This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4440 Views
  • 0 replies
  • 0 Likes

Resolved! GlobalProtect user in RDP login?

Anyone know why, after installing Globalprotect, I see an empty user account with the GlobalProtect icon as an option when trying to RDP to remote desktops? I've noticed it on every machine after installing GP... I'm hoping it is a config option that can be turned off somewhere but I'm not sure what it is for. On my home computers it is actuall...

GP-account.png
jsalmans by L4 Transporter
  • 5647 Views
  • 4 replies
  • 0 Likes

I really need to be able to open up support tickets

Message boards and communities are not going be sufficient for our day to day needs. It has become impossible to actually open a support case. I need detailed instruction on how to open a support case that connects me with a live person.

Sbrown88 by L0 Member
  • 1636 Views
  • 1 replies
  • 0 Likes

Moving rules and objects between VSYS (device groups) in Panorama

I am trying to move security rules from one VSYS (or rather device group) to another VSYS in Panorama. It fails when I try to use 'Move' in GUI because objects (addresses, services) are not moved yet. But when I try to move objects I can't because they are used in rules which are not moved yet.... typical Catch22;) So I am trying to use copy in ...

niuk by L3 Networker
  • 3384 Views
  • 2 replies
  • 0 Likes

Resolved! Firewall Reboot with Some Critical Comments

Hi everyone, Devices get restarted suddenly with critical comments. Firstly DP restarted and after that system restarted. I will share the critical comments that are from autoassistant. We faced with this issue 2 times. For the first one; TAC engineer said us this is a version bug and fixed on 10.1.6. Now device already on 10.1.6 but faced wit...

talhatemel_0-1660033907601.png

Resolved! Blocking DNS-over-https

Hi, I plan to create security policy rules to block dns-over-https and dns-over-tls. Is it also recommended to block dnscrypt? In regards to dns-over-https. If the browser attempts this and fails, does it fallback to using the client's configured dns servers?

ce1028 by L4 Transporter
  • 14752 Views
  • 6 replies
  • 0 Likes

Resolved! Disable ciphers

Hi guys, Would like to know how to disable the following ciphers: TLS_DHE_RSA_WITH_AES_256_CBC_SHATLS_DHE_RSA_WITH_AES_128_CBC_SHATLS_ECDHE_RSA_WITH_AES_256_CBC_SHATLS_ECDHE_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHATLS_RSA_WITH_AES_128_CBC_SHA Can i follow the following KB to disable:https://knowledgebase.paloaltonetworks.com/...

JingKai by L1 Bithead
  • 3495 Views
  • 2 replies
  • 0 Likes

UserID Monitored server (WinRM-HTTP) gets Kerberos error.

Hi,We tried this: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-server-monitoring-using-winrmIt seems like config is OK but we are getting "kerberos error" in status ofr this server monitored. Where can we see whats happening about this error? useridd logs doesnt show anythimng.

BigPalo by L4 Transporter
  • 28489 Views
  • 6 replies
  • 0 Likes

Software End-of-Life policy vs end of support

How long will a software listed as end of life ( https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary ) be supported? I have read conflicting information on this. I suppose support could be defined as:1) Receive general tech support if a case is opened2) Receive software updates forissues I ask as 8.0 i...

Reading counter flow errors

Hi All, Apologies as I am still new and trying to learn Palo Alto. I encountered an issue wherein a new switch is causing a large number of packet drop parse. I found it on the IP below. How do you interpret the logs generated? The 10.5.4.100 is a Dell device, while the 10.5.4.2. I am unable to look up the MAC address. Thank you in adv...

mudvayne15_0-1660691821831.png
mudvayne15_1-1660691830234.png

Unable to categorize my companies URL

Hi, I am unable to categorize my companies URL on behalf of one of our customers, that uses a Paloalto firewall. My colleague received the following message when attempting to perform this action: "In the meantime, Palo Alto Networks URL Filtering allows you to create custom URL categories that best suit your unique business needs. Pleas...

Migration Issue from PA-500 (HA-Active/passive) to PA-3220 with HA-Active/Passive

Hello, Hi Brothers, Existing PA-500 (PAN-OS 8.1.17) and New PA-3220 (PAN-OS 8.1.17) I tried to export the running config from FW (PA-500) as XML format and import it into the new FW (PA-3220) Shows me a lot of error and warning as there is a lot of discrepancies as following DetailsValidation Error:deviceconfig -> high-availability -...

Resolved! QoS Configuration Subnet /32

I have followed below link to configure a QoS setting for testing purpose. Configure QoS (paloaltonetworks.com) I have specify only 1 ip 192.168.1.x /32 in QoS profile and also tried to specify in the interface clear text traffic. In the result the QoS not only apply in only the IP that I specify but it apply all traffic going out through th...

JiaXiang by L4 Transporter
  • 3519 Views
  • 3 replies
  • 0 Likes

With PanOs and DUO (As 2FA), Entering on Windows Globalprotect ask to duo indefinitely.

Hello Everybody, We have recently upgraded our Firewalls to PanOs 10.2.2. We have DUO as a second factor authentication. The config we have is with "Always On" , from the upgrade, When a Computer starts, the user enter the credentials, and then Globalprotect try to connect to the VPN (Single Sign on active). The trouble arrives if the user ...

Resolved! Upload and Download QoS

May I ask how to configure upload and download QoS? I have tested whether I perform upload or download, the QoS always hit LAN->WAN policy. The result is different from what this article said. https://live.paloaltonetworks.com/t5/general-topics/qos-bandwidth-limitation-download-amp-upload/m-p/315516#M81270 My customer wants to do so is that...

  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks