General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

GlobalProtect Always-On (6.3.3-c711) – Users Stuck in “Connecting” State but Still Have Internet Access

Hello everyone, We are running GlobalProtect 6.3.3-c711 in an always-on architecture for our end users. Our setup is as follows: Always-On enabled Full tunnel configuration (all traffic routed through GlobalProtect) Portal → App settings → Restoration interval set to 0 to strictly enforce VPN usage Expectation: If VPN connectivity is una...

Resolved! PA-460 Upgrading from 10.2.3-h9 to 11.2.0

Hi Guys! I was in my way to upgrade my PA-460 from the version 10.2.3-h9 to 11.2.0, i tried to use the Validate button, to take a look at the upgrade path, but i can't see any result, but i still have my doubts, I saw that in the Documentation says that if you have 10.2.x you can jump into the 11.0 direct (Determine the Upgrade Path to PAN-...

R.Tudon by L1 Bithead
  • 19941 Views
  • 7 replies
  • 2 Likes

Resolved! Authentication Sequence Profile with SAML

Hi, I'm trying to configure in Strata Cloud Manager an Authentication Sequence Profile for our Prisma Access Tenant so users can use two different IdPs. We are using SAML with Entra and are integrating a new company with their own Entra Tenant, so the idea is to have a sequence if the authentication fails in the first Entra it will try in the ...

Resolved! Decryption suddenly failed for all Webpages using Sectigo Certs

Hi everyone,Suddenly Websites which are using Sectigo Certs stopped working because the Certificate is not trusted anymore after decrypting. for example: a.) https://client.mobilitybusiness.totalenergies.com/signInb.) https://login.teamviewer.com/LogOn/ Our Traffic log looks like this: ( cn contains 'teamview' ) and ( error eq 'Received f...

Blyat_tschuli_0-1768379179505.png
Blyat_tschuli_1-1768379179509.png
Blyat_tschuli_2-1768379179510.png

PA-440 to PA-1410

I have a PA-440 running PAN-OS 10.2 and a target PA-1410 running PAN-OS 11.4.7-h1.I would like to export the configuration from the PA-440 and migrate it to the PA-1410 without upgrading the PA-440. every time i import the PA-440 config to the 1410, i cant access the new FW with https, and it does not show all the interfaces it has.

Resolved! Discussion Forum Analysis

Is there an easy way to analyze discussion forum interactions in a given timeframe without going page by page to painstakingly collect data points? I have tried Gemini but my test time periods are never correct. Any suggestions would be welcome.

Duo SSO With GlobalProtect Client Connection Not Getting Established

I’m encountering an issue with our GlobalProtect VPN setup, which uses LDAP for user authentication and DUO SSO for multi-factor authentication (MFA). The process works as follows:1. Users launch the GlobalProtect application.2. They are prompted to enter their LDAP username and password, which are accepted.3. After successfully completing the D...

Excel downloads being blocked

In the last couple of days we've been getting reports from multiple users that they are being blocked from downloading .xlsx files from a cloud service. I can see that there are multiple entries in the Data Filtering log for each file, and then final one is showing a Threat ID of BIN file and being denied. Anyone seen anything similar?

Peter_Neville_0-1766139340125.png

TAP interface questions

I'd like to monitor a portion of my network on my failover PA in TAP mode. Will this affect my HA pair at all? Is it possible to set up an aggregate TAP of 2 ports? thanks in advance...

Source user not showing in traffic logs

I have the agentless user-id configured in my PA-500, software is 5.0.4. If I do a "show user ip-user-mapping all", it retrieves a list of usernames. However, in my traffic logs (which is currently only limited to a few machines that are running through it), there is almost no log entries with a source user listed.Most of the entries are a PC ...

uscit by Not applicable
  • 23841 Views
  • 10 replies
  • 0 Likes

Concern Regarding Inclusion of Open-Source Projects in "Shareware and Freeware" Category in Advanced URL Filtering

Hello Palo Alto Community, I am writing to raise a concern regarding the categorization of websites under Palo Alto Networks' Advanced URL Filtering. Specifically, I have noticed that sites providing access to open-source projects (such as Github, git-scm.com or sourceforge.net) are included within the "Shareware and Freeware" category. Accor...

resources-unavailable for DNS-base traffic

Model: Palo Alto PA-3420Software version: 11.2.4-h1 Most of our dns-base traffic has the "session end reason" resources-unavailable suddenly. We're also having trouble loading webpages. The resources-unavailable reason is only on DNS-base traffic and it is for DNS traffic to our 2 internal DNS servers, but also from our DNS-server to the forwa...

adminglu by L1 Bithead
  • 7520 Views
  • 10 replies
  • 1 Likes

Enquiry on SSL VPN Web Mode for Remote Users

Hi All, Would like to enquire if upcoming there will be a feature release or route map on SSL VPN web mode for remote users. The use case is as such: Users to connect and login to GlobalProtect Client from their endpoint After successful connection established, users to access web portal to access configured the web portal for SFTP related ...

Stale SIP Sessions

Hello all, We seem to have an issue with sip sessions being stuck in the session monitor for weeks and sometimes months. There have been instances, albeit extremely rare, where it prevented new sessions from being formed on a sip trunk we were testing (it's being moved off of the firewall for production). Once I cleared the stuck session we we...

stalesessions.png
stalesessionssip.png
ClintL by L2 Linker
  • 19713 Views
  • 11 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels