This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Access denied

Hello Palo Alto Community , I have problem in communcating betwen Fire wall and Domain Controller (ldap).Status show me Acces Denied on Server Monitoring,i try change user roles to fix it , but again show me the same status Acces Denied . Please help me !

Global Protect on IOS Always ON VPN sanity check

I've had a Palo Alto case open for almost 9 months now that appears to have devolved into a finger pointing match between Apple and PAN and I'm going to have to make some decisions here, I don't know if anyone else uses that functionality or not. Apple re-wrote the VPN APIs around IOS version 12.1 where they only allow "Connect on demand" (AKA ...

WMI access denied in System Logs but Device > User Identification shows connected on all DC's

Hello, I've seen on my Palo Alto 3220 system logs dashboard applet a ton of Access Denied messages regarding our domain controllers. However if I go over to Device > User Identification, all 4 of our DC's there are listed as connected in green. All 4 are Microsoft Active Directory, WinRM-HTTP. If they are green and connected there, why am ...

ksauer507 by L3 Networker
  • 24136 Views
  • 3 replies
  • 0 Likes

Access Denied (Server Monitor)

I configured the Base name and bind name properly but we facing the following error in putty “pan_user_id_win_get_error_status(pan_user_id_win.c:1130): WMIC message from server AD-Monitor: NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied” and “pan_user_id_win_wmic_log_query(pan_user_id_win.c:1439): log query for AD-Monitor failed: NTSTATUS: NT...

shafi.md by L0 Member
  • 38424 Views
  • 5 replies
  • 1 Likes

schedule security rules

I have 2 security rules, one needs to run office hours and one needs to run non-office hours. If the tcp session remains (not closed) can the same traffic use different security rules based on time ? or because the tcp session remains and it will stick with the current rule and never use the other security rule even the time changes?

issues using aka.ms in a firewall rule

Microsoft makes extensive use of the name aka.ms to map to thousands of IPs in its Akamai content delivery network. I find that i have issues trying to use FQDN host object aka.ms in a firewall rule. Many times traffic doesnt hit the rule. I suspect its because Palo's periodic update of its IP table for aka.ms misses some of the addresses in use...

Install a single Host Defender (twistcli)

Install defender failing sudo ./twistcli defender install standalone host-linux \--address https://<CONSOLE> \--user <USER> Ref : https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_defender/install_host_defender Error: ./twistcli: line 1: syntax error near unexpected token `<'./tw...

karthik by L0 Member
  • 2940 Views
  • 1 replies
  • 0 Likes

PAN-OS User-ID Issue and Workaround

I upgraded to PAN-OS 10.0 yesterday and encountered an unusual bug when pushing out a config to my 3220. I opened a case, but figured I would post it here as well, but don't expect screenshots. Symptom: After the Panorama upgrade a commit to the 3220 was giving the following error: Need to config WMI account and password for querying Microsoft ...

panorama opt/pancfg full,how to clear .

the customer find the panorama could not push new config file to firewall,check the disk space,find the opt/pancfg space avail is 0.so they reference aritcal kb,clear some file in the opt/pancfg.include :GUI: Panorama > Software => Delete the old software which is unused by using the "x" button on the last columnGUI: Panorama > Dynamic ...

Felixcao by L3 Networker
  • 14026 Views
  • 3 replies
  • 0 Likes

Global Protect doesnt connect to any portal after connecting to a client certificate authentication portal

There's portal A without client certificate auth There's portal B with client certificate auth, when i do the following: Successfully connect to portal A, Successfully connect to portal B, select a certificate and all of that, Now im no longer allowed to connect to portal A, or any other portal thats password based, only to portal B. (The only...

Resolved! Commit "Change Summary"

Hi All,We have upgraded the Panorama to 10.1.5-h1 version succesfully. After upgrade we have faced two issues with this new version as described below;The Frist one; On the commit windows "Change Summary" button cannot be clicked. We have tried different browsers but it's same on all.Second one; When we search an item via "Global Find" to direct...

ChangeSummary.PNG

Support portal error

Hi everyone! I work in PA's partner company and we have customer support portal account. But recently I'v started to get error after log in on the portal. This error is shown in an attachment photo. I wrote to nextwave support but I haven't received any answewr yet besides that "ticket has opened and we will respond you". I still haven't recaive...

1.jpg
Mishin by L1 Bithead
  • 4141 Views
  • 3 replies
  • 0 Likes

Global Protect Linux Custom HIP Check - Process

My client is looking to perform additional validation on systems connecting to their Global Protect gateways to ensure they are company owned systems. They use BigFix to manage their endpoints and they know if the Linux client is running the BigFix process it is running a company deployed image. They would like to create a custom HIP check to id...

  • 24386 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks