This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Resolved! HA Link Monitoring.

Is there any pre-requisite to keep the interface speed and duplex to auto , auto if we are using them in HA Link Monitoring? During our HA Test our PA interfaces are kept in duplex auto , speed 1000 setting , we have shutdown the switch interface , PA has detected that that interface is down ( forced down) but it's not triggering the failover , ...

Sign On Error

I'm getting this error when trying to file a case in the support portal."Unable to provide subject and attribute info. Attribute mapping(s) failed: Mapping lookup 'getCustPortalUserfromCsp' returned empty result.You do not have access to this resource or an error occurred during the login process. Please see https://www.paloaltonetworks.com/comp...

whatok by L0 Member
  • 4632 Views
  • 5 replies
  • 0 Likes

CLI: create admin role

Hi, I'm struggling a bit to find an efficient way to create an admin role using the cli.Let's say I want to create an admin role and grant it all rights that can be found in the "Web UI" tab when using the web interface. Is there a command that basically does this?set shared admin-role webadmin role device webui ALL Right now the only way that I...

mlanterm by L0 Member
  • 6551 Views
  • 4 replies
  • 1 Likes

High Availability - Active goes down due to non-functional

Hello all,Last Sunday (6/26) at 5:37:27 PM, a failover occurred due to an Ethernet 1/22 interface down on the customer's Active Firewall. I have looked around the log to analyze the cause, but the CPU was not high and I couldn't find the cause. The figure below is ha-agent and route log. Do you know why such an error occurs? <routed.log>&l...

스크린샷 2022-06-27 오전 10.46.00.png
스크린샷 2022-06-27 오전 10.41.40.png
스크린샷 2022-06-27 오전 10.39.31.png

Incoming Email Not Flowing

Having an issue with my deployment. Incoming email is not flowing when deploying the PA. The cloud spam filter will not connect to the spam appliance (in DMZ) I can connect to the spam appliance with the external IP address so I believe NAT is not the issue I am also testing with any service until it connects. I included policy screenshots above...

Screen Shot 2022-07-17 at 1.15.31 PM.png
Screen Shot 2022-07-17 at 1.11.28 PM.png

Resolved! Aged Out in allowed traffic logs

Hi All, I have a doubt regarding aged-out feature in palo alto firewall.We are getting logs with allowed traffic towards different ports like port 23, 1433 etc.The device action is allow and in reason aged-out. I want to know that whether the traffic is really allowed or not. This is making too much confusion and kindly help me with this doubt....

ahmdsmr by L1 Bithead
  • 330315 Views
  • 11 replies
  • 0 Likes

SDWAN Zone Mapping

Trying to make sure I understand this correctly. For each zone to used within the SDWAN they must be mapped to the pre-defined SDWAN zones. For the following example would this be the correct method of mapping: Pre-SDWAN zones (same zones at all sites)UntrustPrivate WANTrust-1Trust-2Trust-3 SDWAN Zone MappingZone Internet: Untrust Trust-1, Tru...

Resolved! Can there be fallback authentication for GlobalProtect?

I ran into a scenario that rendered me useless remotely, and I'm wondering if I can configure secondary authentication for GlobalProtect...I used GP to VPN in remotely. My GP is set up to authenticate through Active Directory, and it works fine. I was updating my VMWare environment and SAN, in which I needed to power down all VMWare servers (i...

uscit by Not applicable
  • 4860 Views
  • 2 replies
  • 0 Likes

GlobalProtect agent download from direct URL

Hi everyone, Do you know if it's possible to block the download of the globalprotect agent via the direct URL ? The goal here is to force users to authenticate in the portal web page to be able to download the agent. Ex. for the 64bit agent :https://<my-portal-address>/global-protect/getmsi.esp?version=64&platform=windows If yes, could...

FabienJ by L2 Linker
  • 16850 Views
  • 19 replies
  • 0 Likes

can we allow sign in to webex only using defined company account ?

I have followed below article and tried to configure http header insertion in URL filtering profile , but still able to login using other company account.https://help.webex.com/en-us/m0jby2/Configure-a-List-of-Allowed-Domains-to-Access-Webex-While-on-Your-Corporate-Network#task_C0E05337A65BA687DD68241E79076D38 Also in url filtering log, no logs ...

Deepak25 by L3 Networker
  • 5802 Views
  • 4 replies
  • 0 Likes

Resolved! Aged Out Traffic

Hi All, Please help me on this. If I am doing telnet from one server then telnet is working fine but in firewall I can see the traffic is aged out.I need to know if any traffic is getting aged out, then it should not allow the traffic but how the traffic is allowed and also the person can do telnet.

PPradhan by L1 Bithead
  • 3772 Views
  • 1 replies
  • 0 Likes

Web Management GUI-SSL/TLS - Palo Alto Firewalls HA Active-Passive

Certificate doubt for Web Management GUI-SSL/TLS - Palo Alto Firewalls HA Active-Passive Good afternoon community,, I have an important question regarding the use of custom certificates for web-gui management. I understand that there are configuration parameters that are not synchronized and are detailed in these two links: https://docs.palo...

Metgatz by L4 Transporter
  • 5182 Views
  • 4 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks