This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4466 Views
  • 0 replies
  • 0 Likes

Palo alto certificate error?

hi all, I am using PA-850 and configure certificate decryption. I am having the problem with this. when I configured to decrypt for any source, client would get the error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH", and could not access to any websites. But when I configured to decrypt some client only in source, it worked well. I dont know if It was...

Chivas by L2 Linker
  • 9900 Views
  • 9 replies
  • 0 Likes

Firewall stopped sending traffic to internet from trust zone, after upgrade from 10.1.3 to 10.1.5h2

I have upgraded 3 set of palo alto PA-3220 (3 pairs) to 10.1.5h2.Two set works good without any issue.When upgrade completed with last set, the active firewall stopped sending traffic from trust zone to internet, though it has all valid routes in it. Post I shifted all traffic on secondary firewall and all started working.This is the issue I am ...

Gitesh by L0 Member
  • 2146 Views
  • 1 replies
  • 0 Likes

User to IP mapping for LAN with computer on hybernet/sleep

I have Palo Alto firewall and implemented the user ID in our environment. I am looking for some help on specific use case. I am hoping to get some answers/guidance for the same. Firewalls : PA-820/850 as well VM-300PAN OS : 9.1.13-h3/9.1.9 I have install the windows based user ID agent on couple of servers. Windows Server OS : Server 2019 Standa...

Some users have pre-populated usernames in global protect VPN client

Hi all, I was wondering if anyone else has seen this. There are about 3 users that I know of that are having user credentials pre-populated in global protect that are incorrect for the VPN login. We can't seem to clear this, and even if we do a restart, the credentials are populated automatically. I've tried registry tweaks, taking the global...

Palo Alto content apps update 700 800 compatibility 8.0.X

Palo Alto content update 700-800 compatibility 8.0.XHello good evening, thanks as always for your support, we have the following case:-A device firewall version 8.0.X was manually installed a content update of Apps, current version 8563-7374.-After that it is not possible to finish a commit, we went back to a configuration backup and the same er...

Metgatz by L4 Transporter
  • 2048 Views
  • 1 replies
  • 0 Likes

Resolved! How to import Address Objects in CSV to PA Firewall

Dear all, Can some one guide me on how I can import IP address in bulk to PA FW? These days I am getting a huge number of IPs and URLs which needs to be blocked on the Firewall end. For the URLs we can do the import. But how to do the same for IPs? I tried the CLI method mentioned in this URL 'https://www.analysisman.com/2020/11/pan-import-csv.h...

Cannot log into firewall if authentication profile specifies an AD group instead of AD username

So last Thursday we upgraded our PA-5220s from 9.1.10 to 10.1.5-h1 and everything went incredibly well - absolutely no issues during the upgrade. About 15 hours after the upgrade was complete, we suddenly could not log onto the firewalls with our LDAP credentials. Typically we have an AD group specified in the Authentication profile we use for ...

WinCo by L0 Member
  • 4960 Views
  • 1 replies
  • 0 Likes

PAN-OS 10.2 : filter incoming OSPF routes

Hi, We are trying to setup OSPFv2 between a PA-5220 in 10.2 and a Cisco ACI Fabric with "Advanced Routing" enabled.For now, we are able to advertise routes to our ACI Fabric, we can filter outgoing advertisement but we are unable to filter incoming routes. We tried with RIB Filter - OSPFv2 without success (https://docs.paloaltonetworks.com/pan-o...

EmilienRichard_1-1652344524666.png
EmilienRichard_3-1652344694867.png
EmilienRichard_4-1652344728564.png

Upgrade PA stuck

Hi All, We try to upgrade PA5220 and it has been stuck quite long time. We tried to upgrade to 10.1.5h2 from 10.1.0. Any possible reason might cause of it?

403 Forbidden

I've run into a strange issue with the following website https://dvir-prod.aws.drivecam.net. When Users attempt to access it they are getting a 403 Forbidden. I'm not seeing an drops in the logs, and the packet captures don't point to anything either. I have to two 5520's in an HA pair and I forced the Active to Standby in the hops that it migh...

Remove a site from from Palo Alto's blacklist

My client's site, a Canadian site that prepares school supply kits, edupac.ca was hacked badly a few months ago. But we manually removed all malware files. We abandoned the original infected file base, restoring from backups, and now the code base is a clean version from before the hacks. EduPac is an established company for over 20 years. I am ...

Resolved! Palo Alto rejecting one route

I'm having trouble seeing one route in my RIB and FIB. My BGP peer shows it is advertising the route to the Palo Alto, however I see the following when showing the peer at the PAN:sstadmin@200-PFW-01> show routing protocol bgp peer peer-name DMVPN-RouterPrefix counter for: bgpAfiIpv4 / unicastIncoming Prefix: Accepted 49, Rejected 0, Policy R...

Resolved! Security policies not matching traffic

Hello! I am having quite a few strange behaviors from the Palo Alto firewalls. I have a rule for an entire subnet (10.209.82.0/24) to be allowed from inside to outside zones via any port to any IP address yet there is still somehow traffic being denied. Obviously, this isn't the greatest from a security perspective, but I arrived there out of fr...

Resolved! Possiblility of getting locked out of web interface?

Currently, I'm using a local administrator account on the firewall (no Panorama), but I want to configure authentication between it and active directory. I went through Palo's guide for setting up Kerberos (I read that this is preferred over LDAP due to its increased security, but please chime in if you disagree), but I'm worried about the chanc...

JanayE by L0 Member
  • 3227 Views
  • 1 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks