This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4434 Views
  • 0 replies
  • 0 Likes

No internet after changing ISP

PA-440, OS 10.1.14, Standalone We just changed the ISP, the static IP in interface (WAN), updated the Virtual Router as well, NAT, PBF, Security Policy was checked, IKE Gateway. But we couldn't browse the internet. The firewall management GUI is also accessible by the WAN interface Before (from the allowed host), but not now. If i revert the s...

Dars_Em by L1 Bithead
  • 2259 Views
  • 7 replies
  • 0 Likes

Resolved! Transferring assets from one CSP Tenant account to another

We have previously purchased and licensed a VM series firewall using our parent company tenant (Company A) and email. However, when comes to license renewal, we have purchased it under our child company (Company B). We would like to transfer the assets from our parent company (Company A) to our child company (Company B) so that we can manage t...

Resolved! how to whitelist Akamai downloads ?

How do yuo configure a correct FW rule to only allow downloads for a specific user from a specific URL, but the content is hosted on akamai networks ? I configred a FW rule with the URL of the server as FQDN in the destination field and allowed downloads but since the content is hosted on akamai, the FW rule is ignored.I don't want to give the u...

DaxVC by L2 Linker
  • 15125 Views
  • 6 replies
  • 0 Likes

Resolved! Proper "outside" interface configuration

Hello all!I'm facing an issue which brings me to ask what the proper configuration should be for an outside interface. Given the attached diagram and captures, do I have the correct outside interface (vlan.100) configuration? diagram Outbound traffic from the local users is being NATed to 194.204.1.6 Inbound web traffic from the Internet ...

if-cfg-question_202504151350.jpg
2025-04-15_14-15-22.jpg
2025-04-15_14-04-22.jpg
2025-04-15_13-52-51.jpg
relayer by L1 Bithead
  • 3568 Views
  • 5 replies
  • 0 Likes

ACME and SSL decryption

So i recently got wind of this: https://www.thesslstore.com/blog/47-day-ssl-certificate-validity-by-2029/ acme.sh and/or certbot takes care of the servers, but won't this break existing SSL decryption rules? Any strategies/workarounds for this? tia

Resolved! Clarification on http2 traffic and decryption

Hi all, I was hoping to get some clarification on http2 and firewall interaction. I understand that generally http2 works without issue as long as it's being decrypted. I also understand disabling inspection/decryption (Strip TLS ALPN) on http2 traffic can cause it to be downgraded to http1, thus defeating the purpose. But what if there's simp...

KGDrake by L0 Member
  • 3809 Views
  • 2 replies
  • 0 Likes

Resolved! Best method to block Instant Messaging

Working for a State Government agency, we are required to keep a record of any official electronic communication. Using public Instant Messaging services creates a problem for us in that we don't have a mechanism for keeping copies of any transactions which are part of a Public Record conversation.In light of this issue we would like to block I...

merrydc by L1 Bithead
  • 5614 Views
  • 4 replies
  • 0 Likes

GP/ LDAP authentication

Hi, I have a test AD/PA setup.AD and LDAP connectivity is okay so far. My problem is that I am unable to authenticate any user against Global Protect.The un/pw are correct.The group are correct too, as far as I can see. This is the output i get when trying to authenticate: SITE1> test authentication authentication-profile AUTHPROFILE usernam...

Vimz888 by L1 Bithead
  • 4281 Views
  • 4 replies
  • 0 Likes

IPSec intermittent disconnection issue

Hi, Is there a command to check if a tunnel went down on a specific time and why it happened. I have a tunnel set-up to a 3rd party where they keep monitoring some of their servers. They inform me that they receive alarms every hour that the endpoint is down and its not coming back up for about 15 min. I cant see anything obvious. I have done ...

AY_FASAR by L1 Bithead
  • 2171 Views
  • 6 replies
  • 0 Likes

GlobalProtect Authentication SAML plus certificate (backup mode)

I would like to know if it is possible to configure SAML to authenticate and in case something in the SAML part is not working, certificate authentication is used. This is for GP authentication. So SAML + certificate auth (backup option). I understand that i will need a authprofile with SAML auth. But where can i choose the backup auth by cert...

BigPalo by L4 Transporter
  • 1444 Views
  • 4 replies
  • 0 Likes

How to stop the output of CUID errors

Attention: JAPAC TPM team Hello I'm Shono Kawaguchi. Please tell me how to stop the output of the following error. high userid cuid-conn 0 gRPC connection to identity.services-edge.paloaltonetworks.com:443 is broken, error: Feature is not enabled or device cert isn't available for CUID gRPC connection time: 2025-03-26 02:51:47 As long as...

Syslog Custom Format for Splunk

I'm trying to get the firewall to send before and after change detail to splunk. I've tried various formats in Custom Log Format, but any changes I make result in no logs being sent to splunk. What is the correct format for Custom Log Format when using syslog and splunk? I'm running PA OS 8.1

  • 24374 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks