This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4440 Views
  • 0 replies
  • 0 Likes

Microsoft Radius Authentication with PA

Hi, I am trying to setup Radius Authentication with PA. I have setup EAP(PEAP) and EAP-MSCHAP v2 on the windows radius server. However I can only login to the firewall using PAP. I have tried to import the certificate from the radius server but not sure why I can't use the EAP or MSCHAP options. Please advice as I am not sure if I am exporting ...

umar00o by L2 Linker
  • 7362 Views
  • 6 replies
  • 0 Likes

Radius Authentication Failure: Timeout

Issue: Authentication failure when using AD Account Log: Authentication Timeout to server Setup:PanOS Version: 10.1.1Panorama is not used NPS Installed on Windows Server 2016Radius Server Profile CreatedAuthentication Profile Created Admin Role CreatedLinked in SetupNPS Client and Policy Created( 25461 - uses created admin role, uses PAP) Teste...

X-Auth IPSEC tunnel for Mobile doesn't work

Hello there:Recently I enabled IPSEC and X-Auth for the GlobalProtect Gateway, hoping to let my mobile users could use remote IPSEC access VPN. But it didn't work as my iPhone kept showing "user authentication failed'. I am pretty sure the configs on both PAN and Mobile are correct. How I should troubleshoot this?I use Radius and 2FA for GlobalP...

FelixXia by L0 Member
  • 4283 Views
  • 3 replies
  • 0 Likes

Resolved! How to graph total number of UDP sessions over time

We're looking at setting up Zone/DoS protection and we would like to have a graph in order to establish a baseline. I've seen the ones within Pano health but those seem to be total numbers. We'd like to be able to see UDP separately. Is there something we can setup in ACC, Reports, etc..?

HA1-Backup connection down

Dear Team, We got the below error continuously, Crosschecked HA configuration is good only. Pan os: 9.1.3 Device: 3020 2021-09-07 08:30:32.699 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2870): Ending monitor increase holdup on commit end2021-09-07 08:30:32.699 +0530 debug: ha_state_stop_increase_monitor_holdup(src/ha_stat...

VishnuPS by L3 Networker
  • 3896 Views
  • 1 replies
  • 0 Likes

Vpn in Thailand and Asia

Is there anybody working from Thailand using Global Protect vpn?I heard that the country can block vpn connection. While my company's configurations allow me working from Thai.I'm planning to relocate and want to make sure i can work from there.Would be grateful for any information, maybe you heard anything from somebody concerning Thailand or n...

Elena89 by L0 Member
  • 4090 Views
  • 2 replies
  • 0 Likes

issue if there is a one certificate profile for Windows User-ID agents and Terminal Services (TS) agents

As per below image You can only assign one certificate profile for Windows User-ID agents and Terminal Services (TS) agents. We want to enable secure communication only between User-id agent and firewall , so we will import server certificate only in user-id agent. If we apply certificate profile under Device > User-Identification > Connec...

Deepak25_0-1630874133815.png
Deepak25 by L3 Networker
  • 2844 Views
  • 2 replies
  • 0 Likes

CPS calculation per server

'Log at Session End, captures the number of connections at the session end." I am little confused by this statement. How does 'Log at Session End' help in calculating CPS for a server.https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresho...

raji_toor by L4 Transporter
  • 6538 Views
  • 6 replies
  • 0 Likes

High Availability question

Hi all, This is my first post on this forum. I am also a brand new Palo Alto customer and we just purchased a pair of 3220 firewalls. As the subject says my question revolves around HA as I would like to start putting together a plan for design and deployment. My question is probably really stupid but I just want a bit of clarification on how an...

Mushussu by L0 Member
  • 5511 Views
  • 2 replies
  • 0 Likes

Anyone have issues with 10.0.6

Just kind of a broad general question, but has anyone had any issues going from 9.1.x to 10.0.x in a large environment? Or would the preferred 9.1.x version be the way to go?

Show Shadow Rules 2021 Post

Hello -I saw a post about this from 2012 and the answer was basically no. Well, it's been nine years now and I'm hoping there is a way to view shadow rules without doing a commit.

Resolved! HSCI Port

Hi, I finally received my pair of 3250s and noticed there is the HSCI port used for HA. I didn't realize this before purchasing, so I do not have the cable. Is there a reason why I can't just dedicate an interface for HA to use for HA2? In case it matters, these firewalls will be located on internet edge.

ce1028 by L4 Transporter
  • 16603 Views
  • 6 replies
  • 0 Likes

Resolved! Web-GUI certificate not applying

Hello all, After letting my cert expire (duh), I've imported a new one, exactly the same process as before.For some reason the firewall isn't picking it up for Web-GUI, sticking with a self signed cert with the serial number as CN, but uses the intended cert for GP portal with no problem.Running 10.1.0, couldn't find any mention in the documenta...

  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks