This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4124 Views
  • 0 replies
  • 0 Likes

Issue With DNS Suffix

Dear Team, The challenge was that we need to do commit with wildcard in dns suffix ie. *.xyz.com but it failed ( PAN OS 9.1.7).For workaround we have removed wildcard. You seen in other firewall with panos 9.1.5 its having dns suffix with wildcard. For resolving dns suffix issue with wildcard, After upgrading to panos from 9.1.5 to 9.1.7 why wi...

Packet capture hitting specific security policies?

I would really like the capability to setup packet captures for traffic that hits specific security rules. For example, we have rules that block outbound connections to Palo's dynamic IP list for known malicious IP addresses and would like packet captures taken when traffic hits that rule. I've not seen that capability and haven't seen a forum p...

Resolved! GlobalProtect Pre-Logon VPN WITHOUT using Machine Certificate for Authentication

Hi, I currently have my lab PA-220 where its configured for prelogon and then on demand for the VPN, and it works just fine with saving cookies for the authentication and authenticates at the windows login screen without any issues. Move to our production PA-220 and we cannot seem to get the pre-logon to connect, and I have mirrored the same set...

Azure CDN (Edge Nodes) list

Hi,I have been asked to import a new IP list within Minemeld; the Azure CDN (edge nodes list).To retreive the list, I have the API documentation here: https://docs.microsoft.com/en-ca/rest/api/cdn/edgenodes/listI am only a beginner when it comes to python programming so I was looking for code examples; is there anything class that implements AP...

dennisss by L1 Bithead
  • 3871 Views
  • 1 replies
  • 0 Likes

Resolved! Palo alto decryption issue

We have an issue with a thick client application (AWS Workspaces client) connecting successfully to the AWS workspace over the internet. The palo alto firewall logs shows the traffic is allowed but the type is 'deny' instead of 'end'. Also session end reason is "decrypt error". Now we think we understand that the URL’s the client application is ...

Revoked Machine Certificate still able to Connect Global Protect Gateway

It appears possible to configure the firewall to be an OCSP responder to itself/clients from the posts below? Is that correct? (Specifically referring to self-signed certificates generated on the firewall) If so, is there any risk to having this service run on an external interface, in order to control/revoke machine certificates? If the need...

Sec101 by L4 Transporter
  • 7665 Views
  • 2 replies
  • 0 Likes

Resolved! DNS Proxy - invalid EDNS response

Hi all, I'm having a issue with the DNS Proxy feature. I'm running a Palo Alto VM (9.1.8) in Azure and want to use the VM as DNS Proxy. As default DNS Server, I want to use AZURE DNS 168.63.129.16. Additionally I have some Proxy Rules for internal Domains via VPN to our On Prem Datacenter (DNS). DNS Lookups for On Prem are fine, but resolution ...

AKufner_0-1616596994150.png
AKufner by L0 Member
  • 6514 Views
  • 3 replies
  • 0 Likes

Test URL -> Operation Failed: URL access error

Ive been reading this forum for similar problems, but seems I have different problem.I must say I had difficulties building this, but now this seems to be the last obstacle.So I got minemeld up and running and its able to get feed and I can access the URL https://"Server IP here"/feeds/o365-worldwide-any-url-feedThen I created new CA for the min...

LassiK_0-1615887365458.png
LassiK_3-1615890134113.png
LassiK_1-1615887417734.png
LassiK_2-1615887442645.png
LassiK by L1 Bithead
  • 3663 Views
  • 1 replies
  • 0 Likes

Resolved! DNS proxy sharepoint domain issue when cache enabled

Hi there, i have some issues with my firewall when using dns-proxy with enabled cache. I cannot resolve sharepoint domains e.g. bitmix.sharepoint.com, but when I disable the cacheoption everything works fine.Does someone have any suggestion how I could solve this?I'm using PanOS 10.0.2

Chris.Ka by L1 Bithead
  • 9552 Views
  • 9 replies
  • 0 Likes

Pallo Alto Version 10 show transceiver command for SFP check/troubleshooting

Before only the "show system state filter xxx" ( https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaMCAS ) was used to check issues with SFP but in version 10 the show transceiver is here and this is great 🙂 https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/monitoring/monitor-transceivers.html

URL Filtering Clarification - Wildcards behavior (implicit match on the rear of the URL)

Figured I'd share this here as I already have on another platform. Been using PanOS for ~8 years and came across something with URL filtering and wildcards. URL filters with wildcards will match on the front, and back of the URL(implicit), if you don't use the trailing /. What this means is *.microsoft.com doesn't just match www.microsoft.co...

Global Protect Split Tunnel exclude video traffic issue

Hi All,I have an issue I am not sure how to address. I have "Exclude video traffic from the tunnel" enabled on the GP gateway. When a user connects and tries to watch a video on our wordpress intranet site, http:/myintranetsite/somevideo embedded in the page, it kills the session in the browser. I get one of those "oops, something went wrong". W...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks