This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4115 Views
  • 0 replies
  • 0 Likes

Resolved! LDAP and user authentication/authorization

Hi all!I have a problem using LDAP for user/management authentication/authorization. When I try to log in via my domain I get the following in my log (after logging in again with the admin account):Authorization failed for user *\*via Web from *.*.*.* : Invalid user 06/06 12:41:19User '*\*' authenticated. Profile authProfileAdmins in an authenti...

Resolved! Service route for ldap

Hi,I have implemented a Palo Alto without Management interface, only an Inside interface/zone and Outside interface/zone. I configured the service route configuration to use Inside IP address for updates, dns... (all service routes). Also I have configured the network routing (all the networks that has to be accessed from Inside IP address.The p...

How to sync Captive Portal Redirect Host in A/A - Setup ?

Hi *,I have problems to sync Captive Portal Settings in a Active/Active HA-Setup.I configure the CP on the active primary host as follows : Enable Captive Portal - checked Server Certificate - cp-cert Authenticaation Profile - company-radius Redirect Host - cp.mydomain.com Client certificate Profile - none Mode - Redirec...

PAN agent Group cache on PAN

Hello, I'm using PAN OS 3.0.5 and doing> debug device-server dump user-group namefollowed b the tab I'm seing very old group that are not anymore in the Filter group member of the pan-agent. It seams that the PAN have cached the olds user/group relation. There is the way to force a clear of the group <-> user relation on the PAN FW ?

PA 5050 HA Failover Premeption

I have configure Active/Passive HA between two PA 5050 Firewalls. One is at high(passive) Priority and another is low(Active). I have also configure Preemtion on Active Firewall, meaning if somehow Active PA fail ,the Passive become active ,but when the active comes up again it should come up as active again i.e , it should take the ownership ag...

itsecll by L1 Bithead
  • 2554 Views
  • 2 replies
  • 0 Likes

blocking file-sharing subcategory

I would like to block everything in the file-sharing subcategory of the general-internet category. Currently we are allowing this subcategory.I would like to see what the impact of a policy like this would be, so I setup a policy for this subcategory but set it to allow so I can look at the traffic log for everything that triggers on this rule. ...

KenKruger by Not applicable
  • 3710 Views
  • 3 replies
  • 0 Likes

request restart software

I had an issue where mgmt server and device srvr both where high in memory usage and commits where not taking place. I issued the following commandsdebug software restart device-serverdebug software restart management-serverwith no change except that the box was taken out of panorama and from the cli. you were unable to get infoshow session inf...

GlobalProtect OnDemand mode

Hello,We use PAN OS 4.1.1 and GlobalProtect 1.1.0, free version of GlobalProtect.We have configured GlobalProtect in OnDemand mode.When the GlobalProtect software starts it connects to the PA and try's to logon with the stored credentials (Username / password), i does this withoud giving a connect command.We do not want this because ervery time ...

Exploit:Win32/Pdfjsc.ABS will not recognized

The new PDF Exploit "Pdfjsc.ABS", which travels with a lot of Emails (for instance: "Here is the new Elster program" - Elster is the name of a german tax program), will not recognized by PAN-Firewall. Neither on Email nor on Webtraffic, so i can attache the virus on this thread.mfgManfred

mhuels by L3 Networker
  • 4788 Views
  • 4 replies
  • 0 Likes

Resolved! Monitor NAT Traffic?

Can anyone think of a method to monitor the NAT Translation? The back story is this... We have remote access points that point to a public IP address and then get NAT over to the private address of the wireless controllers. When we migrated to the PA, we spent a few hours trying to figure out why the remote APs weren't able to communicate with...

mcw015 by Not applicable
  • 25130 Views
  • 1 replies
  • 0 Likes

incomplete action

hellowe have our own web server which we host web sites fromI have setup my incoming nat rule followsource zone = untrusted des zone = umtrusteddes address = my internet port ip service = service-httpdes tran = my local web server ipSecurity rule source zone = untrusteddes zone = trusteddes address = my local web server ipapp = web-browsingin th...

High Dataplan CPU PA2050-4.1.6

I have only 28,000 active session at this time, which isn't a lot, and my CPU is roughly between 70-80% constantly. We are in our summer semester at school which doesn't have a lot of users on our network. I am nervous when people return in the fall they will be greated with slow internet and possibly crash the Palo Alto.We are running two Palo...

u10723 by Not applicable
  • 2491 Views
  • 1 replies
  • 0 Likes

Palo Alto 2020 doesn't close session when using AD authentication

Hi,This might be a really easy thing I have missed but when we try to authenticate against our AD users instead of strictly by IP and zone it works fine the first person to log on. But then if you log off and someone else with less privilages logs on they get whatever access the previous person had, which could be a problem especially if the las...

Resolved! what's mean counter url_request_pkt_drop?

Hello guys.I experienced increasing constantly counter "url_request_pkt_drop" when installed PAN to customer. PAN showed that counter means "the number of packets get dropped because of waiting for url category request"So I think that means simply packet dropping related URLs when not resolved URLs. I guess packet dropping of URLs that makes pro...

ttongfly by L3 Networker
  • 6421 Views
  • 3 replies
  • 0 Likes
  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks