This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4221 Views
  • 0 replies
  • 0 Likes

Not able to connect AD Domain

hey guys one of my clients is not able to connect in the domain some users are connecting while some are not. The users are in Location A in another city and the Domain server is from another site I attached B the image ignore.that is it from the firewall side or domain side issue because some are connected some are not.

Palo Alto Device certs (Default Trusted Certificate Authorities List)

I am dealing with an issue in which the Palo Alto is in proxy mode. The issue is concerning endpoints being able to access a cloud tenant to register (install) a component.. The FQDN of the cloud tenant has been added as an allowance for these endpoints, they are member servers that have exceptions made for Internet access to certain sites. Mu...

Resolved! User's in session table hitting wrong NAT rule

Hi All, I have a client that has several NAT rule's (as per below). The have discovered in the session table 2 IP's from the 10.128.48.0/22 subnet seem to be hitting 'guest_nat' rule below when they should be hitting the 'users_nat' rule below. When testing the NAT policy match with the affected IPs they hit the correct NAT rule (users_nat). The...

BenPrice_0-1628835394873.png
Ben-Price by L4 Transporter
  • 6165 Views
  • 4 replies
  • 0 Likes

Resolved! Certificate Validation for Zoom Recommendation

Hi friend, Can you please all guy , telling me that why zoom is working coz i do not allow policy for this destination Cert address yet?Thank you. There are URL as the below list:crl3.digicert.comcrl4.digicert.comocsp.digicert.comcertificates.godaddy.comcrl.godaddy.comocsp.godaddy.comcertificates.starfieldtech.comcrl.starfieldtech.comocsp.starfi...

sunate_h by L1 Bithead
  • 4402 Views
  • 3 replies
  • 0 Likes

TACACS user authentication on WF-500

Hi Team, The customer has a query about whether if is it possible to configure TACACS user authentication through WF-500. The customer has no panorama setup or anything he was able to successfully configure on Palo Alto NGFW but not on WF-500. I request you to kindly provide some updates on this issue. Awaiting your response. Thanks & Re...

RJ274 by L0 Member
  • 2122 Views
  • 1 replies
  • 0 Likes

Unusual traffic on port 135

Hello, I have been facing an issue where I see lots of traffic toward internal serves on port 135. The source of the traffic is the firewall management IP. Its agentless user-id setup on the firewall. Previously WMI probing is enabled which cause the issue. I can still see the same traffic on port 135 after disabling the WMI probing. In server ...

mshihora by L1 Bithead
  • 5388 Views
  • 3 replies
  • 0 Likes

User id connected but users name not showing in the security policy

Dear Team, I have integrated AD to my PA NGFW. User id is showing connected but when I create any user based policy there is no users. I have tried cleared user is cache, refresh etc. But still same. Please find the below SS for referenceuseridd.log2021-09-06 11:33:322021-09-06 11:33:32.523 +0530 connecting to ldap://[10.1.2.102]:389 ...useridd....

VishnuPS_0-1630913490724.png
VishnuPS by L3 Networker
  • 8052 Views
  • 3 replies
  • 0 Likes

Unknown Users Detected In User-IP Mapping

Hi All,I was checking the User-IP mapping in one of the boxes and noticed something which is a mystery to me. I have attached the picture in this discussion. Some of the entries in the output show as Unknown. Any of you know why and how this happens ? The white boxes that have been cut out are the usernames which i had to remove due to privacy c...

NAble by Not applicable
  • 12021 Views
  • 6 replies
  • 1 Likes

Resolved! Tunnel Monitoring Setup issue

Hello, I need to enable Tunnel Monitoring for S2S VPN between PA and Cisco ISR Router.Since, we need to hide our local network behind one IP address given by client (172.x.x.x/32) so we have used that IP address as loopback interface.There are 2 Tunnels to reach client's remote network and we are using Static route (Primary tunnel with Metric 9 ...

Radius authentication with Clearpass for Firewall Webgui

Followed this KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClS6CAK The authentication shows successful on the inbound to Clearpass and meets all the policies required for successful login. However the Palo sits at the login then eventually fails after about 5-10 seconds and indicates incorrect login credentials....

Inked15_LI.jpg
16.png
14.png

TACACS user authentication in WF-500

Can we configure TACACS sever profile in WF-500? So that we will provide TACACS user authentication to login into WF-500. If it is possible, please share configuration steps or article for the same.

Traffic issue on the Palo Alto(zone-to-zone)

Team,On our Palo's we have a vsys defined and on this vsys we have 2 zones configured. ...... (say Trust zone and untrust zone.) We have a server in the trust zone which need to monitor the interface allocated to the untrust zone.This does not happen i.e. the server is unable to telnet to the untrust interface(to the port we enabled) and hence m...

nson2139 by L3 Networker
  • 5352 Views
  • 3 replies
  • 0 Likes

Office 365 Dynamic List

Is there any way to use the Office365 dynamic URL?https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7which contains IPv4, IPv6 and domain and having update every day.

URL and Threat Licenses

I have recently ordered URL, Threat and 3 yr support for 7 PA-220's. The main S/N we are using for a test application did not get a license ordered, (oversight on my part). Can I use one of the new licenses from another S/N PA-220 to upgrade and test temporarily? Then when the dedicated license comes in for my test PA I can move back. Or can I k...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks