This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4129 Views
  • 0 replies
  • 0 Likes

Users With Two LDAP Accounts

Hi All,Our domain administrators have two Active Directory user acounts; a standard 'username' for normal day-to-day tasks, and a 'username_a' for administrative work. Occasionally, PA will pick up the '_a' account when checking group access instead of the standard account. Thes two accounts are permissioned differemtly with restricted access ...

sclarke by L0 Member
  • 2174 Views
  • 1 replies
  • 0 Likes

How to configure Captive Portal NTLM auth?

I have a customer who has AD and is using the UserAgent sucessfully.However, many users are not always logged in, or are using corporate hardware, so aren't logged in.I want to configure Captive Portal for non-logged in users that uses NTLM to authenticate users from the AD.I've found a few KnowledgePoint articles that come close (using RADIUS),...

User-ID Detection fails after install a second Terminal Server Agent

After installing 10 terminal server agents and 1 PAN-agent on a PA-2050 the appliance cannot connect to any agent.admin@mi2-pan2> show user pan-agent statisticsName IP Address Port Vsys State Users Grps IPs Activity Cnts Link Speed------------------------------------------------------------------...

mhuels by L3 Networker
  • 4393 Views
  • 5 replies
  • 0 Likes

Resolved! Multiple categories in Brightcloud

I've come across a few websites, when I run the URL in Brightcloud, can contain anywhere from 2 to 5 categories.When a URL has multiple categories in Brightcloud, which one does Palo Alto Networks choose?Here is a good example.www.coffeed.com (coffee Forum)Under PAN it shows up asSex EducationUnder brightcloud it shows up asSex Education ...

Deploying SSL decryption with Public CA

I am trying to figure out how to deploy SSL decryption. I have it working in a test environment using an in house CA and by importing the cert. into my browser. As we have Firefox users and can't export the Trusted Root CA with a GPO, I am looking for an alternative. As a CA beginner, I am struggling with some of the concepts.If a buy a cert for...

IPSec Tunnel to Windows Server

I have learned, PAN will only build route based and not policy based IPSec tunnels.We need encrypted communication between several Windows Server 2008 systems in the outback and a lot of them in the central office. Till now, we build a site-to-site VPN between the windows server (with the included "extended firewall") and a central Checkpoint sy...

mhuels by L3 Networker
  • 7658 Views
  • 8 replies
  • 0 Likes

User Identification Agent

Hi,I have a question concerning the User Identification Agent.Yesterday we had a problem with wrong user identification. The problem is solved in the meanwhile but it would be nice for me to understand how the agent works.To solve the wrong identification I enabled the following audit policies on our domain-controller:Audit account logon eve...

Virus: use of the packet capture

Hi, I wanted to know what you usually do when you see a Virus detected on the PA. How do you check that it is not a false positive? Do you use the packet capture in the case of a virus? Does the name/id of the Virus help you to find more details on the web?Thanks

Dynamic update sych in HA environment

We have a pair of 4050s in a HA configuration. I was wondering if there was anyone that has a best practice or advice on setting up the Dynamic update synch. We are looking for the best way to keep the environment up to date through dynamic update while in normal operation and when failed over to the secondary.With the primary FW dynamic update...

Why are new units shipped so out-of-date?

We have purchased eight units (2020s and 4020s) in the past two months and they all shipped with PANOS v3.1.4, no updates of any kind, and an incorrect setting for the URL filering (surfcontrol vs. brightcloud) which requires a full reboot to fix. It has been very time consuming to get all these units up-to-date before we can use them.I realize ...

KGC by L3 Networker
  • 3334 Views
  • 2 replies
  • 0 Likes

LDAP Authentication questions

Hi everyone,when I configure LDAP for authentication,then I'm getting the groups in the distinguished name (dn) format.I can choose them in policies and in the authentication profile.Now my questions,is the pan-agent then needed for policy authentication, too? Please explain why!when I add a group in the dn format to the allow listof an authenti...

indevis by L2 Linker
  • 5348 Views
  • 4 replies
  • 0 Likes

How to disable threatID for defined IP addresses

Hello!I would like to disable one threatID for specific sources/destinations (e.g. when source or destination is file sharing server), but I would like to enable it for all other users and/or addresses. Is it possible to do that?Thank you and best regards,Maja

mkopcic by L2 Linker
  • 3077 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks