General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Error when commit

Hello, I get this error message when I try to commit after making a change. Change is just a different IP for syslog server. ANy idea why?

palo error.png

GP on Windows 11 - client certificate issue

Our customer is having issues with GP 5.2.10-6 on Windows 11. They are using client certificates for authentication and after a while a connection fails due to no client certificate present. If we check MMC the certificate is present, valid and has private key. But GP logs say:(P9292-T12792)Error(2290): 05/23/22 07:03:00:014 error = ERROR_WINHTT...

santonic by L6 Presenter
  • 8394 Views
  • 4 replies
  • 0 Likes

Resolved! Agentless User-ID not reading Security Log on AD

I'm pretty new to PA so there may be something obvious that I have missed.The issue I am having is trying to get the Agentless User-ID connecting and reading Security Logs from AD. All the users are coming up as Unknown: show user ip-user-mapping all IP Vsys From User IdleTimeout(s) MaxTimeout(s...

stuart.l by L2 Linker
  • 6821 Views
  • 5 replies
  • 0 Likes

We need a static Nat from one source to a single outside IP using multiple Ports to translate to multiple inside private IPS with same source

We need to create a Policy to allow traffic in from a partner that needs to monitor Our Servers.Outside IP will be one say xx.xx.xx.5 they need to hit 10 diffrent servers on the inside of our network 192.168.1.101-110 THey want to send traffic to 21001 - 21002 and have it changed to 5666 on the inside. i have tried about everythign I can thi...

No Response from the support team

Are you experiencing no response from the support team? I have a critical issue where my firewall is down for more than 24 hours, call multiple times, post messages multiple times but no response and or call back for a mission critical 4 hour support.

Resolved! Tags text box not visible

I'm running PAN-OS 10.0.7 and for the past few days I've noticed the TAGS text box isn't rendering correctly in the web UI. This is a trend among other IT staff, and seems to be common to Chromium-based browsers. My primary browser is Edge 99.0.1150.36. I tried in FireFox 97.0 and the TAGS box renders as expected, but other content does not (I d...

textbox.jpg
tlpitch by L0 Member
  • 10030 Views
  • 9 replies
  • 0 Likes

Resolved! noreply mail not arriving

Hi all,I have a collaborator that is trying to change his password, but when he clicks on "forgot password" link, the portal says the mail is delivered, but he doesn't receive any mail from the "[email protected]".When i do a message trace in 365 Exchange, there's no mail from Palo Alto to the mail desired.I'm sure the mail address is...

Guide for troubleshooting Nats security policies

Looking to see if there is a troubleshooting guide for NATS and for Security Policy rules. Searching has turned up various hits here and there, but not something comprehensive as what cisco has on their site for their docs. Am I just looking in the wrong place? Any other PA sites that have good info besides these boards?

Support portal login error

When I tried to log in to the support portal, getting the below error, earlier I used to login into the portal.UnAuthorized AccessYour membership has expired or has not been approved, please contact Palo Alto Networks Support. my name : Arumugasamyemail : [email protected] 39063271

Change HA pair from Active/passive to Active Active

Hi All, I will be changing one pair of our firewalls from an active/passive pair to an active/active pair. Whilst confident of what is needed and the process I need to take, has anyone ever gone through this process? Was it problematic, time consuming, any gotchas I should know about? Regards Adrian

a.jones by L3 Networker
  • 9724 Views
  • 3 replies
  • 0 Likes

PBF Issue

Hello, i have palo alto with 2 ISP(A and B) and 1 internal connectioni enabled the ECMP + simetric return and ecmp setting IP Modulo.my goal is, force 1 IP segment to ISP B to go to the internet i already setting in PBF, using enforce return simetric but in the the traffic monitor, the user show incomplete application. i assume that it go into I...

Vpnc client region null

Hi all,I'm trying to connect to vpn using vpnc.Everything works fine, but if I restrict the region in the gateway, vpnc does not connect because it is shown as "Client region: (null)"Any experience on this?Thanks

N2Z2 by L2 Linker
  • 2333 Views
  • 2 replies
  • 0 Likes

User-ID with 802.1x problems wired and wireless

Hi all. We have PA-820 with 10.1.2 with User-ID Agent on Windows AD runing version 10.0.4-r23 and we are using Cisco switches for users. We have 802.1x enabled on ports for users. The problem we have is, that PA doesn't recognise users from 802.1x, instead sometimes they are recognised as machines (under Monitor->User-ID), and then it won't a...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels