This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4244 Views
  • 0 replies
  • 0 Likes

GlobalProtect multiple gateways

Hi All, Similar to a Cisco ASA tunnel-group configuration where we can have different VPN configurations using the same public IP, I wonder if similar configuration can be achived on Palo Alto. My objective would be to configure different gateways using the same public IP address, however i haven't yet grasp how can i specify which gateway to us...

ipsec question

Hello,Do I need a tunnel interface for site to site vpn ? If yes How can I do that and what is the benefit Thanks

tifotano by L0 Member
  • 1871 Views
  • 1 replies
  • 0 Likes

destination port in PBF

Is there an option to define destination port in PBF. Now if a service is selected, PA applies PBF if source or destination has that port.I am looking for a PBF which should match only if destination port is 80.

ceapen01 by L2 Linker
  • 2585 Views
  • 3 replies
  • 0 Likes

Dynamic updates not working after RMA replacment - Download Error Problem with local SSL certificate

We recently got a RMA replacement in for a failed PA5250 in HA but we are now noticing that Dynamic updates are not downloading and installing. We get a message in the Panorama Job Schedules section stating "Failed to upload image. Device msg:'Failed to download panup-all-antivirus-3977-4488. Download error:Problem with the local SSL certificate...

cruz77 by L1 Bithead
  • 2413 Views
  • 1 replies
  • 0 Likes

Resolved! Always on Global Protect

Hello All, Looking to get advice on this topic. The idea is to have the users connect via a VPN tunnel regardless of their location, internal LAN or working from home, etc. I need to make it easy on the users so its to a burden, e.g. having to authenticate to the vpn after logging into heir workstations with similar creds. I'm thinking of someth...

Resolved! How to find a URL for session_end_reason eq decrypt-error

I have SSL Decryption and URL Filtering implemented and I see lots of decrypt-errors listed as session_end_reason. Is there a way to see the exact URL that the user was attempting to connect to? That way I can troubleshoot the site and see if an exclusion is needed. Version 9.1.10

exclude a network from static route

Is it possible to exclude a network from static route. For eg I have static route 10.20.0.0/16 to the core-switch.unfortunately my management network (including PA) is 10.20.200.0/24I dont want traffic to 10.20.200.0/24 going to core switch. just exclude that network from the route. As it's directly connected to PA, it should take that path by ...

ceapen01 by L2 Linker
  • 4181 Views
  • 3 replies
  • 0 Likes

Knowledge sharing: IP and user TAG Mappings redistribution for DAG / DUG

Hello to All, I see a lot of questions about redistributing IP and user TAG Mappings from Panorama or a firewall to other firewalls. In version 10 this is possible but in older versions only the user id can be be redistributed and maybe a REST/XML API script is needed to take the mappings(tag and IP or user) from Panorama/Palo Alto and uploa...

LDAP-S Authentification failed (LDAP-S with TLS1 ?)

Hi, while using LDAP-S (port 636) on a PAN Firewall for a connection to an active directory on a Windows Server 2019 I have the problem that the Firewall just can't connect. If I try the "test" command for testing the authentication profile I get this: Authentication to LDAP server at [....] for user "ldap"Egress: [.....]Type of authentication: ...

maximum length of TACACS User ID

We use TACACS+ server for admin authentication. Is there a limit on the length of an ID? I have one that is 40 characters (we use email IDs). Getting an auth-success log message for this user, but then a Critical "create-admin-acct-error" message: Failed to create local user account for admin user: <40 character email>

cdwing by L1 Bithead
  • 3186 Views
  • 2 replies
  • 0 Likes

PRTG monitoring thresholds

Hello, i am implementing PRTG and monitoring my PAs. We can monitor CPU, Disk free and Memory. My question is which should be the thresholds and how to react?

PaloAlto_LiveCommunity.PNG

Authentication Policy for non-HTTP traffic - Remote Access users.

Is possible to use Authentication Policies for non-HTTP traffic (using the Global Protect client), and specifying LDAP authentication? All examples I have found are related to MFA, and I would like to know if it is possible to authenticate RA users using the Local Database, and then add an authentication policy (for specific destinations) using ...

interest in a MineMeld ESXi 6.5 OVA?

I have a working OVA of MineMeld installed on Ubuntu 18.04 server. One of the guys here where I work put in a ton of hours getting it installed and working. Is anyone interested in getting a copy. If so does anyone know a good repository to put it?

Mattk by L2 Linker
  • 2665 Views
  • 1 replies
  • 0 Likes
  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks