This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4473 Views
  • 0 replies
  • 0 Likes

Resolved! Device Certificates Intermediate Cert

Hello,On Device>Certificate Management>Certificates - I have a IntermediateCert, under the RootCert, that is expiring. I can easily renew it, (It's self signed), but I'm trying to understand what its being used for. I haven't found any information that easily explains it, (just basically how to install, renew, etc).How can I find out what ...

roma by L2 Linker
  • 3403 Views
  • 1 replies
  • 0 Likes

Configure a Managed Palo Alto device when panorama server is unreachable

Hi,I am planning to deploy Panorama server to manage 4 FW on main site and DR site with Panorama server installed on the main site in panorama mode. I wanted to know if we can access and configure the FWs in the event of a communication failure or virtualisation environment failure or maintenance. It is not clear in the documentation. Can anyone...

Resolved! HA2 link down

The 20G link for HA2 between the two PA-5220 firewalls (Active-Passive cluster) does not work correctly. It is a direct link using single-mode fiber and 10G-LR optics with a length of approximately 550 meters.After restarting any of the two firewalls, the HA2 link does not raise (in the Down state). We only managed to lift it after disconnecting...

BigPalo by L4 Transporter
  • 20779 Views
  • 7 replies
  • 0 Likes

Does MineMeld support multiple values for a condition in a prototype config?

I am trying to setup one prototype where it's condition will accept indicators with share levels of both green AND amber. I don't want to create a seperate prototype for every share level combination of color and confidence.. I would like to just say "if the confidence is >75 AND share level is either green or amber, then accept the indicat...

Outlook 2016 unable to open while on GlobalProtect

Anyone else experiencing issues with Outlook 2016 being unable to open while on GlobalProtect? We have sporadic windows 10 pc's with this problem and all windows 7 pc's have this issue. When we disable GlobalProtect and start Pulse Secure (our legacy VPN agent), Outlook opens right up and connects. We have a ticket open, but I'm guessing TAC ...

jmurphy by L2 Linker
  • 8390 Views
  • 5 replies
  • 0 Likes

Expedition 1.1.83 hangs during xml export

I'm trying to complete a cisco ASA to Palo Alto migration but Expedition seems to hang during the generation of the xml output. I've restarted jobs and task manger multiple times as well as updating Expedition and rebooting the vm itself. Below is the output from the "cat /tmp/error" command via cli.expedition@Expedition:~$ cat /tmp/errorNotice:...

google searched blocked

I have an issue that seems to only be affecting one user. They seemingly randomly get the block page when doing a google search. Looking at logs most searches are allowed but then I will see the occasional block-url. I think I have narrowed it down to when chrome is opened the first search fails. Searching after that works ok. If I open a new ch...

Resolved! GlobalProtect - Connecting before pre-logon

Hi Everyone, We are experiencing an issue with some of our Windows 10 laptops where if the user connects before the pre-logon tunnel establishes at the Windows logon screen, then they are presented with a Global Protect error saying 'VPN Connection could not be established' once the desktop loads. I have checked the system logs during this proce...

Geroge by L1 Bithead
  • 11248 Views
  • 7 replies
  • 0 Likes

Resolved! Globalprotect Portal failure

I tried to replicate a Globalprotect portal setup from another site and it fails with the following message: GlobalProtect portal(Kawailoa_Portal) setting is invalid: auth-profile exist(method none), client-cert-profile none(no username).(Module: sslvpn)Commit failed What am I missing?

GIT_Sean by L1 Bithead
  • 11514 Views
  • 7 replies
  • 0 Likes

Resolved! PAN is missing EXPORT function

I was trying to export the config for the first time and found that in Device/Setup/Operations I see no option for Export. Digging in I think the problem may be that admins defined by AD group membership and authenticated via RADIUS appear to not be enabled for XML API export/import. I tried to access using the local admin account. But that fai...

palomed_0-1606158755725.png
palomed_1-1606158829779.png
palomed by L3 Networker
  • 2873 Views
  • 1 replies
  • 0 Likes

Palo Alto and Captive Portal for Kerberos

HI allWe have a Palo Alto deployed in AWS and have a requirement to check for a users AD group before letting them into the network.We cannot use User ID Agent as we are not allowed to set up connections to domain controllers as we have over 10 and the traffic load will be too much at the moment. So only option is to use kerberos to check user g...

Object xpath in PanOS config logs

In the PanOS GUI under Config logs there is column "Full Path", which shows the full xpath of the edited objects. However the "Full Path" is not part of the actual syslog Config message and I also can't find a customer "Full Path" field in the Custom Log format fields. Do you know how can we add it to the syslog messages?

2020-11-18_13-57-39.jpg
batd2 by L4 Transporter
  • 4365 Views
  • 5 replies
  • 0 Likes

want to block IP address.

Dears,I have one internal working website. i want to allow the website by the URL and want to block by the IP address.Example:- website name - https://example.com ip address - 192.168.1.50If any user browse this website https:// example.com should be open and if the user browse this https://192.168.1.50 sho...

PowerBI Desktop Sign In fails with SSL Decryption

We are rolling out SSL Decryption for a group of test users and we run into an issue with PowerBI Desktop.When we try to login in PowerBI Desktop it fails and shows that it cannot setup a trusted SSL/TLS connection for the sign in. I am looking into my decryption logs, but I cannot find any issues with URL's that might have something to do with ...

  • 24380 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks