This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4130 Views
  • 0 replies
  • 0 Likes

tacacs

Hi, I am using tac_plus linux server . user = larry { login = PAM member = admin } The above will support ? .As I know tacacs using pap or chap . In that case If can I use login = file /etc /password Or PAM in the server side configuration Thanks

lucucote by L0 Member
  • 1997 Views
  • 1 replies
  • 0 Likes

URL Category list with all URLs from SSL Decryption Exclusion

Hi, We are using SSL Decryption and I only allow SSL traffic for specific URL's and categories which are excluded from SSL Decryption.Palo Alto has it's predefined list with SSL Decryption Exclusions (Device > Certificate Management > SSL Decryption Exclusion). From time to time I go to a website and it is blocked because:- It is predefine...

How packets match security policy when when application are incomplete or insufficient

For an example, I have 2 security policies ruleA) source ip: any, source zone: any, destination ip: any, destination zone: any, application: dns, service: any, action allowruleB) source ip: any, source zone: any, destination ip: any, destination zone: any, application: any, service: any, action allow and traffic initiate from client is DNS reque...

Resolved! Webex Room Kit Plus won't register to Webex Cloud thru Palo Alto

I am trying to route traffic out our new PA-820. Internet Access seems to be working as designed with URL filtering applied for our End Users. The issue is with our Webex Video Units ( Room Kit Plus) that register to the Webex Cloud. Once I redirect the traffic from our Cisco ASA to the Palo Alto the Device, Video Endpoints will not register wi...

HPE iLO 5 Not working as GP Clientless VPN App

Hi, I added HPE iLO 5 as a new GP Clientless VPN Application, but it is not working. It seems it calls java, but based on PAN documentation it is supported javascript on Clientless VPN. There is any special thing to do for the javascript part? As you can see the page launches, so Security policies are allowed, but stays here stuck: Has anybo...

banksants_0-1609623112815.png

Zone for vpn?

Hello , We have currently three diffent zones defined . Zone A vlan 100. For wired users Zone B vlan 200 for wireless users Zone V tunnel/ loopback interface for Global protect users. All the above users mentioned are corp users. Now customer wants to create. single zone called "All users" and want to put vlan 100 200 and loopback/ tunnel into i...

GlobalProtect app - How to stop PanGPS from opening PanGPA constantly?

So we are trying to prevent the Palo Alto agent from opening at startup. I believe I fixed that initially by removing its entry from"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run".However there's a service running, "PANGps" ("C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe") that appears to continue re-lauching the process "C:\...

Resolved! VPN from two PAs to Azure with asymmetrical routing using BGP

We have two on-prem data centers connected with dual L3 EVC links between them on our core switches and we are using OSPF for routing. We also have PA firewalls deployed in each location and we are extending OSPF up to them. We are then connected to Azure over each of the PAs over an IPSEC VPN and using BGP and injecting the OSPF routes. If I di...

Session End Reason Unknown and Aged out for SSH traffic passing through IPS

Issue is:SSH establishes fine but once new attempt of a connection is made it cannot establish new connection. This disrupts the workflow of a automated application that sends files over SFTP throughout the day with the random disconnects. Packet captures on client/server do not show anything compelling but I do see TCP retransmits during the c...

martid28 by L0 Member
  • 4812 Views
  • 1 replies
  • 0 Likes

Resolved! Disable/Remove HA

We currently have a HA pair configured in a data centre and will soon be moving to a new site. For a seemless migration, we were wondering if there are any issues with or considerations we'd need to make if we were to disable HA and remove the HA config, reset and move the passive device to the new site to get it up and running, then move the de...

Ash2k by L2 Linker
  • 22062 Views
  • 13 replies
  • 0 Likes

Resolved! Migration from Physical to VM series firewall

Hi All , We are planning to move from on-premises to cloud .Currently we are having physical devices and we are checking possibilities how we can migrate to VM series firewall ? Do we need to do config manually ? or is there anyway we can export/import the config .If yes.. will it rake care pre-shared keys as well ?

deepak12 by L3 Networker
  • 6957 Views
  • 5 replies
  • 0 Likes

Resolved! Export traffic log form Panorama via CLI

Hi,We're using Panorama 5.0.x for collecting traffic log (which store the log at NFS Server), which I would search (or export) some old logs (around a year before).I get time out via WebGUI, and tried scp but it only return the log headersscp export log traffic max-log-count 1048576 end-time equal 2013/10/10@04:45:00 start-time equal 2013/10/10@...

Koala by L2 Linker
  • 7344 Views
  • 6 replies
  • 0 Likes

Users disabling GP through services.msc

Hi,We run always-on VPN. Our users have found they can disable GP by going to services.msc and disabling the service, then killing GP from task manager. Especially with everyone working from home at the moment this is quite a big deal and we need to find a way to prevent them from stopping the GP service (some kind of tamper protection similar t...

SARowe_NZ by L3 Networker
  • 13634 Views
  • 7 replies
  • 1 Likes

Resolved! IPSec tunnel initiation from specific IP

I need to have my IPSec tunnel initiate from a specific IP address on my outside interface. In the IKE gateway | local IP address field I can only select the outside interface IP/subnet and then the tunnel uses that default interface IP as the source. My outside interface has a whole subnet of IP addresses and I want to use a specific one not th...

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks