This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4431 Views
  • 0 replies
  • 0 Likes

GlobalProtect Always-On (6.3.3-c711) – Users Stuck in “Connecting” State but Still Have Internet Access

Hello everyone, We are running GlobalProtect 6.3.3-c711 in an always-on architecture for our end users. Our setup is as follows: Always-On enabled Full tunnel configuration (all traffic routed through GlobalProtect) Portal → App settings → Restoration interval set to 0 to strictly enforce VPN usage Expectation: If VPN connectivity is una...

Resolved! PA-460 Upgrading from 10.2.3-h9 to 11.2.0

Hi Guys! I was in my way to upgrade my PA-460 from the version 10.2.3-h9 to 11.2.0, i tried to use the Validate button, to take a look at the upgrade path, but i can't see any result, but i still have my doubts, I saw that in the Documentation says that if you have 10.2.x you can jump into the 11.0 direct (Determine the Upgrade Path to PAN-...

R.Tudon by L1 Bithead
  • 19384 Views
  • 7 replies
  • 2 Likes

Resolved! Authentication Sequence Profile with SAML

Hi, I'm trying to configure in Strata Cloud Manager an Authentication Sequence Profile for our Prisma Access Tenant so users can use two different IdPs. We are using SAML with Entra and are integrating a new company with their own Entra Tenant, so the idea is to have a sequence if the authentication fails in the first Entra it will try in the ...

Resolved! Decryption suddenly failed for all Webpages using Sectigo Certs

Hi everyone,Suddenly Websites which are using Sectigo Certs stopped working because the Certificate is not trusted anymore after decrypting. for example: a.) https://client.mobilitybusiness.totalenergies.com/signInb.) https://login.teamviewer.com/LogOn/ Our Traffic log looks like this: ( cn contains 'teamview' ) and ( error eq 'Received f...

Blyat_tschuli_0-1768379179505.png
Blyat_tschuli_1-1768379179509.png
Blyat_tschuli_2-1768379179510.png

PA-440 to PA-1410

I have a PA-440 running PAN-OS 10.2 and a target PA-1410 running PAN-OS 11.4.7-h1.I would like to export the configuration from the PA-440 and migrate it to the PA-1410 without upgrading the PA-440. every time i import the PA-440 config to the 1410, i cant access the new FW with https, and it does not show all the interfaces it has.

Resolved! Discussion Forum Analysis

Is there an easy way to analyze discussion forum interactions in a given timeframe without going page by page to painstakingly collect data points? I have tried Gemini but my test time periods are never correct. Any suggestions would be welcome.

Duo SSO With GlobalProtect Client Connection Not Getting Established

I’m encountering an issue with our GlobalProtect VPN setup, which uses LDAP for user authentication and DUO SSO for multi-factor authentication (MFA). The process works as follows:1. Users launch the GlobalProtect application.2. They are prompted to enter their LDAP username and password, which are accepted.3. After successfully completing the D...

Excel downloads being blocked

In the last couple of days we've been getting reports from multiple users that they are being blocked from downloading .xlsx files from a cloud service. I can see that there are multiple entries in the Data Filtering log for each file, and then final one is showing a Threat ID of BIN file and being denied. Anyone seen anything similar?

Peter_Neville_0-1766139340125.png

TAP interface questions

I'd like to monitor a portion of my network on my failover PA in TAP mode. Will this affect my HA pair at all? Is it possible to set up an aggregate TAP of 2 ports? thanks in advance...

PA-415-5G not working with fresh T-Mobile SIM

Hello yall!I am currently having trouble getting my PA-415-5G working with a new T-Mobile sim. I have the "Bus Int Unl Elig BYOD" plan. I see that the firewall can recognize the sim card, but it gets stuck on the: Registration State : SearchingActivation State : DeactivatedPS State : DetachedProvider : NoneTechnology : None This is also a br...

Source user not showing in traffic logs

I have the agentless user-id configured in my PA-500, software is 5.0.4. If I do a "show user ip-user-mapping all", it retrieves a list of usernames. However, in my traffic logs (which is currently only limited to a few machines that are running through it), there is almost no log entries with a source user listed.Most of the entries are a PC ...

uscit by Not applicable
  • 23555 Views
  • 10 replies
  • 0 Likes

Concern Regarding Inclusion of Open-Source Projects in "Shareware and Freeware" Category in Advanced URL Filtering

Hello Palo Alto Community, I am writing to raise a concern regarding the categorization of websites under Palo Alto Networks' Advanced URL Filtering. Specifically, I have noticed that sites providing access to open-source projects (such as Github, git-scm.com or sourceforge.net) are included within the "Shareware and Freeware" category. Accor...

resources-unavailable for DNS-base traffic

Model: Palo Alto PA-3420Software version: 11.2.4-h1 Most of our dns-base traffic has the "session end reason" resources-unavailable suddenly. We're also having trouble loading webpages. The resources-unavailable reason is only on DNS-base traffic and it is for DNS traffic to our 2 internal DNS servers, but also from our DNS-server to the forwa...

adminglu by L1 Bithead
  • 7366 Views
  • 10 replies
  • 1 Likes

Enquiry on SSL VPN Web Mode for Remote Users

Hi All, Would like to enquire if upcoming there will be a feature release or route map on SSL VPN web mode for remote users. The use case is as such: Users to connect and login to GlobalProtect Client from their endpoint After successful connection established, users to access web portal to access configured the web portal for SFTP related ...

  • 24374 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks