This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

PaloAlto TAC support has gone missing

Opened a S2 (high) ticket at 11am ET this morning about panorama in High Availability in suspended mode after upgrading from 9.1.9 to 9.1.10. No response from TAC support after two hours. I called in and have been waiting for over an hour with no one from PAN support responding. This is outright bad. A lot of cases that I've opened with TAC s...

dtran by L4 Transporter
  • 6564 Views
  • 9 replies
  • 0 Likes

Java Cert error due to decryption?

My organization is in the process of moving from one VPN solution to GlobalProtect. We are seeing several applications being unable to run certain features, or run successfully at all, and the error logs appear similar to this (I say similar because this specific message is from one application, others may vary, but all are similar): sun.securit...

Resolved! Configure Session Timeouts particular source or destination ip in Palo Alto

Can we specify session, session timeout i.e. Keepalive timer for particular source or destination ip in Palo Alto? In the WebGUI, we will find these settings at Device > Setup > Session, But this settings will be applicable for global setting. I found that, we can specify it for the application. If we can do the same for ip address. Kind...

How to allow policy destination by URL

Hello, I need know how to allow create policy in PA firewall 3020 and add destination as URL name as (microsoft office 365) instead of adding all IP ranges. Appreciate your help Thanks

mmarie by L1 Bithead
  • 12211 Views
  • 3 replies
  • 0 Likes

global protect vpn with DUAL ISP

Hi Team, we have two isp link with ecmp load-balancing enabled. we only have one virtual router setup. we have configured GP vpn portal with one isp interface and how can i configure the GP vpn with second isp link as well. we would like to have two external Gateway.But global protect portal only showing to choose one outgoing interface.any help?

Global Protect Enforcement Bypass

Hi All, I understand that this is a Microsoft related matter however I'm interested to see if anyone else has come across this issue. With Global Protect Network Enforcement in place (through the Portal Config), it is still possible for local admins to end the 'GlobalProtect service' (PanGPS.exe) Windows Task and bypass the connection enforcemen...

Josh990 by L2 Linker
  • 8607 Views
  • 5 replies
  • 0 Likes

Configuration checks against CIS security benchmarks

Hello All, Do any of you compare local firewall or Panorama configurations against CIS benchmarks for security compliance checks ?Either using an existing tool to check Firewall compliance with the CIS (Centre for Internet Security benchmarks) recommendations or manually using show merged config / show config ? The Palo BPA does expose some of t...

User-ID Agent 8.1 help needed

Hello. AD integration using the User-ID agent. We were on 8.0.7-2 and things were working fine. I tried upgrading to version 8.1.0-66 and had several problems with wrong user-id being reported. I saw in the release notes for 8.1:• Since multiple username attributes are supported, you must select the PrimaryUsername attribute that you want to u...

dannon by L3 Networker
  • 6415 Views
  • 5 replies
  • 0 Likes

GlobalProtect issue with Enforcer Network Access

Hello, We enabled a week ago the feature enforce network access on our environment.We are using internal host resolution to detect if user is inside or outside corporate network.In a random way, we're experiencing issue with users worldwide. We have a dns server at each location This issue seems to be present only when the user is connected from...

Block Psiphon App

Hi, Is there any way to block this psiphon app? is it needed ssldecrypt?This app uses many apps (ike,ssh,ssl) so we can not block them. How do you block this app psiphon?

BigPalo by L4 Transporter
  • 3136 Views
  • 2 replies
  • 0 Likes

Find disabled administrator accounts

Across a large environment, what would be the best way to audit Palo administrator accounts? That is accounts found at Device > Administrators. For various reasons we all end up with lots of AD accounts, service accounts and so on there, what I'd like to do is find a way to periodically check those accounts against AD to see if they are stil...

Ping log with 0 bytes sent

Hi Guys, I noticed some strange logs on one of our 5200 firewalls.There is device behind the firewall that is running constant ping to google dns, traffic is allowed and working normally.I noticed a some logs that bytes sent is zero... I can explain bytes received with no reply, but I don't have any explanation why log entry will have bytes sent...

AlexanderAstardzhiev_0-1623937334598.png
AlexanderAstardzhiev_1-1623937505092.png
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks