General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Kerberos SSO for Captive Portal

Been working through options for gathering userID data on non-domain-joined machines lately, so here's another complete option using Kerberos (krb) SSO.

Create a user in AD (my example, username: krb.palo), check the boxes for:

User cannot change pass

...

Resolved! Best practice to write an application based policy whith some ports different from standard

Hello,

I would need to write a policy to allow Oracle connection on specific servers.

Unfortunately I have some Oracle instances that don't use the standard TCP 1521 port.

How can I handle this problem writing just one rules that matches all my destinat

...

Resolved! user-id not mapping

Hello community,

I'm facing an issue with user-id agentless.

i did the following configurations

Create LDAP Server Profile
LDAP/Group Mappings configured on FW
User-ID Group Mapping Settings.
server monotoring is connected
Include network set
User ID on

...

Resolved! about session offload

Hello

the purpose is to minimze the cpu consomption but in wich way ?

how the offload work exactly?

thank's

Resolved! Log collector drive bays question

Hey all,

I need to replace a disk on a Palo Alto M600 log collector There are no disk labels on the device. Could anybody here confirm which bays are A1/A2 and B1/B2? I've attached a photo. I'm guessing A1 starts the top left but I' not sure.

#m600

Resolved! Missing PANGPS Virtual Ethernet Adapter

When launching Global Protect for the first time, the computer will prompt for the portal to connect to. The portal information will be enter and when hitting connect it will only display "Connecting...". It will not get to the username and password

...

How to access Management interface through host name

I want configure wild card certificate to management interface through SSL/TSL profile. so i want to access this management interface through host name. how to configure this on Palo alto.

Decrypted flag under Monitor Logs

Is it normal to see Decrypted flag as yes even when there is no decryption policy configured.

So what traffic will PA decrypt even when there is no decrypt policy?

Resolved! Error in parsing xml response

Trying to log into my FW, and keep getting this message

Hardware Features on Entry Level Devices

PaloAlto Needs to consider some physical features to be included in the SMB sector cleints. A competitor is preferred because of including more ports in their entry level devices including SFP (10GE) slots

Resolved! Captive portal not working in Chrome and Edge after updating to PAN OS 10.1.2

Hi All,

I have an issue where captive portal isn't working in Chrome 92.0.4515-159 and Edge 92.0.902.84 after updating to PAN OS 10.1.2. Captive portal is still working in IE 11 and Firefox 91.0.2 though.

Receiving the below error in Chrome and a sim

...

Resolved! QoS - Is "Real-Time" Priority a Strict Priority Queue?

So I have two questions regarding PAN QoS when you use class 1 (or any class) and configure it with a priority of "real-time".
1) I assume Real-Time makes it a priority queue. Is it a STRICT priority queue? (Meaning that whatever you set that rate for

...

Thanks in advance.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Kerberos SSO for Captive Portal