General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

Happening in June: The Complete Zero Trust Network Security Event

Greetings everyone, Don't miss Palo Alto Networks' Complete Zero Trust Network Security event coming up in June. This event will cover the following points related to the newly unveiled Zero Trust Network Security: Secure access to the right applicat...

seattle-launch-live-community-r2b-1100x120.jpg
jdelio by Community Team Member
  • 479 Views
  • 1 replies
  • 4 Likes

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 18160 Views
  • 41 replies
  • 32 Likes

8.1.4 CP Normalizing

All of our users who auth over CP are now normalizing as 'domain.com\user' although we need them to be user@domain.com. The authentication profile they go through has the %USERINPUT%@%USERDOMAIN% modifier. Domain is filled in & login attribute is 'us...

FQDN refresh problems

Hell guys,We have a problem that the FQDN refresh fails nearly everytime. What I mean with "nearly" everytime is, that there are periods in which the FQDN refresh is running smoothly, and then suddenly it fails again.Example: A few days ago the FQDN ...

Global protect missing routes in clients

Hi, We are having a strange GP issue. We have two users in the same AD group and same configuration. userA: when this user connects to GP, everything is working fine, all the GP access routes are in his route table.userB: when this user connects to G...

jesuscano by L4 Transporter
  • 913 Views
  • 3 replies
  • 0 Likes

Resolved! user if agent and switching between ids

we have configured rules with group mapping using LDAP.We have one user where he switch between user ids and when he trieds to login to server with user id not allowed in list he getsdenied. should he log off and log on as best practice when he switc...

MP18 by Cyber Elite
  • 736 Views
  • 5 replies
  • 0 Likes

Resolved! Unable to export certificates EXCEPT via IE11

Two PA3020s in an active/passive HA pairPanOS 7.1.14 Tested with Google Chrome and Firefox on Linux.Tested with Google Chrome and Firefox on Windows 7. When trying to export a certificate from Device tab --> Certificate Management --> Certificates, n...

fjwcash by L4 Transporter
  • 1738 Views
  • 3 replies
  • 0 Likes

Use MP SSL Session Cache

when i run the below command show system setting ssl-decrypt setting vsys : vsys1Forward Proxy Ready : yesInbound Proxy Ready : noDisable ssl : noDisable ssl-decrypt : noNotify user : noProxy for URL : noWait for URL : yesBlock revoked Cert : yesCert...

MP18 by Cyber Elite
  • 960 Views
  • 2 replies
  • 0 Likes

Resolved! Split tunnel VPN inclusion rule - traffic dropped

Hello Community,I need to allow traffic to come down the VPN tunnel rather than the Split Tunnel.I have addred a VPN tunnel inclusion rule on the GlobalProtect Gateways as described in this article:https://www.paloaltonetworks.com/documentation/80/pa...

000000 by L1 Bithead
  • 507 Views
  • 2 replies
  • 0 Likes

QUIC deny vs drop

Just curious. The recommended QUIC rules set the action to 'deny', but the first rule is for service udp 80/443 any application. Is there a reason this is a 'deny' and not a 'drop'? ReferenceHOW TO BLOCK QUIC PROTOCOLhttps://knowledgebase.paloaltonet...

mike406 by L2 Linker
  • 540 Views
  • 1 replies
  • 0 Likes

Resolved! SSL forward trust option

Hi, We have a certificate generated by RapidSSL as CA. but we can NOT set this certificate as a forward trust certificate to use in Decyption SSL, the option shows disable. Roots is in the list "default trsuted certificate authorities". Why the optio...

1.JPG
jesuscano by L4 Transporter
  • 2287 Views
  • 9 replies
  • 0 Likes

Resolved! Mass creating local-db users from CLI

Hi Community,We wish to add a batch of users to the local database, I'm just wondering if anyone has had experience with scripting this or doing this in batch. With the command "set shared local-user-database user testuser" it requires separate user ...