General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

OpenVPN support on Palo gateways?

Palo gateways have supported ipsec site to site vpn for a long time. Do they also support acting as an OpenVPN gateway? I dont mean openvpn passthrough to a backend. I mean actually being the Openvpn endpoint.

Resolved! Found a PA 200 in the trash

Hi, i found a PA 200 in the trash, it works fine, is it viable to use it as a firewall. I don't have access to any support at all. Not even a os update of some kind. And is there any way i can get said update. Have a great day.

RobFut by L0 Member
  • 2091 Views
  • 1 replies
  • 0 Likes

revert but not the config

Is there a way to "revert" via cli? I don't mean config changes either, I mean like the following places: 1. Network > Interfaces > Ethernet1/1 2. Device > Setup > Management I'd like to script out reverting these.

RobertShawver_0-1658516753160.png
RobertShawver_1-1658516827275.png

Resolved! Port Shutdown

I don't think there is, but just double checking. Is there anyway via GUI or CLI to shutdown a port on the Palo? There are times when I would like to do some configuration, such as sub-interfaces and so on to an aggregate group that is plugged into the core switches. At times this can cause an issue so I would like to be able to shut the por...

We cannot export the metadata, when you are in the FW, in the Global protect section, it does not allow you to enter the IP or the Vsys.

Hello, We cannot export the metadata, when you are in the FW, in the Global protect section, it does not allow you to enter the IP or the Vsys. When I select in the Authentication Profile, the profile from which I want to export the data, and I select the Globalprotect Service, it does not automatically show the VSYS,and select the Globalprote...

Alpalo_0-1658385538610.png
Alpalo_1-1658385590433.png
Alpalo by L4 Transporter
  • 2815 Views
  • 4 replies
  • 0 Likes

Access denied

Hello Palo Alto Community , I have problem in communcating betwen Fire wall and Domain Controller (ldap).Status show me Acces Denied on Server Monitoring,i try change user roles to fix it , but again show me the same status Acces Denied . Please help me !

Global Protect on IOS Always ON VPN sanity check

I've had a Palo Alto case open for almost 9 months now that appears to have devolved into a finger pointing match between Apple and PAN and I'm going to have to make some decisions here, I don't know if anyone else uses that functionality or not. Apple re-wrote the VPN APIs around IOS version 12.1 where they only allow "Connect on demand" (AKA ...

WMI access denied in System Logs but Device > User Identification shows connected on all DC's

Hello, I've seen on my Palo Alto 3220 system logs dashboard applet a ton of Access Denied messages regarding our domain controllers. However if I go over to Device > User Identification, all 4 of our DC's there are listed as connected in green. All 4 are Microsoft Active Directory, WinRM-HTTP. If they are green and connected there, why am ...

ksauer507 by L3 Networker
  • 24252 Views
  • 3 replies
  • 0 Likes

Access Denied (Server Monitor)

I configured the Base name and bind name properly but we facing the following error in putty “pan_user_id_win_get_error_status(pan_user_id_win.c:1130): WMIC message from server AD-Monitor: NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied” and “pan_user_id_win_wmic_log_query(pan_user_id_win.c:1439): log query for AD-Monitor failed: NTSTATUS: NT...

shafi.md by L0 Member
  • 38523 Views
  • 5 replies
  • 1 Likes

schedule security rules

I have 2 security rules, one needs to run office hours and one needs to run non-office hours. If the tcp session remains (not closed) can the same traffic use different security rules based on time ? or because the tcp session remains and it will stick with the current rule and never use the other security rule even the time changes?

issues using aka.ms in a firewall rule

Microsoft makes extensive use of the name aka.ms to map to thousands of IPs in its Akamai content delivery network. I find that i have issues trying to use FQDN host object aka.ms in a firewall rule. Many times traffic doesnt hit the rule. I suspect its because Palo's periodic update of its IP table for aka.ms misses some of the addresses in use...

Install a single Host Defender (twistcli)

Install defender failing sudo ./twistcli defender install standalone host-linux \--address https://<CONSOLE> \--user <USER> Ref : https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_defender/install_host_defender Error: ./twistcli: line 1: syntax error near unexpected token `<'./tw...

karthik by L0 Member
  • 2972 Views
  • 1 replies
  • 0 Likes

PAN-OS User-ID Issue and Workaround

I upgraded to PAN-OS 10.0 yesterday and encountered an unusual bug when pushing out a config to my 3220. I opened a case, but figured I would post it here as well, but don't expect screenshots. Symptom: After the Panorama upgrade a commit to the 3220 was giving the following error: Need to config WMI account and password for querying Microsoft ...

  • 24404 Posts
  • 123 Subscriptions
Top Solution Authors
Labels