This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4151 Views
  • 0 replies
  • 0 Likes

LDAPS Falling back to LDAP

Our firewalls are configured for LDAPS on port 636 to our Windows DC. We have the require SSL/TLS option checked in the LDAP settings window. The useridd log shows: 2022-03-22 14:42:09.136 -0700 connecting to ldap://[dcserver]:636 with StartTLS...2022-03-22 14:42:09.140 -0700 connecting to ldaps://[dcserver]:636 ...2022-03-22 14:42:09.164 -0700 ...

Device Certificate Issue

Hi Team, We are facing an issue with the device certificate. I have generated that OTP in the CSP portal and imported it into the firewall after I am facing the below issue "Failed to fetch device certificate. Failed to send a request to the CSP server. Error: Operation timed out after 60000 milliseconds with 0 bytes received." Attached the scre...

AhamadullahM_1-1648729460922.png

Adding ping/icmp as a service, or configure "Application Default" under service

Simple question: Can a service for icmp/ping be created, or should I just configure "Application Default" under Service? We have ping/icmp defined under Application, but we also have specific services configured also and ping will not work, falls to the clean-up rule. It's my understanding that if you have specific applications configured that o...

Resolved! URL Category Any

Is there any body has got URL Category Any?I check the URL List document and there is no Any category.Also, I had find a category called "uncategory".Will Allow/Block List IP addresses will be categoried in "uncategory"?What's the difference between Any, unknown and uncategory?

Resolved! SAML authentication broke after upgrading to pan os 10.1.4-h4

After the upgrade of Pan-OS from 9.1.11 to 10.1.4-h4 last night, our SAML authentication does not work. We have a setup to authenticate the administrators logging into firewall using a SSO SAML profile which redirects to okta and we get authenticated over there.It was working totally fine with the 9.1.11 version but as soon as I upgrade to 10.x ...

Akhil_B by L2 Linker
  • 3892 Views
  • 1 replies
  • 0 Likes

MineMeld behind proxy server - Using docker

I am trying to use a proxy for MineMeld Internet connectivity, and I have assigned proxy settings to the container instance. For some reason, it is not working and I probably need to especifically set proxy settings in the MineMeld application, but I am struggling to do it. We are running dockers on SLES. Any idea about how to maki this work? Th...

version 10.2.0 upgrade issue

Dear Support crew,we have two PAN-3220. Our devices are HA. We received advanced evaluation package licenses for the devices, but my device operating system was 10.0.3 so the advanced licenses are only installed on PANOS 10.2.0.According to the release note, we upgraded PANOS devices to 10.2.0 and after 24 hours, our primary device had problem. ...

Not able to view threat log on both GUI and CLI of the firewall

Hi Folks, We have PA-220 running on PAN-OS 10.0.6. Upon checking the Threat logs via GUI no threat logs are visible . So we had checked on the CLI of the firewall for any threat logs but no luck. The firewall have all the required licenses. 13 percent disk space quota is allocated for the Threat logs. The disk space utilization is also healthy. ...

Clientless VPN getting worse with each PANOS ver

Timeline of my struggles: Somewhere between 10.1.0 and 10.1.4 the clientless VPN stopped showing icons for each app not super big deal because the apps still worked but after trying a couple upgrades... 10.1.5: brings the icons back! but now the apps themselves do not work at alltrying by IP to rule out DNS issuestrying with https in case its so...

hshawn_0-1648251082166.png
hshawn_1-1648251180854.png
hshawn_2-1648251223066.png
hshawn by L4 Transporter
  • 4854 Views
  • 4 replies
  • 1 Likes

Resolved! View debug status

Hi,I come from Cisco background and getting familiar with Palo Alto firewalls. My query is about checking any debug running on the box and how to turn it off. In case of Cisco, show debug will show any active debug(s) and undebug all would turn it off. Please advise the equivalent in PAN-OS. In PAN-OS few debug commands that I am aware of are he...

enable rules for MS Teams

Hello to everyone! This is my first topic))Gents, need your help to enable MS Teams for user w/o internet access.Need for users w/o authentication could start video conference in teams. I added teams.microsoft.com to enabled address, also created MS Teams group in application groups, but Teams still working only after authentication on PA. P.S. ...

Palo Alto Configuration Change

Hi, Long time lurker here.I need some directions with a project I am preparing.The project adapts the way we communicate with the internet. This means preparing PBF rules, NAT rules, quite some objects(100+) and groups (10+) and also adapting the way the security rules interact with the zones. All this is quite some configuration change and I wa...

sopa by L0 Member
  • 2009 Views
  • 2 replies
  • 0 Likes

PAN-OS 9.16 SMB Issues - mapped network drives.

Hello all,Please be advised, there is a current issue with PAN-OS 9.1.6 which seems to break anything SMB related, e.g. mapped network drives. Sessions have an end reason of "incomplete" and go into state "aged out" in the session table. After doing a packet capture, i found firewall dropping packets with info Negotiate Protocol request - SMB R...

  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks