This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4132 Views
  • 0 replies
  • 0 Likes

bypassed PAN box using free proxies

We are tested PAN 500 NFR in our lab . Did a search for youtube proxy on google and picked the first listed . Used them and bypassed the PAN box and was able to get to facebook and yahoo mail . I couldn't get to these sites through my browser directly . I am sure there are others, people can also use . I thought PAN prevented such circumventio...

usvi by L3 Networker
  • 3849 Views
  • 4 replies
  • 0 Likes

PA500 split tunnelling DNS question

HiHave a PA 500 set up for split tunnelling - so clients access internet locally and all other traffic is passed over VPN tunnel to our officeI have DHCP set up on PA box so clients get primary DNS server (local ISP one) and secondary DNS (office one)I have set up a rule from trust to untrust to allow application DNS and service DNS however i am...

sue_town by Not applicable
  • 4182 Views
  • 7 replies
  • 0 Likes

Gaming devices behind PAN firewall

We are using Capitive Portal for students on our campus. All students' devices including gaming devices get DHCP from a PA2050 and these IP ranges require CP. XBox seems to get DHCP and tries to connect to XBox Live servers, but fails. We don't see the CP login page. 1. If Xbox gets the same IP range that require CP, is it possible to have a pol...

kumara by L0 Member
  • 2223 Views
  • 1 replies
  • 0 Likes

Resolved! Issues with email reports on iOS devices

So interesting issue don't know if others have the same issue. Email reports that are generated in the firewall and sent via email on schedule. When I view the PDF on the iPad (newest version of iOS) there is no text in the report it only has the graphs and all text is missing. I have opened e PDF in the native viewer as well as good reader ar...

kkeeton by L2 Linker
  • 2787 Views
  • 1 replies
  • 1 Likes

uid-gids-cache timeout

Hi there,we use the pan-agent installed on a DC to read out the users of some AD groups. Works fine so far. The only problem we got is, that if a user is removed from an AD group, I will always have to run the "clear uid-gids-cache" command on the device to get the user removed from the PAN cache.The pan-agent doenst show the removed user any mo...

Cert issue with Captive Portal

We have installed a Comodo wildcard cert on our 2050 for use with the SSL-VPN and Captive Portal. IE and Chrome are fine, but Firefox always says the it can't verify the authenticity of the cert. I remember reading in another post that someone had to chain the intermediate and root certs together and import them into their PAN, but have no ide...

bvest by Not applicable
  • 2288 Views
  • 1 replies
  • 0 Likes

Permanently cached user to IP

Did a search, but nothing seems to answer my question:I would like input from more knowledgable folks on the problem described - the permanent caching of a "good" account on computers that are kiosk mode and logged in with "ignored" accounts. See example below:PC Kiosk1 and AD domain account "ignored1" set to ignore (via AD group memership and...

jasbeck by Not applicable
  • 5374 Views
  • 8 replies
  • 0 Likes

RDP incomplete session

RDP worked before the installation of PAN 500. Now I'm having an incomplete session on RDP (TCP handshake is dropping). How do I fix this:760 t.120 DISCARD FLOW NS 172.21.196.181[4483]/l3-trust/6 (70.159.69.130[2588])vsys1 98.142.94.202[3389]/l3-untrust (98.142.94.202[3389])

Resolved! Apps vs URL Profile - block application

Hi all,I tested this strange (imho) behaviour with PAN 2020 4.0.3:1. create a first security policy with ssl, http-proxy, dns but without web-browsing application (as you can see in 1.jpg) with action ALLOW2. create a following security policy with facebook application and action DENY3. create a final security policy for all other outbound traff...

panagent user identification problem with working groups on the active directory

Hi,i tried ad user identification with pan agent on the pa2050 box and windows2008R2.But i have some problemsfor example;i created one group which called MSN_DENY and added it 5 users like test 1,test 2,test3,test4,test5(whatever) .later i was write two security rule.firstly deny msn traffic for MSN_DENY group(rule1),secondly permit msn traffic ...

lildeniz by L3 Networker
  • 7070 Views
  • 11 replies
  • 0 Likes

HA Sync issues with content updates

I am running a pair of PA-4020s in HA mode on PAN OS 3.1.8. For about the last three or four Threat and App Content updates I have had sync issues. I have the active PA downloading and then syncing the content to the passive PA. This worked fine until now and we have had the 4020s in place since April. Anyone else having this issue or have any s...

Base64 encoded HTTP traffic.

Hi,I was reading the 2011-2012 buyers giude. There is a statement that describes Base64 encoded HTTP messages , used in command and control traffic for malware.The bot sets the User-Agent header value to “inter easy” and also receives a scrambledBase64 encoded command which means “sleep”: <!-- 2upczxAX.3Most network security controls would pa...

AD/LDAP Server authentication

Does anyone have any tips for getting AD/LDAP bind request working at the server. I have the PaloAlto sending and receiving the bind request to authenticate, but the server reply packet says the credentials are invalid (error code 52e - invalid credential). My AD server administrator says the requests aren't making it to the server, but I have...

sajens by L0 Member
  • 3799 Views
  • 1 replies
  • 0 Likes

Simple Policy Question

This is a simple one, but I couldn't find it specifically stated in the manual.When I define a security policy, are the Zone and Address exclusive of each other? In other words, if I select a zone,it requires I put in specific IP's or select Any. If I leave the IP's as any, but select a specific zone, will it only allow IP's from within that z...

cmaier by L1 Bithead
  • 3327 Views
  • 3 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks