This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

site to site VPN on TP-link --- PALO ALTO ---- AWS

As of now STORE router/POS1 able to reach the head office(PALO ALTO) via site to site VPN and HeadOffice(PAN) to AWS also working via site to site VPN. But our main goal is that POS1/Store able to reach the AWS network. As of the momment POS1 not able to reach the AWS networks. I already tried to add a route on the PAN from Store network going t...

IPSEC S2S store to HO to AWSrev1 .jpg

global protect connectivity issue (version 5.2.10)

Hi Team, We have facing the connectivity issue on GP Agent 5.2.10. After turning off the windows firewall, it's connecting. Please let us know how we can achieve this without disabling the windows firewall. Because in earlier versions of GP client we have never asked users to follow this method and it’s not recommended to turn off the windows fi...

VishnuPS by L3 Networker
  • 2973 Views
  • 2 replies
  • 1 Likes

User-ID Agent not mapping users

Hello, Im trying to configure User-ID Agent. Dedicated users is created, with details acroding to: Create a Dedicated Service Account for the User-ID Agent (paloaltonetworks.com)Agent version: 10.0.4-23Agent is installed on Windows Server 2019.DC's are on Windows Server 2019.All is up to date. This is the status of the agent: But still this is...

mgwozdz_1-1644489742592.png
mgwozdz_2-1644489787346.png
mgwozdz by L1 Bithead
  • 2573 Views
  • 1 replies
  • 0 Likes

Path Monitoring Static Routes

Hello All, For some locations we have 2xISP setup, since we have no dynamic peering with any of those, we do a default static route via each of those. Having 'ECMP/Source IP hash' enabled it works just fine in a lab. We also do path monitoring for each of default route, pining different remote hosts like 8.8.8.8/8.8.4.4 etc. Do we need actual s...

Dynamic DNS Bind server updates from DHCP

Curious if the PA-3220 we are looking to use can dynamically send DNS updates to our Bind9 server whenever a DHCP request is granted from our PA DHCP scope we've setup? I know we can get a linux version of DHCP on our Linux server, but would rather leverage the gui of the Palo for DHCP. We are not a windows environment so windows DHCP and DNS is...

tfleming by L0 Member
  • 3115 Views
  • 2 replies
  • 0 Likes

Decrypted traffic via firewall.

I don't have any decryption policy configured.But I see port -443 traffic has decrypted flag yes in Traffic logs.Is it normal for firewall to decrypt 443 traffic even when there isno decryption policy?PANOS0-9.1.10 VM-300

API URL Logs Issue

In the below code - I"m using the API to query the URL logs. It works great.What isn't returning though is the src.user field, if it's mapped. How can I get this value? Do I need to do a separate query? # Build PAN API Connection and get token pan_conn = pan.xapi.PanXapi(api_username=args.pan_username, api_password=ar...

mehixiyo by L0 Member
  • 2018 Views
  • 1 replies
  • 0 Likes

Apply TS Agent config automatically in FW

Hi, We are expanding our CITRIX platfon in which we have installed a Palo Alto TS agent to monitor. So to avoid introduce manually the TS agent config in Pa (IP, port,etc) each new citrix. Is there any way to send the config to PA to do ir automatically? I was checking and the API can not send this TS config. Any idea? i dont think this is possi...

BigPalo by L4 Transporter
  • 1797 Views
  • 1 replies
  • 0 Likes

FW loses user mapping stop matching rule suddenly

Hi, We are having a strange issue in our FW. User in VPN-SSL reported the stop working. The issue doesnt have any pattern. Random users, random time-range. The issue is solved when the customer force to reconnect the VPN or force pass the HIP check in GPclient. This is what we see in FW monitor logs. The FW stops identifying user and jump the ru...

hipra logs.JPG
BigPalo by L4 Transporter
  • 4621 Views
  • 7 replies
  • 0 Likes

Patching One HA fully then the next.

If patching a HA pair to the next Major version i.e. 9.0.6 -> 9.1.0 is it safe to patch one of the pair all the way to 9.1.0 (minor versions and major versions) And then fail over and do the other firewall to bring that up to latest minor and finally on to the major version. Or should both firewalls be running the same latest minor version ...

GlobalProtect stuck on connecting ( still working ... ) on macOS monterey - 5.2.10-6

Hello, after upgrading to macOS Monterey globalprotect stopped working... i tried to unistal reinstall 20x, firewall of/on, private relay of/on, i did allowed it in security, limit IP address tracking of/on, tried with "spctl kext-consent add PXPZ95SK77" in recovery mode, but im still getting this error:P 800-T29719 02/18/2022 00:35:20:833 Info ...

MBCL88 by L1 Bithead
  • 2747 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect Hip check iOS UDID

I'm looking for some feedback on the UDID HIP check for iOS devices. Currently there is no way to pull serial numbers from the Apple iOS platform unless you connect a compatible MDM solution to the PA. There is however a way to pull the UDID or ( unique device ID) that apple has tagged on each device it builds. I've added that under HIP objec...

Danross_0-1644850516993.png
danoman2 by L3 Networker
  • 7609 Views
  • 4 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks