This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4106 Views
  • 0 replies
  • 0 Likes

Resolved! New Anti-Spyware Signatures, false positives?

Hello, The latest application and threat content update this week added a couple of new anti-spyware signatures: medium 86759 AndroxGh0st Scanning Traffic Detection spyware alert medium 86760 AndroxGh0st Scanning Traffic Detection spyware alert These are being described as python malware exploiting your aws keys t...

axemte by L0 Member
  • 7490 Views
  • 1 replies
  • 0 Likes

Resolved! Certificate based Site to Site VPN (IKEv2)

Hello Folks, I am trying to build a site to site vpn between a Palo Alto firewall running 8.1.7 and a Checkpoint firewall. Settings are configured to use IKEv2 only with certificate based authentication. While the logs below are from lab setup, but the actual client problem are the same. PA and Checkpoint firewall certificates are signed by the ...

Udupi by L1 Bithead
  • 29675 Views
  • 12 replies
  • 1 Likes

SSL Inspection and SSL Labs

Outside of minimum and maximum supported tls versions and ciphers what are some things to look for on SSL Labs that would be breaking decryption. In the Palo decryption logs if it shows error "Early close notify" what would be something to look for as the root cause?

Claw4609 by L5 Sessionator
  • 5920 Views
  • 7 replies
  • 0 Likes

GP Compatibility on Windows Server

Hello, everyone. Does anyone know if you can install the Global Protect agent, on Windows servers, such as 2012, 2016, 2019???? Is there a documentation that tells me and confirms this? I see in the Palo Alto Firewall, that the computer does not give me the option to select a HIP OBJECT criteria, based on OS for example, for the Windows Servers,...

Matlu_NN by L2 Linker
  • 5872 Views
  • 6 replies
  • 0 Likes

Resolved! Is PA capable to scan for malware in Activesync/Outlook365 traffic?

Hi, We have PA-850 appliances with Wildfire and AV licenses. Recently we enabled the decryption of email traffic and now we are dealing with the data protection officer, he is asking us to detail what exactly is being inspected. At first I thought all attachments and URL were inspected. But then I found some information about link analysis only...

SSL decryption - How to deal with third party sites that don't install the intermediate certificate?

I turned on TLS (let's start calling it what it is) decryption for our IT personnel only a couple of years ago. It was considered a pilot and I always planned to work with our legal department to craft a policy and start rolling it out to the broader organization; however, it seems like every time I get ready to do that, one of our IT users rep...

Next Hop in default route using DHCP Comcast modem

Hello Group, I am setting up a PA-200 in my SOHO with comcast as my ISP. I have comcast for my isp and am using DHCP to optain my IP address. My question is this. Per the setup guide, if I check DHCP under the IPV4 tab, and check, Automatically create default route pointing to default gateway provided by server. Am I to assume this will creat...

BryanMay by L1 Bithead
  • 7171 Views
  • 5 replies
  • 0 Likes

Factory Reset

I was in the middle of setting up a PA 850 and in the end needed to conduct a factory reset. I issued the commands to put into maint mode and was able to log in with maint@ip and the serial number as the password through putty. I had to step away for something else and came back and my session ended. Tried logging in through ssh and GUI but I am...

Resolved! Minimum Code for PA-415/445

Hello, looking at the PA-415 for a small office and I can't seem to find the minimum code required. The datasheet shows performance results using OS 11.0 but there's nothing to indicate if you can use 10.2 code. TIA!

DHCP client support for IPv6

Hi, You can't configure an Ethernet Interface as a DHCP Client for IPv6 like the IPv4.Does anyone know this will be supported in the (near) future?I can't find anything about this.

MrKit by L0 Member
  • 3314 Views
  • 2 replies
  • 2 Likes

SMB traffic identified as active-directory

From one of our management servers (Windows Server 2016) SMB traffic is identified as active-directory, but from user clients it's correctly identified as ms-ds-smbv2. Anyone come across this? We have several storage solutions (NetApp filer, iSCSI, DFS on Fibre Channel storage), and it seems to happen with all of them. One more thing: this only...

Firewallupdates via Panorama - huge delay in download and install

Hello, I'm managing several PA firewalls (10.2.2, 10.2.3, 10.2.4-h2) via Panorama (10.2.4-h2), I noticed a delay in AV, Content and App update deployment, sometimes it's days or even weeks. For example, the App update is planned to check and install every 30 mins. Release time is 3:30 in the morning, now it's 6:40 am here and the downlo...

PA-U1.png
PA-U2.png
PA-U3.png
Netzer by L3 Networker
  • 2204 Views
  • 2 replies
  • 0 Likes

Resolved! ECMP Virtual Router Inquiry

Good day, I have an inquiry regarding virtual router. We are transferring our ISP from vsys2 to vsys1. So, we encountered a message while in the ECMP configuration that requires for the Virtual Router to be restarted. So, here's my questions, what services might be affected once we restart the VR and for how long does the restart will take? A...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks