This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4120 Views
  • 0 replies
  • 0 Likes

why commit is there without any change made

PANOS : v4.1.6Model : PA-500In the isolated LAB, only management port connected on PA-500 and service route operate well via the management port. I make sure the commit is grey after basic configuration (IP/netmask/gateway/DNS/NTP) set, license retrieved and application/threat prevention updated, and dynamic update scheduled, but the commit is...

Block Mobile Devices

I was wondering if anyone has created a custom app-id to identify mobile devices to create policies around. For example block all mobile devices getting to the internet, or apply a QoS policy ect. Thanks,

Resolved! LDAP and user authentication/authorization

Hi all!I have a problem using LDAP for user/management authentication/authorization. When I try to log in via my domain I get the following in my log (after logging in again with the admin account):Authorization failed for user *\*via Web from *.*.*.* : Invalid user 06/06 12:41:19User '*\*' authenticated. Profile authProfileAdmins in an authenti...

Resolved! Service route for ldap

Hi,I have implemented a Palo Alto without Management interface, only an Inside interface/zone and Outside interface/zone. I configured the service route configuration to use Inside IP address for updates, dns... (all service routes). Also I have configured the network routing (all the networks that has to be accessed from Inside IP address.The p...

How to sync Captive Portal Redirect Host in A/A - Setup ?

Hi *,I have problems to sync Captive Portal Settings in a Active/Active HA-Setup.I configure the CP on the active primary host as follows : Enable Captive Portal - checked Server Certificate - cp-cert Authenticaation Profile - company-radius Redirect Host - cp.mydomain.com Client certificate Profile - none Mode - Redirec...

PAN agent Group cache on PAN

Hello, I'm using PAN OS 3.0.5 and doing> debug device-server dump user-group namefollowed b the tab I'm seing very old group that are not anymore in the Filter group member of the pan-agent. It seams that the PAN have cached the olds user/group relation. There is the way to force a clear of the group <-> user relation on the PAN FW ?

PA 5050 HA Failover Premeption

I have configure Active/Passive HA between two PA 5050 Firewalls. One is at high(passive) Priority and another is low(Active). I have also configure Preemtion on Active Firewall, meaning if somehow Active PA fail ,the Passive become active ,but when the active comes up again it should come up as active again i.e , it should take the ownership ag...

itsecll by L1 Bithead
  • 2557 Views
  • 2 replies
  • 0 Likes

blocking file-sharing subcategory

I would like to block everything in the file-sharing subcategory of the general-internet category. Currently we are allowing this subcategory.I would like to see what the impact of a policy like this would be, so I setup a policy for this subcategory but set it to allow so I can look at the traffic log for everything that triggers on this rule. ...

KenKruger by Not applicable
  • 3713 Views
  • 3 replies
  • 0 Likes

request restart software

I had an issue where mgmt server and device srvr both where high in memory usage and commits where not taking place. I issued the following commandsdebug software restart device-serverdebug software restart management-serverwith no change except that the box was taken out of panorama and from the cli. you were unable to get infoshow session inf...

GlobalProtect OnDemand mode

Hello,We use PAN OS 4.1.1 and GlobalProtect 1.1.0, free version of GlobalProtect.We have configured GlobalProtect in OnDemand mode.When the GlobalProtect software starts it connects to the PA and try's to logon with the stored credentials (Username / password), i does this withoud giving a connect command.We do not want this because ervery time ...

Exploit:Win32/Pdfjsc.ABS will not recognized

The new PDF Exploit "Pdfjsc.ABS", which travels with a lot of Emails (for instance: "Here is the new Elster program" - Elster is the name of a german tax program), will not recognized by PAN-Firewall. Neither on Email nor on Webtraffic, so i can attache the virus on this thread.mfgManfred

mhuels by L3 Networker
  • 4791 Views
  • 4 replies
  • 0 Likes

Resolved! Monitor NAT Traffic?

Can anyone think of a method to monitor the NAT Translation? The back story is this... We have remote access points that point to a public IP address and then get NAT over to the private address of the wireless controllers. When we migrated to the PA, we spent a few hours trying to figure out why the remote APs weren't able to communicate with...

mcw015 by Not applicable
  • 25143 Views
  • 1 replies
  • 0 Likes

incomplete action

hellowe have our own web server which we host web sites fromI have setup my incoming nat rule followsource zone = untrusted des zone = umtrusteddes address = my internet port ip service = service-httpdes tran = my local web server ipSecurity rule source zone = untrusteddes zone = trusteddes address = my local web server ipapp = web-browsingin th...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks