General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Android Samsung update doesn't work

Hello everyone, I can't solve the problem of updating Samsung smartphones running Android connected to the company Wi-Fi network.I created a custom rule for mobile phone updates, but it still doesn't work. Everything is set to allow in the monitoring, but it still doesn't work.I have run several tests, minimizing the rule configuration, but it s...

G.Geraci by L0 Member
  • 2562 Views
  • 4 replies
  • 0 Likes

FortiGate 501E & FG1101F equivalent Palo Alto model (below PA-5000)

Hello, I am planning to migrate from Fortinet to Palo Alto. Current firewall: FortiGate 501E Edge & DC Current Firewall: FortiGate 1001F Edge & DC Deployment: Enterprise edge All security features enabled (IPS, App-ID, URL filtering) I am looking for the closest Palo Alto equivalent model, Which model would you recommend and why? T...

Resolved! About PAN-301496

Attention: Global TPM team, Hi, I found PAN-301496 in PAN-OS 12.1.4 Addressed Issues.https://docs.paloaltonetworks.com/ngfw/release-notes/12-1/pan-os-12-1-4-known-and-addressed-issues/pan-os-12-1-4-addressed-issues Is this issue fix in PAN-OS 11.2? Best regards,MasaW

MasaW by L2 Linker
  • 4025 Views
  • 2 replies
  • 0 Likes

Resolved! Outlook and mapi-over-http

Hello team, Today, I had problems connecting Outlook 2019 to Exchange Online. After analyzing: it turned out that my PA suddenly started dropping the Mapi-over-http application, which it didn't need previously. What could be causing this behavior?

Resolved! MANDATORY ACTION REQUIRED: Device Certificate Enforcement affects PA-440

Hi everyone, We have a pair of PA-440 and when we login to the dashbaord we are greeted with a notification on the Device Certificate enforcement (I have attached a screenshot of the warning). When I have gone through the Customer advisory they clearly stated that the PA-4xx series are not affected by this enforcement. Now we do have the f...

Food for Thought - Data Redistribution during HA Failover - User-ID

Hi All, I thought I would share something that gave me grief this week. Background Firewall A and firewall B are in an HA pair. Both firewalls are configured to connect to a User-ID agent sitting on a Windows host within the environment. Firewall A is configured as the data redistribution agent to redistribute User-ID information to oth...

nohash4u by L3 Networker
  • 3172 Views
  • 2 replies
  • 0 Likes

Resolved! PA 220

Got a question. I'm seeing a red light on ALM ( icon) on our PA 220. I did some research and it says that ALM (Application and Threat Content Updates) indicator of a Palo Alto 220 firewall, it typically indicates that there is an issue with the firewall's ability to download or install the latest content updates as per our Local IT the netw...

weezy by L3 Networker
  • 3354 Views
  • 2 replies
  • 0 Likes

Resolved! IKEV2 Errors in Log

On my PA-500 and PA-820's when I have a IKEV2 tunnel I tend to see this alot. Both of these are running 8.0.10 'IKEv2 SA negotiation is failed. received notify type TS_UNACCEPTABLE Trying to figure out what is causing this. Anyone have any ideas

gzygadlo by L1 Bithead
  • 51187 Views
  • 6 replies
  • 0 Likes

Windows-Remote-Management & Implicit Use of Web-Browsing

I need your help with understanding this. We've got a rule that was intermittently working. We built a rule around the use of "windows-remote-management" which is using the standard port of 5985/tcp. The rule is a service "application-default" rule. When we look through the logs we see that some of the traffic that should be matching this...

Brandon_Wertz_0-1766598734776.png

CVE-2025-14847 MongoDB Server Bulnerability

A MongoDB vulnerability (CVE-2025-14847) was recently disclosed. We would like to verify whether Palo Alto Networks NGFW and any other Palo Alto Networks solutions are affected by this vulnerability, and if so, what mitigations or updates are recommended.

JunSuLee by L0 Member
  • 2455 Views
  • 1 replies
  • 1 Likes

Trying the DNSProxy feature for Static Response

Hie, Situation - Wanted to kaminsky the DNS Responses for my client from the FWComplication - None of the dig are responded Need your help on this? Client Requests for Promise/Spoofed IP keviv@keviv-VMware-Virtual-Platform:~$ ifconfig ens37ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.21.21 netmask 255.255.255.0 ...

ocpfn4 by L0 Member
  • 450 Views
  • 0 replies
  • 0 Likes

Cloud NGFW Credits issue

Hello All,I recently purchased Cloud NGFW for azure and purchased paloalto credits as well.my Azure NGFW shows as PAYG ( Pay us you go) instead of showing license with my credit.is it possible to change my PAYG license to credit based.

M.vyas by L0 Member
  • 3391 Views
  • 6 replies
  • 0 Likes

licence

Hi.My license expires today.I got a new one, but it's for one month, not a year. Why wasn't my license renewed for a year?

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels