This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4464 Views
  • 0 replies
  • 0 Likes

Resolved! unkown-tcp/udp session timeout?

Dear all,What is the session timeout for unknown-tcp/udp?Since this is an application which has no values set for timeout, can I conclude it will use the default-tcp/udp timeouts?Kind regards

mr.linus by L4 Transporter
  • 8161 Views
  • 5 replies
  • 0 Likes

OpenVPN support on Palo gateways?

Palo gateways have supported ipsec site to site vpn for a long time. Do they also support acting as an OpenVPN gateway? I dont mean openvpn passthrough to a backend. I mean actually being the Openvpn endpoint.

Resolved! Found a PA 200 in the trash

Hi, i found a PA 200 in the trash, it works fine, is it viable to use it as a firewall. I don't have access to any support at all. Not even a os update of some kind. And is there any way i can get said update. Have a great day.

RobFut by L0 Member
  • 2059 Views
  • 1 replies
  • 0 Likes

revert but not the config

Is there a way to "revert" via cli? I don't mean config changes either, I mean like the following places: 1. Network > Interfaces > Ethernet1/1 2. Device > Setup > Management I'd like to script out reverting these.

RobertShawver_0-1658516753160.png
RobertShawver_1-1658516827275.png

Resolved! Port Shutdown

I don't think there is, but just double checking. Is there anyway via GUI or CLI to shutdown a port on the Palo? There are times when I would like to do some configuration, such as sub-interfaces and so on to an aggregate group that is plugged into the core switches. At times this can cause an issue so I would like to be able to shut the por...

We cannot export the metadata, when you are in the FW, in the Global protect section, it does not allow you to enter the IP or the Vsys.

Hello, We cannot export the metadata, when you are in the FW, in the Global protect section, it does not allow you to enter the IP or the Vsys. When I select in the Authentication Profile, the profile from which I want to export the data, and I select the Globalprotect Service, it does not automatically show the VSYS,and select the Globalprote...

Alpalo_0-1658385538610.png
Alpalo_1-1658385590433.png
Alpalo by L4 Transporter
  • 2773 Views
  • 4 replies
  • 0 Likes

Access denied

Hello Palo Alto Community , I have problem in communcating betwen Fire wall and Domain Controller (ldap).Status show me Acces Denied on Server Monitoring,i try change user roles to fix it , but again show me the same status Acces Denied . Please help me !

Global Protect on IOS Always ON VPN sanity check

I've had a Palo Alto case open for almost 9 months now that appears to have devolved into a finger pointing match between Apple and PAN and I'm going to have to make some decisions here, I don't know if anyone else uses that functionality or not. Apple re-wrote the VPN APIs around IOS version 12.1 where they only allow "Connect on demand" (AKA ...

WMI access denied in System Logs but Device > User Identification shows connected on all DC's

Hello, I've seen on my Palo Alto 3220 system logs dashboard applet a ton of Access Denied messages regarding our domain controllers. However if I go over to Device > User Identification, all 4 of our DC's there are listed as connected in green. All 4 are Microsoft Active Directory, WinRM-HTTP. If they are green and connected there, why am ...

ksauer507 by L3 Networker
  • 24035 Views
  • 3 replies
  • 0 Likes

Access Denied (Server Monitor)

I configured the Base name and bind name properly but we facing the following error in putty “pan_user_id_win_get_error_status(pan_user_id_win.c:1130): WMIC message from server AD-Monitor: NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied” and “pan_user_id_win_wmic_log_query(pan_user_id_win.c:1439): log query for AD-Monitor failed: NTSTATUS: NT...

shafi.md by L0 Member
  • 38289 Views
  • 5 replies
  • 1 Likes

schedule security rules

I have 2 security rules, one needs to run office hours and one needs to run non-office hours. If the tcp session remains (not closed) can the same traffic use different security rules based on time ? or because the tcp session remains and it will stick with the current rule and never use the other security rule even the time changes?

issues using aka.ms in a firewall rule

Microsoft makes extensive use of the name aka.ms to map to thousands of IPs in its Akamai content delivery network. I find that i have issues trying to use FQDN host object aka.ms in a firewall rule. Many times traffic doesnt hit the rule. I suspect its because Palo's periodic update of its IP table for aka.ms misses some of the addresses in use...

Install a single Host Defender (twistcli)

Install defender failing sudo ./twistcli defender install standalone host-linux \--address https://<CONSOLE> \--user <USER> Ref : https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_defender/install_host_defender Error: ./twistcli: line 1: syntax error near unexpected token `<'./tw...

karthik by L0 Member
  • 2924 Views
  • 1 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks