General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! PAN-OS Certificate exprie and panorama

Currently, Panorama and the firewall are connected. However, the connection will be disconnected in April 2024. Even if the connection is lost, is it possible to connect through syslog?

qmso475_2-1706166397204.png
qmso475 by L3 Networker
  • 1867 Views
  • 1 replies
  • 1 Likes

Resolved! Force user GlobalProtect client refresh

Piggy backing off of this earlier thread (LIVEcommunity - Force GlobalProtect Portal refresh of connected clients? - LIVEcommunity - 514881 (paloaltonetworks.com)). It there a way whether by registry or whatever, to force the client to grab its new config. We are switching over from on-demand to always-on and want to have users connect without t...

Claw4609 by L5 Sessionator
  • 11116 Views
  • 10 replies
  • 0 Likes

Resolved! API call fortmat

Hello, I want to know, what is the issue with this API call?<request><content><upgrade><install><sync-to-peer>yes</sync-to-peer><version><lastest></lastest></version></install></upgrade></content></request> I would like to sync the content update by API call...

RobertoParra_0-1705959598802.png

WildFire Appliance Config Status Out of Sync

Hi, We are currently facing a issue with our WildFire Appliance, and we seek your assistance in resolving it. The config status at the WildFire Appliance is out of sync, with detail this " '/config/device/entry[localhost.localdomain]/deviceconfig/system/update-server' on remote, but not on panorama ". i am not sure how to get this fix. kind...

Screenshot 2024-01-24 145854.png

URLs visited

We use Palo Alto firewalls PA3020. How can I generate a report that shows how many times a URL has been visited? Also, can we see who visited the URL? Thanks!

CVE Description clarification

I'm looking at CVE-2023-6795 and in the description I see "enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall" This means that all admin included the readonly admin like the SuperUser (ReadOnly) can do the execute arbitrary code?

XSOAR Access denied

Hello We have a user with the same permissions that the other users in XSOAR and in CSP who cannot log in XSOAR. It keeps giving an error: Unauthorized 401403. Has anyone seen this? Regards

How to scan SFTP over SSH file transfers for virus or malware

Hi all, I just set up SSH decryption, also known as SSH proxy on the palo alto.When I look at the actual sessions, I do see a checked box near to decrypted, so according to me the decryption itself works.I also got a warning about a man in the middle attack after I enabled the decryption, because the keys changed. Now what I want to achieve, is ...

ION to ION (hub's) Standard VPN with BGP, route filtered and not reachable

I have a Hub to Hub standard VPN to connect the two together in place of a MPLS. The are peered with a Classic BGP session, site one sending a /20 prefix it has learned from it's core router. Site two sees that from the BGP Peer, but the route will not install, just shows in the filtered section, not the reachable.The next hop is site 1's end of...

nellson by L1 Bithead
  • 1612 Views
  • 1 replies
  • 0 Likes

Resolved! VPN issue with a single stack for multiple firewalls

Hello the Palo Alto community, I'm trying to create a simple template stack for firewalls with the same topology (WAN interface on eth1/1, 1/2.x for internal VLAN, etc...) and use variables for each device. I'm facing an issue with the VPN part. If I don't create the IKE Gateway locally on the firewalls, I get a failed commit without any furth...

Bytes sent by Firewall is too high, seems abnormal.

Hi everyone! Greetings to all. I was just curious since I've been seeing traffic logs packets which are Gb's and Tb's in size. I am not sure if this is a wrong display but I am pretty sure there was no such traffic in my network. I am currently running PANOS 10.1.8 Is this a bug? Regards, Renz

Resolved! URL Categorization suddenly failing as not-resolved for Google search URLs

Is anyone else seeing sudden failures in URL categorization for Google searches? Starting within the last hour or so we are seeing intermittent blocks as not-resolved for search URLs, but not for the Google homepage or any other websites (that I have been able to find so far). Initial error seem to be a HTTP2 compression error to the Google serv...

2023-09-06_135545.png

Resolved! Automatically blocking IP's after a certain number of Global Protect pre-login failures?

I've just recently started getting blasted with Global Protect portal pre-login failures, coming from a bunch of illegitimate IP's. They all fail because I use certificate authentication and the client cert is not present on the attacker's device. I have have the NGF set up to email me every time this happens and I'm getting just blasted with e...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels