This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

DNS Resolution with global protect.

Dear All,I am facing some issue with DNS resolution. below is the scenerio. I have Global Protect VPN setup.after connecting global protect, i will take RDP of some internal machine.RDP will take by host name example:- system1.abc.com resolved by IP address 192.168.1.15system2.abc.com resolved by IP address 192.168.1.16system3.abc.com resolved...

Jafar_Hussain_1-1617959764286.png
Jafar_Hussain_0-1617959726226.png
Jafar_Hussain_2-1617959892551.png

Packet capture drop stage shows production traffic

I have been troubleshooting a intermittent issue where a device that sits behind my Palo Alto running 10.0.0.3 is frequently losing it's connection for UDP port 2156 traffic. Today I ran a packet capture on the PA using the "drop stage" while the connectivity was lost and there was my missing traffic, right there in that capture.When connectivit...

VMware Horizon View via Load-Balancer

Hi All, First time posting here. We have a fairly large deployment of VMware Horizon View and we're recently migrated from our old firewalls (Fortigate) to Palo Alto and since then inbound connections to our View Platform at this site have stopped working. The basic inbound connection follows this flow:External Client --> Palo Alto External -...

licenses renewal

I'm in need to renew the licenses of a PA-220 LAB registered under my PA account and I need help from someone else that is not who sold this device to renew the licenses. I'm looking to buy the licenses renewal. ThanksLicense PAN-PA-220-BND-LAB4-RPA-220 Lab Unit Renewal Service Bundle (Threat Prevention, DNS, PANDB URL Filtering, GlobalProtect, ...

Resolved! dynamic external lists sources

Hello,I am trying to use the Palo Alto Bulletproof, high Risk, and known malicious dynamic external lists. However, I can't add them because the sources aren't listed in the drop down menu of the "Add External Dynamic List" window. I read that it uses the content updates to get those. I am up to date on the Application and Threats Dynamic Updat...

nwnetadmin_0-1617919188682.png

Tips to block Yahoo Mail but not other parts of Yahoo

I wanted to make a post to the community to see what other people are doing about this issue. We currently have a support case open with Palo for this and has been open for quite some time. Long story short, users that have previously logged into a Yahoo account and have a session cookie are able to somehow circumvent security policy and the a...

tszafa by L0 Member
  • 7167 Views
  • 2 replies
  • 0 Likes

Resolved! Issue in HA link monitoring

Hi, ISP Primary>>Fortigate Active >> Paloalt ActiveISP Standby >>Fortigate Passive >> Paloalto Passive we have ISP is connected with FortiGate Active Firewall and FortiGate which is directly connected with Paloalto Active Firewall same as ISP standby is connected with Fortigate Passive Firewall which directly conne...

Joshan_Lakhani_1-1617727170024.png

Resolved! Need to disable port 443 in WF-500

We are observing https port 443 open in private wildfire WF-500. Please, share the command to disable the same. Also in Wildfire services, we have found only SNMP, ICMP and SSH.Https service is not available, so as to disable it. 

image (2).png
image (1).png

Github-allow access to specific repository

How do I block all Github but allow access to a specific repository? For eg. I want to allow https://github.com/cisagov and block all github using a single URL filtering policy. How can I do that? I added github.com/* to custom URL list and set it to block.Created another security policy with a custom URL list containing the specific github pag...

Miner for Google IP Address

Just in case anyone is looking for a miner to mine for Google IP address, here is a sample miner Google Services Miner age_out default: nullinterval: 257sudden_death: trueattributes confidence: 100share_level: greentype: IPv4extractor prefixes[]indicator ipv4Prefixprefix googlesource_name google.rangeurl https://www.gstatic.com/ipranges/goo...

FabianB by L0 Member
  • 4779 Views
  • 2 replies
  • 1 Likes

Prompt to change password as it will expire soon doesn't let you change the password

I've had a number of users reach out to me to reset their password for the GlobalProtect because they become locked out. They have all said they get a message that their password will be expiring in so many days, but are never prompted to reset the password. Each user has said there is nowhere to click to change the password so it goes past the ...

vulpine by L0 Member
  • 4093 Views
  • 1 replies
  • 0 Likes

EDU-330 and EDU-214 (looking for study material)

Hello everyone! I have been looking (without success) the study material of EDU-214 and EDU-330, I can not find anywhere, I checked the beacon portal and nothing.If anyone had this material or knows where to get it, I would greatly appreciate it. Thanks!

Resolved! Global Protect: Split DNS - NSLOOKUP & DIG expected behaviour

What is the expected NSLOOKUP / DIG behaviour when using Split DNS and attempting to resolve an excluded domain? We are seeing the following:nslookup excludeddomain.comServer: dc.domain.localAddress: 10.0.0.10*** dc.domain.local can't find excludeddomain.com: Non-existent domain Is this expected (obviously it resolves if I tell it to use an exte...

cg7201 by L0 Member
  • 6510 Views
  • 2 replies
  • 0 Likes

GlobalProtect not connecting on Mac

I'm trying to use GlobalProtect on a Mac, but it won't connect. I don't know much about Mac in general which definitely won't help me, I'm doing this for someone else and this is my first time using GlobalProtect on one. When I start the app and type the username, password and portal it just says connecting in the status tab. So far I've tried r...

K.Arne by L1 Bithead
  • 35245 Views
  • 14 replies
  • 1 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks