This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Additional authentication for specific zone

Hello everyone,Is it possible to request an additional authentication for a specific zone with PAN-OS 5.0?The requirement would be to have regular userauthenticated through regular ActiveDirectory/NTLM for regular zones. However for very sensitive zone, a Captive Portal would be requested with additional authentication requirements (e.g. RSA). I...

A general web proxy server deployment with PAN box

Hi All, I think this topic has been discussed in the past, but I want to be clear about this deploymentsince web proxy server design is still typical in many customer's live network. So please allow me to bring this again.2 basic deployments are mentioned in the past. These deployments are:(1) Place PAN between users and a proxy server. It would...

tomimma by L1 Bithead
  • 4875 Views
  • 5 replies
  • 0 Likes

Allowing some protocols from any user/port?

I am curious what others are doing for some protocols: Examples: DNS, ocsp, STUN, meraki, apple push notification, etc. It seems to me that these sorts of things could be let go for pretty much all users, anytime and be excluded from the captive portal. Correct?I have a couple fo reasons for this question:1. I am having issues with Facetime...

BobW by L4 Transporter
  • 3999 Views
  • 2 replies
  • 0 Likes

Blocking pictures with GPS Data

I'd like to use the PA to block pictures that contain GPS exif data in jpeg, tiff, and other uploads to social media sites. Has anyone done this already?

PANoJAM by Not applicable
  • 4085 Views
  • 4 replies
  • 0 Likes

Commit failed

Hi everybody,Device: PA-2050Firmware: 4.0.1we are getting this error message when we try a commit.What is happening when this appears and what can we do?A rollback to a further config version is not helping.Error message:Management server failed to send ID request to client deviceCommit failedOn Web-Gui and on CLI!ReagrdsChristian

indevis by L2 Linker
  • 14269 Views
  • 15 replies
  • 0 Likes

Monitoring - source user not shown in log

Although the "agentID client" is installed on one of our domain controller boxes, I find that when using MONITOR log to look at the traffic, it doesn't show the "source user" of whom is currently logged in via Active Directory. Any idea why?In addition, the monitor log will show the ip address and it will "resolve hostname" when checking the box...

Resolved! PA-500 IPsec VPN

Hi all,I have a general VPN tunnel question.. Was do the status lights on the IPsec tunnel indicate (see below)? I understand green is goo and red is bad, what I don't know is why is there two? I can surmise that the second one is the "IKE Gateway/Satelite" but what does that really mean? does that tell me that my phase one IKE settings are righ...

FAO: PAN. Brightcloud Server Down / Miscategorization of websites based on Dynamic dB on version 3955. Why??

Dear Palo Alto Networks,Off late, I have been seeing some bizzare issues with Brightcloud services version 3954 and 3955. As per what I could see under the system logs, on 09/10/12, the brightcloud server could not receive data and there was failure in retrieving data (in-spite of having all the network connections checked and were absolutely f...

Resolved! BGP in a cluster deployment

hi!I was wondering how to use BGP in a HA active/standby deployment? a common design with floating IP addresses (HSRP/VRRP like) is to use two additional switches to connect to two upstream ISPs so a link failure doesn't result in an active member takover within the cluster. can you please help me understanding how routing tables are synchronise...

santonic by L6 Presenter
  • 11719 Views
  • 6 replies
  • 0 Likes

Resolved! Site to site VPN issue

Folks.I have an issue with some site-to-site configurations that is bugging the cr*p out of me, and I thought I'd post it here.I run some site-to-site VPN's (Palo Alto to Cisco 887 routers) which come up fine, but which seem to defy *all* configuration with respect to IpSec SA lifetime.As far as I can tell, I've configured a 12 hour (43200 secon...

darren_g by L4 Transporter
  • 3056 Views
  • 1 replies
  • 0 Likes

Resolved! Moving from Global Protect 1.1.6 -> 1.1.7

I believe moving away from 1.1.6 now requires a trusted certificate? I have about 600 remote users on 1.1.6.. trying to get to the latest rev (1.2.1) without any user interruption. I tested with our QA firerwall and I am getting certificate errors.. is there any detailed instructions on how to proceed?

rrau by L3 Networker
  • 2759 Views
  • 2 replies
  • 0 Likes

Skype - Cannot add Contacts and Skype Home Page Unavailable

Greetings,I have come across an issue which is confusing me and I am running out of options to find a solution:PANOS version: 4.1.9User-ID agent : 4.1.3-2I had issues with ip-user mapping and group-mapping ever since I've upgraded to 4.1.9. Any new users post upgrade to staff group weren't being picked up by the firewall or User-ID agent. Thi...

Resolved! Maximum number of virtual wire on PA 500

Hi all, I try to found the suitable PAN model for support my environment. I design PAN to support 2 virtual wire and 1 NAT network. I'm not sure that PA 500 will support 2 virtual wire. I prefer throughput and session number that support by PA500. Thank youTU

Resolved! Security/App-ID Bypass?

Can someone within Palo Alto Networks comment on this video? This seems like it could be an easy attack vector...Palo Alto Networks Security Bypass - YouTube

kellenc by Not applicable
  • 4766 Views
  • 3 replies
  • 0 Likes

Resolved! Maint partition is empty

Hello, I have two PA-2020 in an HA Active Passive scenario. Just looking around in my CLI, I noticed that the maint partition is empty on one of my nodes, but has an older 4.0.3 on the other node.Partition State Version--------------------------------------------------------------------------------sysroot0 REVERTABLE 4.1.7s...

cenders by L3 Networker
  • 3827 Views
  • 1 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks