just recently setup GP and I'm in the testing phase. My tests are failing. The very first time I connected I could ping out to the internet, I could ping devices via IP address inside our network (behind the firewall), and I could ping via hostname. After I connected a second time I can't ping anything except the internet. I have fiddled with ...

Invalid username/password with LDAP for Captive Portal

Running a PA-500 on software version 5.0.2I was wondering if anyone could point me in the right direction, I'm trying to get a captive portal working that using LDAP groups to provide access through the policy.The LDAP servers are configured ok, as I can browse the OUs and add the necessary CNs, and if I run the show user group name "cn=groupnam...

Resolved! SSL Decryption Problem

Hi,I have a problem with some untrusted issuer.For example Microsoft TechNet site (https://technet.microsoft.com) is blocked from my PA500 with this error:Certificate ErrorCertificate name: technet.microsoft.com IP Address: 65.52.103.106 Issuer: MSIT Machine Auth CA 2 Status: untrusted Reason: I downloaded MSIT Machine Auth CA 2 certificate fro...

diennea by L3 Networker
  • 3547 Views
  • 3 replies
  • 0 Likes

static nat + intrazone u-turn and interzone u-turn at same time

I'm currently having problems on PAN OS 5.0.1 replicating a standard Screenos MIP configuration. Whereby static nat and interzone/intrazone u-turn nat are all active at the same time.We have multiple zones (5) all of the hosts inside each need to be able to access DMZ servers by their NATd public ip address (multiple dmz zones). Also unfortunate...

CMG by L2 Linker
  • 3201 Views
  • 1 replies
  • 0 Likes

global protect internal

HiCan anyone give me some feedback on how to configure my globalprotect client to register/connect when on internal LAN? - so I can help my pan-user agent tag what users are connectedThanks

felixn by Not applicable
  • 6779 Views
  • 9 replies
  • 0 Likes

GlobalProtect new Version (1.2.3?)

Hello,do you know when the new GP Agent will release? We expect some debug fix, regarding our certificate problems...(PaloAlto Support is informed about).THX

Hithead by L4 Transporter
  • 3012 Views
  • 2 replies
  • 0 Likes

Zone protection reconnossainse protection

Hi,I am testing "reconnossainse protection" feature on a PA-200. I built a reconnossainse protection profile over zone protection tab and I mark over "reconnossainse protection" and I checked "tcp port scan", "host sweep" and "udp port scan" (with default settings). I activated zone protection profile on each zone.I am executing "nmap" over a su...

ENAGAS by L0 Member
  • 2441 Views
  • 1 replies
  • 0 Likes

LDAP and User ID

Hi,I am beginner to palo alto networks.I am working with user id concepts.My task is to get User - IP mapping from Active directory to PA device.I am running Windows 2008 Server.Can anyone help me , how to configure LDAP in it and get the user - ip mapping to PA device.Thanks

Resolved! Empty WildFire log after upgrade

HiFew days ago I upgradded my devices from 4.1.10 to 5.0.3I found new log caled WildFire, but it's empty.Yestarday I got email from WildFire with report that someone from my network downloaded malware. So Im sure that this incident should be in log - but it isn't - why?Do I need to configure something?RegardsSlawek

_slv_ by L4 Transporter
  • 3753 Views
  • 3 replies
  • 1 Likes

Vulnerability Protection CVE-2013-0431

I've spend some time on testing vulnerability protection on the PA firewall. The protection engine did a good job, but there is no protection against CVE-2013-0431: Java Applet JMX Remote Code ExecutionI'm running PANOS 5.0.1 and Version Application and Threat ID: 364-1728.You can find the results on my web site (www.accessdenied.be) in the docu...

JohanL by L2 Linker
  • 2153 Views
  • 1 replies
  • 0 Likes

Resolved! HA setup doc

I am looking for the setup documentation to setup HA when the devices aren't directly connected . We have a requirement to setup fail-over to recovery site reachable via IP . I have seen the doc to setup HA with the devices next to each other .Thanks

usvi by L3 Networker
  • 8049 Views
  • 12 replies
  • 0 Likes

Reporting Question

Hi Folks,We are about to go through an internal audit and it has been requested that I produce a report about the threats that have attempted to come through out PA-5020, how many were blocked and confirmation that it was indeed blocked.is there a report that does that already or will it need to be custom?thanks!!

wmmartin by Not applicable
  • 5333 Views
  • 9 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks