This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4131 Views
  • 0 replies
  • 0 Likes

Resolved! VPN traffic capture

Hello, I need to capture what passes through a VPN site-to-site tunnel. I'd like to see the tunnel and not the ESP.With tcpdump you can use the command "tcpdump -i enc0" which decrypts the ESP.On Palo Alto, what is the equivalent command? Because with view-pcap follow yes filter-pcap <filename> I can only see the ESP.Thanks

Python script not working on PANos 10.2

Good Day, I currently extract custom reports for the strata firewall running PANos 9.1.x and 10.1.x using Python but I am having a problem running the same python script on PANos 10.2.x Has anybody else encountered this problem?

Lance by L2 Linker
  • 964 Views
  • 1 replies
  • 0 Likes

AD Groups not working in Policies

Hello all, this sounds very similar to a previous post I found on here but I could not see a resolution. Very basic. I am trying to block or allow a domain user from the internet, from LAN zone to WAN zone. This will not work if I have domain\user in the Source User Field. I can see a user when I run: admin@GeoffFirewall> show user ip-user-m...

GWynn_0-1694757547028.png
GWynn by L3 Networker
  • 11012 Views
  • 20 replies
  • 0 Likes

Enterprise PKI Cert Chain Error

Hello we have our enterprise CA and our PA firewalls have signed certs from it. Now for our captive portal, we also have a certi signed from our enterprise CA. Everything works and there is no browser error for certificate.But in the FW commit, we get a warning "Warning: cannot find complete certificate chain for certificate ..." I found the fo...

Azure SAML authentication not Happened via GP Agent

Hi All, We have implemented the SAML two-factor authentication for Global Protect users. We have tested via browser for SAML authentication, and the page successfully redirected to the Microsoft sign-in authentication page. After signing in, the Two-Factor Verification process was initiated, and access to the global protect portal was granted ...

Resolved! ping between vyos router and pa-vm not working

Hey all. I'm starting my PCSNA journey and I've been going through CBT Nuggets and have setup the CBT Nugget lab. My 1/6 interface 23.1.2.15/24 cannot ping my vyos router ip at 23.1.2.1/24 and vice versa. I have allowed ping via the interface management on interface 1/6 which is associated to the outside zone. I have a policy allowing traffic ...

Resolved! Site flagged as GRAYWARE (help!!)

I have detected that my website alde.es has been marked as grayware and it must be a mistake. It is a very simple website of a non-profit university association that has no advertising. I have checked everything on the server, updated plugins and wordpress. All the malware tests are correct except this one. How can I ask for my site to be re...

PA-3020 AutoCommit fails - commit force fails

Hey all!I have a problem with my second passive PA-3020. (7.1.7)We had a loss of power so the firewall was shutdown hard.When it's booting now, the autocommit fails.When I do a commit force, it says: "Threat database handler failed".Then I stumbled over this link: https://live.paloaltonetworks.com/t5/Featured-Articles/Threat-Database-Handler-Com...

MPI-AE by L4 Transporter
  • 23716 Views
  • 11 replies
  • 0 Likes

VPN Traffic to Internet

Hi Team, We have a requirement. Our PA Firewall has internet connectivity and VPN set to one of the peer end Forcepoint device. VPN is up and running. Traffic from Forcepoint LAN to MPLS connected to PA is all working over the VPN. Now the requirement is ANY traffic from Forcepoint site will reach PA firewall for both its internet and MPLS acces...

NTP Best practices

Hello, I have a PA firewall without panorama, at present I have public ntp servers in sync with pool.ntp.org which are default from PA. Is this good to use public NTP server or local NTP server ? Please let me know the best practices on this.

High Availability on ESXi for Panorama VM

Hi, we will deploy panorama VM on esxi server, but only bought 1 panorama license. So our users want to use high availability from the hypervisor Esxi. Im not familiar with esxi/vsphere. The question is, if we trigger high avilability from Esxi/vsphere, is the UUID and CPUID will change? Is any out there have deploy the panorama with th...

dns-signature cloud service connection refused.

Greetings:I am seeing in the System Log the following message "dns-signature cloud service connection refused" Checking the traffic logs the management IP address is not being blocked. Where do I look to resolve this error message? Thank you.

Resolved! Rename Device Group via CLI

Hello, As part of a large migration process we're maximizing the use of CLI to create configuration within NW, FW, HA dedicated templates, + template stacks + device groups. One area that I'm having difficulty with is the renaming of existing device-groups (containing existing member devices) via CLI. I'm aware of commands such as 'set device-gr...

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks