General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Global Protect not working with RADIUS NPS and LDAP on the same server.

Hello everyone, We have a Firewall configured for Authentication for LDAP and RADIUS NPS. Both works fine when I force the authentication profile using CLI:test authentication authentication-profile LDAP username user passwordtest authentication authentication-profile RADIUS username user password However, when using Global Protect with an Authe...

Globalprotect Smart Card configuration

So my company is working to setup a new PKI infrastructure with smart card logins for the users. I have looked at all the 2FA and associated articles about setting up the VPN but it leaves a lot to the imagination. I followed the steps creating the certificate profile and assigning it to the portal and gateway. But when i test it the issue i arr...

j.bartha by L1 Bithead
  • 7969 Views
  • 4 replies
  • 1 Likes

Resolved! Ping an IPv6 Link local address

Hi, Is it possible to ping a IPv6 link local address from a Palo Alto firewall? If so, what is the syntax on the firewall CLI? I know other platforms allow you to define an outgoing interface when pinging a link local address, but this doesn't look to be available. Thanks in advance.

Ben-Price by L4 Transporter
  • 6712 Views
  • 3 replies
  • 0 Likes

Resolved! Convert a physical interface to an aggregate or add a new aggregate and move associated objects.

I have two PA3050s Active/Active, where I already have E1/12 configured as type Layer 3, no sub interfaces. Is it as simple as doing the LACP configurations on the upstream switches and then converting physical interface E1/12 type to Aggregate, then add in E1/13 as a second member. The existing E1/12 has the following objects associated. 2 NAT...

Old rules can’t edit or can’t create after rules those implemented before create my user account

I’m facing issue to edit or delete in old rules before create my user account in Palo Alto firewall when I login individually but I can do edit and delete old rules from panorama.what will be the issue and those firewall not connected with panorama are ok to edit and delete to old rules those are implemented before create my user account.

Captive portal palo alto issued with chrome

Hi allI use captive portal on palo alto just zone Lan to internet and found issued about chromeMy client have window 7,8 and palo version 8.1Test on firefox need open firefox and click to option for login to internetBut on chorme not option for click and we try to access website https but it can not redirect to webportal to loginAnyone have iss...

Migration FROM PA-850 to PA-3220

Dear:Good afternoon, what is the best migration option from a Palo Alto PA-850 to a PA-3220. Thinking for example to be able to keep the self-signed certificates in the PA-850, used for Global Protect. Based on your expertix and experience, what is the best way to approach this migration.I remain attentive, thank you very much.Best regards

Metgatz by L4 Transporter
  • 2444 Views
  • 1 replies
  • 0 Likes

Resolved! Custom URL category *.github.com not matching/working

I read some posts here about the best way to allow github to only *.github.com IPs and I can't seem to find an easy way to do it. If I do it this way: Source IP – on-prem networks Destination - Any APP ID/Service – github/ssh/ssl/web browsing URL category - Custom category for *.github.com Action - Allow That pretty much allows all traffic ...

drewdown_0-1635537126636.png
drewdown_1-1635537211464.png
drewdown by L4 Transporter
  • 11920 Views
  • 4 replies
  • 1 Likes

Commit Lock

Hey all,Has anyone found a way for a non-superuser to remove a commit lock?I'm aware the official line still seems to be only a superuser can remove the lock, and this is definitely the case in PANOS 9.0 but hoping there might be a way to have this as a role-based permission in later releases (or maybe some from Palo knows that this is actually ...

SARowe_NZ by L3 Networker
  • 3040 Views
  • 1 replies
  • 0 Likes

VM Series validation Failed

where to check to troubleshoot the VM Series issue, as we are getting errors for the VM Series Plugin validation Failed. Please suggest if there are any specific logs or packet capture we have to look into. Error : - Resource-mgr-endpoint is invaild.

VM Series Plugin.png

PA-3260 PAN OS 10.0.7 "Source User" Not Working

Hi - Trying to configure/setup source user however it is not working.I configured my 2 domain controllers under Device\User Identification and added a valid domain account ,they show as connected.All other settings are default , I am not sure what else I need to do. Can anyone help ? Regards

Scott64 by L1 Bithead
  • 2010 Views
  • 1 replies
  • 0 Likes

Cobalt Strike IPs and Application and Threat Updates

PAN provides anti-spyware signatures for Cobalt Strike Payload Traffic Detection and Cobalt Strike Beacon Command and Control Traffic Detection that are automatically downloaded to our PAN firewall. I also use the four External Dynamic Lists that PAN provides to block known bad IPs. NJCCIC and MS-ISAC sometimes send me lists of known bad IPs tha...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels