This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4221 Views
  • 0 replies
  • 0 Likes

GP/ LDAP authentication

Hi, I have a test AD/PA setup.AD and LDAP connectivity is okay so far. My problem is that I am unable to authenticate any user against Global Protect.The un/pw are correct.The group are correct too, as far as I can see. This is the output i get when trying to authenticate: SITE1> test authentication authentication-profile AUTHPROFILE usernam...

Vimz888 by L1 Bithead
  • 4219 Views
  • 4 replies
  • 0 Likes

IPSec intermittent disconnection issue

Hi, Is there a command to check if a tunnel went down on a specific time and why it happened. I have a tunnel set-up to a 3rd party where they keep monitoring some of their servers. They inform me that they receive alarms every hour that the endpoint is down and its not coming back up for about 15 min. I cant see anything obvious. I have done ...

AY_FASAR by L1 Bithead
  • 2085 Views
  • 6 replies
  • 0 Likes

GlobalProtect Authentication SAML plus certificate (backup mode)

I would like to know if it is possible to configure SAML to authenticate and in case something in the SAML part is not working, certificate authentication is used. This is for GP authentication. So SAML + certificate auth (backup option). I understand that i will need a authprofile with SAML auth. But where can i choose the backup auth by cert...

BigPalo by L4 Transporter
  • 1390 Views
  • 4 replies
  • 0 Likes

How to stop the output of CUID errors

Attention: JAPAC TPM team Hello I'm Shono Kawaguchi. Please tell me how to stop the output of the following error. high userid cuid-conn 0 gRPC connection to identity.services-edge.paloaltonetworks.com:443 is broken, error: Feature is not enabled or device cert isn't available for CUID gRPC connection time: 2025-03-26 02:51:47 As long as...

Syslog Custom Format for Splunk

I'm trying to get the firewall to send before and after change detail to splunk. I've tried various formats in Custom Log Format, but any changes I make result in no logs being sent to splunk. What is the correct format for Custom Log Format when using syslog and splunk? I'm running PA OS 8.1

Resolved! Applipedia Down?

Hi, Applipedia (https://applipedia.paloaltonetworks.com/) currently seems down - I'm getting "Sorry, an error occurred while processing your request." when visiting. Anyone able to advise when this will be back up, or if this has been moved elsewhere? Thanks.

s3cb0ar by L0 Member
  • 6698 Views
  • 12 replies
  • 1 Likes

VPN issues with 3 ISPs

After upgrading to the pa-850 10.2.13-H3 version, problems started occurring in one of the ISPs. There are 3 ISPs, the first two main ones and the third one as a secondary ISP which manages the VPNS. After the upgrade the configuration was maintained and there were no changes (administrative and metric distance), suddenly they started to fail ca...

F.Pinar by L3 Networker
  • 1203 Views
  • 2 replies
  • 0 Likes

Resolved! export ike debug to syslog

Hello, We are having an intermittent tunnel issue. We have debug turned on in the ike logs and when I view them on the box I see all the debug logs. However, these rollover pretty fast and if the issue occurs and no one logs in to pull the logs within an hour or so then they are gone. We have set up a syslog server and the palo is sending logs...

SeanHuff by L0 Member
  • 1443 Views
  • 3 replies
  • 0 Likes

Resolved! MFA external provider question

Hello Community, I have always use don-prem solutions for MFA. Currently I am researching using a 3rd party provider, (Duo v2, Okta Adaptive, PingID, and RSA SecurID) . Which one do you use and would you recommend them? I was considering Duo since they have the lowest cost offering. Love to hear your thoughts! Cheers!

Unable to set SSL/TLS Service Profile with Panorama

Hello, At a bit of a dead end with a template change. Essentially, I am trying to configure the VMSeries Firewalls SSL/TLS Service Profile under: Device > Setup > Management > General Settings > SSL/TLS Service Profile I have configured the profile and requisite certificates in my template but when I push the changes, the SSL/TLS ...

panorama_template.png
fw_profile.png
fw_general_settings.png
C.Stuart by L1 Bithead
  • 5635 Views
  • 8 replies
  • 1 Likes

GlobalProtect to Facilitate Multi-Factor Authentication Notifications

I'm working on setting this up, however when the popup box appears on the laptop wanting me to click on the link for additional authentication I am brought to a webpage saying the connection has timed out. Now the url is going after <ip address>:6081. If I do a port scan against the IP address I do not see it listening on port 6081. I have...

zthiel by L2 Linker
  • 4531 Views
  • 5 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks