This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4113 Views
  • 0 replies
  • 0 Likes

Global Protect on IOS Always ON VPN sanity check

I've had a Palo Alto case open for almost 9 months now that appears to have devolved into a finger pointing match between Apple and PAN and I'm going to have to make some decisions here, I don't know if anyone else uses that functionality or not. Apple re-wrote the VPN APIs around IOS version 12.1 where they only allow "Connect on demand" (AKA ...

WMI access denied in System Logs but Device > User Identification shows connected on all DC's

Hello, I've seen on my Palo Alto 3220 system logs dashboard applet a ton of Access Denied messages regarding our domain controllers. However if I go over to Device > User Identification, all 4 of our DC's there are listed as connected in green. All 4 are Microsoft Active Directory, WinRM-HTTP. If they are green and connected there, why am ...

ksauer507 by L3 Networker
  • 23611 Views
  • 3 replies
  • 0 Likes

Access Denied (Server Monitor)

I configured the Base name and bind name properly but we facing the following error in putty “pan_user_id_win_get_error_status(pan_user_id_win.c:1130): WMIC message from server AD-Monitor: NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied” and “pan_user_id_win_wmic_log_query(pan_user_id_win.c:1439): log query for AD-Monitor failed: NTSTATUS: NT...

shafi.md by L0 Member
  • 37755 Views
  • 5 replies
  • 1 Likes

schedule security rules

I have 2 security rules, one needs to run office hours and one needs to run non-office hours. If the tcp session remains (not closed) can the same traffic use different security rules based on time ? or because the tcp session remains and it will stick with the current rule and never use the other security rule even the time changes?

issues using aka.ms in a firewall rule

Microsoft makes extensive use of the name aka.ms to map to thousands of IPs in its Akamai content delivery network. I find that i have issues trying to use FQDN host object aka.ms in a firewall rule. Many times traffic doesnt hit the rule. I suspect its because Palo's periodic update of its IP table for aka.ms misses some of the addresses in use...

Install a single Host Defender (twistcli)

Install defender failing sudo ./twistcli defender install standalone host-linux \--address https://<CONSOLE> \--user <USER> Ref : https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_defender/install_host_defender Error: ./twistcli: line 1: syntax error near unexpected token `<'./tw...

karthik by L0 Member
  • 2816 Views
  • 1 replies
  • 0 Likes

PAN-OS User-ID Issue and Workaround

I upgraded to PAN-OS 10.0 yesterday and encountered an unusual bug when pushing out a config to my 3220. I opened a case, but figured I would post it here as well, but don't expect screenshots. Symptom: After the Panorama upgrade a commit to the 3220 was giving the following error: Need to config WMI account and password for querying Microsoft ...

panorama opt/pancfg full,how to clear .

the customer find the panorama could not push new config file to firewall,check the disk space,find the opt/pancfg space avail is 0.so they reference aritcal kb,clear some file in the opt/pancfg.include :GUI: Panorama > Software => Delete the old software which is unused by using the "x" button on the last columnGUI: Panorama > Dynamic ...

Felixcao by L3 Networker
  • 13217 Views
  • 3 replies
  • 0 Likes

Global Protect doesnt connect to any portal after connecting to a client certificate authentication portal

There's portal A without client certificate auth There's portal B with client certificate auth, when i do the following: Successfully connect to portal A, Successfully connect to portal B, select a certificate and all of that, Now im no longer allowed to connect to portal A, or any other portal thats password based, only to portal B. (The only...

Resolved! Commit "Change Summary"

Hi All,We have upgraded the Panorama to 10.1.5-h1 version succesfully. After upgrade we have faced two issues with this new version as described below;The Frist one; On the commit windows "Change Summary" button cannot be clicked. We have tried different browsers but it's same on all.Second one; When we search an item via "Global Find" to direct...

ChangeSummary.PNG

Support portal error

Hi everyone! I work in PA's partner company and we have customer support portal account. But recently I'v started to get error after log in on the portal. This error is shown in an attachment photo. I wrote to nextwave support but I haven't received any answewr yet besides that "ticket has opened and we will respond you". I still haven't recaive...

1.jpg
Mishin by L1 Bithead
  • 3920 Views
  • 3 replies
  • 0 Likes

Global Protect Linux Custom HIP Check - Process

My client is looking to perform additional validation on systems connecting to their Global Protect gateways to ensure they are company owned systems. They use BigFix to manage their endpoints and they know if the Linux client is running the BigFix process it is running a company deployed image. They would like to create a custom HIP check to id...

Resolved! Is there a way to configure PA 5220 as L3/4 or L7 load-balancer?

Hi, We have two PA 5220 and we are wondering if there is a method to utilize them as load-balancers in addition to their main use as firewalls? Is it doable? If yes, do you recommend such use case for production environment? The goal is to load balance between two services using TCP or Diameter protocol. Appreciate your answer and advice...

  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks