This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Suspicious TLS Evasion Found(14978)

Dear Team, I have configured the web service behind PA. and attached the security profile . i can see in the thread logs the thread is generating "Suspicious TLS Evasion Found(14978)".i have gone through the below KB but didn't understand https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBwCCAW&lang=en_US%E2%80%A9 mo...

Jafar_Hussain_0-1631539667011.png

RDP with another account deleting the local mapping

Hi, We use GP to connect to our company. So when i open a RDP to internal server using administrator user, my local mapping change also to administrator. We are using agentless for userid. What option do we have in order to keep the local mapping? i read about adding to "ignore user list" but i can not click OK when i add a user.

BigPalo by L4 Transporter
  • 2157 Views
  • 1 replies
  • 0 Likes

WildFire EU connection timeouts

Some of the customers are experiencing following errors with PAN devices (updates OS 8.x) that use WildFire EU (about 5-10 per day at random times): Event: 'wildfire-conn-failed'Severity: 'medium'Description: 'Failed to perform task multiple times resulting in connection timeout with WildFire Cloud eu.wildfire.paloaltonetworks.com' If they chang...

VVlada by L1 Bithead
  • 10215 Views
  • 6 replies
  • 0 Likes

IP for Cluster HA Active Pasive

Hello,We have a 3200 series HA cluster active/passive version 9.1.10.The requirement is to access through a single ip always to the active node.That is, I have an IP for the active node and another for the passive node but I want to configure a single IP to access the active node either one or the other.Can anyone help me to configure it? How do...

Alpalo by L4 Transporter
  • 3548 Views
  • 2 replies
  • 0 Likes

GOOGLE MAPS WHILE BLOCKING OTHER GOOGLE SERVICES

Does anyone have any ideas on how to permit access to Google Maps but block access to all other Google services? I have tried using a rule matching the Google-Maps application however it requires google-base which allows many other Google services. I have also tried using custom URLs for maps.google.com and www.google.com/maps; however, Google m...

j.moore by L2 Linker
  • 15238 Views
  • 12 replies
  • 0 Likes

Can't access management console

I made a big mistake and not sure how to correct it. We have a Palo Alto Firewall. I wanted to white list an IP address so my PCI Scans would not fail. I found an article but it seems it lead me a totally different direction. It had me put the IP in the Trusted IP list on the Management Interface Policy. Now I can't login or even ping the P...

bobvaal by L0 Member
  • 5036 Views
  • 3 replies
  • 0 Likes

GlobalProtect VPN - Multiple ISPs - Single Client IP Space Desired

Currently I have GlobalProtect Gateways on each of my ISP links which requires dedicated IP space for the clients according to PA documentation that client space IP pools shouldn't overlap. I've recently been asked to grow the remote access pool to a fairly significant number. This would require a second large chunk of addressing that would larg...

Resolved! HA Link and Path Monitoring

Hello everyone We have configured active-passive HA on a pair of 5220 I have configured link monitoring I need to migrate the HA links of the FW , all except the backup HA1 management one. What would be the best procedure to prevent them from becoming active? Is there any way to check end to end after each change, apart from looking at the link ...

Alpalo_0-1631634199084.png
Alpalo by L4 Transporter
  • 3454 Views
  • 1 replies
  • 0 Likes

Now Open: Papers for the Ignite'21 Conference

Hi everyone, I wanted to let you all know that Palo Alto Networks is now accepting Papers for the Ignite'21 Conference! Palo Alto Networks is looking for speakers and presenters with highly technical backgrounds who can share their experience and expertise around groundbreaking new threat research, innovative best practices, and next-gen cy...

jdelio by L7 Applicator
  • 3225 Views
  • 1 replies
  • 2 Likes

Is it possible to force a specific user to use SSL over IPSEC to setup a tunnel to Globalprotect

One user of our company has an issue connection to the GlobalProtect Gateway using IPSEC, but there is also no fallback to SSL.His ISP carrier is using "Carrier Grade NAT" and this is likely the cause of his issue. I know that we can force SSL connections on the Gateway, but this is a global setting and will be affecting all users, I just want t...

DaxVC by L2 Linker
  • 10986 Views
  • 4 replies
  • 0 Likes

Custom report analyse trafic on object

I want to check all my object addresses with zero traffic to clean up my flow rules. Can I replace my sources and destination IP with an "all IP" setting ? Can you help me ?section "Query Builder" does not work (see image)

navaro06 by L1 Bithead
  • 5450 Views
  • 7 replies
  • 0 Likes

Resolved! How to make Eth Interface gray

Hello, For testing purpose, I added VR and Zone to Eth Interface1/3. I have removed everything from it but in the Dashboard it shows Red color. This creates confusion as some think the interface is down even though nothing is connected to it. Is there anyway to turn it back to gray?

Gray.PNG
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks