This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4107 Views
  • 0 replies
  • 0 Likes

Resolved! Blocking DNS-over-https

Hi, I plan to create security policy rules to block dns-over-https and dns-over-tls. Is it also recommended to block dnscrypt? In regards to dns-over-https. If the browser attempts this and fails, does it fallback to using the client's configured dns servers?

ce1028 by L4 Transporter
  • 14527 Views
  • 6 replies
  • 0 Likes

Resolved! Disable ciphers

Hi guys, Would like to know how to disable the following ciphers: TLS_DHE_RSA_WITH_AES_256_CBC_SHATLS_DHE_RSA_WITH_AES_128_CBC_SHATLS_ECDHE_RSA_WITH_AES_256_CBC_SHATLS_ECDHE_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHATLS_RSA_WITH_AES_128_CBC_SHA Can i follow the following KB to disable:https://knowledgebase.paloaltonetworks.com/...

JingKai by L1 Bithead
  • 3384 Views
  • 2 replies
  • 0 Likes

UserID Monitored server (WinRM-HTTP) gets Kerberos error.

Hi,We tried this: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-server-monitoring-using-winrmIt seems like config is OK but we are getting "kerberos error" in status ofr this server monitored. Where can we see whats happening about this error? useridd logs doesnt show anythimng.

BigPalo by L4 Transporter
  • 27798 Views
  • 6 replies
  • 0 Likes

Software End-of-Life policy vs end of support

How long will a software listed as end of life ( https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary ) be supported? I have read conflicting information on this. I suppose support could be defined as:1) Receive general tech support if a case is opened2) Receive software updates forissues I ask as 8.0 i...

Reading counter flow errors

Hi All, Apologies as I am still new and trying to learn Palo Alto. I encountered an issue wherein a new switch is causing a large number of packet drop parse. I found it on the IP below. How do you interpret the logs generated? The 10.5.4.100 is a Dell device, while the 10.5.4.2. I am unable to look up the MAC address. Thank you in adv...

mudvayne15_0-1660691821831.png
mudvayne15_1-1660691830234.png

Unable to categorize my companies URL

Hi, I am unable to categorize my companies URL on behalf of one of our customers, that uses a Paloalto firewall. My colleague received the following message when attempting to perform this action: "In the meantime, Palo Alto Networks URL Filtering allows you to create custom URL categories that best suit your unique business needs. Pleas...

Migration Issue from PA-500 (HA-Active/passive) to PA-3220 with HA-Active/Passive

Hello, Hi Brothers, Existing PA-500 (PAN-OS 8.1.17) and New PA-3220 (PAN-OS 8.1.17) I tried to export the running config from FW (PA-500) as XML format and import it into the new FW (PA-3220) Shows me a lot of error and warning as there is a lot of discrepancies as following DetailsValidation Error:deviceconfig -> high-availability -...

Resolved! QoS Configuration Subnet /32

I have followed below link to configure a QoS setting for testing purpose. Configure QoS (paloaltonetworks.com) I have specify only 1 ip 192.168.1.x /32 in QoS profile and also tried to specify in the interface clear text traffic. In the result the QoS not only apply in only the IP that I specify but it apply all traffic going out through th...

JiaXiang by L4 Transporter
  • 3408 Views
  • 3 replies
  • 0 Likes

With PanOs and DUO (As 2FA), Entering on Windows Globalprotect ask to duo indefinitely.

Hello Everybody, We have recently upgraded our Firewalls to PanOs 10.2.2. We have DUO as a second factor authentication. The config we have is with "Always On" , from the upgrade, When a Computer starts, the user enter the credentials, and then Globalprotect try to connect to the VPN (Single Sign on active). The trouble arrives if the user ...

Resolved! Upload and Download QoS

May I ask how to configure upload and download QoS? I have tested whether I perform upload or download, the QoS always hit LAN->WAN policy. The result is different from what this article said. https://live.paloaltonetworks.com/t5/general-topics/qos-bandwidth-limitation-download-amp-upload/m-p/315516#M81270 My customer wants to do so is that...

Resolved! HELP - my Website is being blocked by GlobalProtect

We have produced a new website for a customer https://vertexgis.uk/ , but their key target audiences in the UK all use GlobalProtect and their website is being blocked as it is seen as a new site although it is now about 3 months old. Please can anyone help and advise how we can urgently get this website unblocked. It would not look profession...

Cisco VPN Behind PA-3220

We have a third-party that borrows our network to establish a VPN tunnel back to their office via a Cisco 881 ISR. We have it on a segregated guest network and it establishes an ike/ipsec tunnel back to their ASA over our internet connection. Workstation --> Cisco 881 --> [Guest Network] --> Palo Alto FW --> Internet --> Cisco A...

Someone school me on Syslog and Panorama

I have Panorama managing roughly 10 firewalls. I have logging setup on those FWs to send to Panorama, email and send syslog to a 3rd party host. I struggled immensely trying to get everything configured correctly on PANORAMA and the FWs themselves to even send logs. The syslog server is getting the logs but they are all coming from PANORAMA ...

drewdown_0-1659635032714.png
drewdown by L4 Transporter
  • 2892 Views
  • 1 replies
  • 0 Likes

Not getting proper SMTP traps for power supply removal and insertion

Hi Folks, We have PA-5260 in HA pair in our environment. Recently we had configured SNMPv2 traps on Palo Alto firewall to forward traps to our SNMP server and configured Log forwarding to forward All system logs as traps to the SNMP server. Specifically we need to forward power supply related traps forwarding. Yesterday we had removed on of...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks