This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4123 Views
  • 0 replies
  • 0 Likes

GlobalProtect IOS stuck

Good day, After updating to10.2.1 and 6.0.2 GlobalProtect client I could not connect to VPN.The problem was occurred for one endpoint. So I used the second one to connect and update the client. Also the DNS(for split tunnel) was not work. I had to make "virtual change", just to press the OK button and commit. After that DNS was working. Also the...

Pantelis by L1 Bithead
  • 17555 Views
  • 20 replies
  • 0 Likes

Resolved! Question about my post rejection at VirusTotal Discussions

I tried 3 times to submit a false positive on https://live.paloaltonetworks.com/t5/virustotal/bd-p/VirusTotal_Discussions My post follows the format below: File Hash: <SHA256 hash> Link to Virustotal report for the file: <link> Current VirustTotal Verdict: <verdict> Description: <description> The administrator rejecte...

woeruw by L2 Linker
  • 2376 Views
  • 2 replies
  • 0 Likes

Resolved! Licensing and install questions for Azure

Hello- I have a few questions regarding installs in Azure tenants regarding products and licensing. My understanding is that we can install either the VM-based model of NGFWs in Azure or the SaaS model, correct? If so, do both/either of those two require Panorama for management? Both VM-based models and SaaS models require licensing? If I h...

beakkenn by L0 Member
  • 812 Views
  • 2 replies
  • 0 Likes

Palo Alto Dual ISP, ECMP enables the external interfaces and enables IPSEC VPN tunnels

Palo Alto Dual ISP, ECMP enables the external interfaces and enables IPSEC VPN tunnels. Good afternoon, as always, thanks for the collaboration and support. A few doubts, We currently have an PA configured with ECMP, for outbound to the Internet, with two different ISPs. We plan to configure a Site to Site VPN, with each of the ISP. Here a...

Metgatz by L4 Transporter
  • 7021 Views
  • 5 replies
  • 0 Likes

Resolved! Dynamic Administrator Authentication based on Active Directory Group rather than named users?

Hello, We have an environment with several adminstrators from a rotating NOC. With the current LDAP method to my understanding we have to manually add the administrator name to the PA administrators list before login will work (e.g. jdoe). We would like to be able to tie it to an AD group (e.g. "Firewall Admins") so anyone who is a member of tha...

jgrote by L1 Bithead
  • 11333 Views
  • 9 replies
  • 1 Likes

Resolved! Migrating Cisco multi-contexts into one vsys Palo Alto firewall

Hi there, We are looking to migrate a Cisco ASA 5545 with two contexts (Internet and LAN) to a PA-1420. We don't have a multi-vsys license, so everything needs to be merged into a single vsys. We’ll be managing the PA locally (no Panorama) and using the Expedition tool for the migration. Is it possible to merge both ASA contexts into one vsys?...

AK74 by L2 Linker
  • 847 Views
  • 2 replies
  • 0 Likes

Google Playstore rule allowed services

Dear Members, Am here a new member, please I wish to know how to allow only the google play store for a specific networks with android devices.If I try to add only google base/play application, other traffics also blocked.Let me know how to allow google play store . Regards, Tiago Marques

tlmarques by L4 Transporter
  • 391 Views
  • 1 replies
  • 0 Likes

Regarding HA ports and PoE ports

Thank you for your continued support. Please allow me to confirm the following. ① The PA-400 and PA-500 series do not have HA ports. However, we are assuming that the regular ports will be used as HA ports. In that case, are two HA ports required? Currently, we are using 8 ports (1 port for HA), so we understand that a device with 9 or more ...

Prisma Access and Microsoft Tenant Restrictions

Hello All . Been wrestling with this for a week . My starting point is to only allow connections to the entra joined domain for e,g, fred.onmicrosoft.com . The rational is DLP - if I go to my browser and attempt to logon to another enterprise - dave.onmicrosoft.com it is blocked. This is not consumer BTW - home tenants are blocked with t...

Restrict Microsoft365 tenant

Hi, To restrict access to specified Microsoft 365 tenant (allow company M365 tenant only), I have tired to follow below link for configuration. Using HTTP Header Insertion For Sanctioned Access To Office365 ... - Knowledge Base - Palo Alto Networks But it's didn't work. Users still available to logon with personal M365 account. Since URL i...

Resolved! Trendmicro application identified as "ssl" despite of proper SNI, CN, SAN.

We have the Trend Micro agent installed on the endpoints, and it is running smoothly. However, the application is still being identified as "ssl", even though the packet captures show the correct SNI value in the Client Hello. In the Server Hello, both the SAN and CN fields contain multiple wildcard entries ending with *.trendmicro.com. The URL...

Setting up a ION device in Azure

Hello, We have 3 branch sites and we want to deploy a virtual ION device within our Azure tenant to connect it like another branch site. 1 - Is that possible? I see PA ION devices within Azure to deploy but I am not sure if it will accomplish what we want it to do. 2 - (If we can do 1) Is there any documentation on best practice setup for ...

Resolved! User ID agent not starting.

I am setting up backup user-id agent 8.1.10-2 on Windows 2016 Standard server.I have given all the required access to the user-id agent admin account but its not working / refusing to start.I am using the same credential on existing UID agent 7.0.8-13 running on Windows 2008 R2 and it runs fine. I attaching error messgae when starting UID servic...

Capture.JPG
Nischal by L2 Linker
  • 25207 Views
  • 12 replies
  • 2 Likes

Shared Pool Memory Allocation failure

Hi Team, I got 5 devices which are experiencing Shared Pool Memory Allocation failure at the same time displaying by a SIEM. So , I already shared the potential cause of the issue as you can see below : The sslmgr daemon attempted to perform an action (certificate validation) before completing its initialization.This typically occurs when:The ...

F.Pinar by L3 Networker
  • 664 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks