This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4131 Views
  • 0 replies
  • 0 Likes

AKAMAI API for IP Addresses.

Hello All, I have a customer that requested the information below: "We have recently discovered that apple is moving to Akamai for services like App store and IOS updates. Would you happen to know if Akamai has an API for the ip addresses so we can set this up in MindMeld since they are dynamic". Please can anyone advise so I can relay th...

sodhegba by L2 Linker
  • 4069 Views
  • 1 replies
  • 0 Likes

Mac users unable to change passwords via GlobalProtect

Bit of history. We, our system architect, deployed GlobalProtect prior to covid and work from home. He set it up using SAML and no RADIUS. 5mo into work from home and most users have been required to change their passwords if not all of them. To date everyone is fine except for any user using a Mac. I see documentation from Palo Alto saying ...

GlobalProtect behaviour in Chromebook

Can anyone please confirm if below is the expected behavior of the GP Android App with internal gateway on Chromebook?When inside the network with internal host detection GP greys out. Using GP 5.2.2 If GP greys out after connecting does this mean the user should be detected by the portal without a tunnel establishment?

Odd traffic going out through an application-specific security rule

I've got a rule that allows the following applications from any source in our trusted zone out to any destination in the untrust zone.appdynamicsdns-over-httpsdns-over-tlsgithubms-delvenet.tcpntpocspoktapaloalto-updatespaloalto-wildfire-cloudpan-db-cloudrtcpservice-nowskypesshwindows-azurewindows-push-notificationsThe rule is set for application...

Resolved! Difference between app base rule and service base rule.

Hi All, Just some queries, 1) what is the difference between the App base rule and Service base rule?2) For security purpose which one is a more secure app or service base rule?3) What is the benefit of using App base rules? Thanks in advance.

HELP! Failed to download due to protocol error. Please try again later. updater error code:-28

I am spinning up a new 820 HA pair and on my last site I am getting an error when downloading the OS and dynamic updates. The other site work fine. I am getting the following error: Failed to download due to protocol error. Please try again later.updater error code:-28Can any one help me out here? Im on 9.0.4 trying to go to 9.1.4

JohnMaki by L1 Bithead
  • 8284 Views
  • 4 replies
  • 0 Likes

Resolved! SSL Certificate renewal query

We got certificate tree like this:the public certificate (Trusted root CA) from Digicert, Intermediate cert (Digi root) and then the SSL/TLS cert (DigiVPN). This DigiVPN is going to expire soon and we use it for GP portal and GW. The server cert is by itself and got a tick next to CA column. It is valid till 2023 and used as cert profile in GP. ...

VPN Tunnel Monitoring between two Palo Alto devices

Hello, From what I understand, when creating a tunnel monitor between two PA devices it's best to assign IP addresses on the same segment to the tunnel interface on each side. The monitor is then setup with the remote destination on each side. Example:FW-A-Tunnel.1 (10.10.10.1/30) <---> FW-B-Tunnel.1 (10.10.10.2/30) FW-A will monitor 10...

NobleNOC by L0 Member
  • 2245 Views
  • 1 replies
  • 0 Likes

SSL Forward Proxy implementation in production environment

Hello friends, I would like to know expected issues if we enable ssl forward proxy to a production environment. There are services allowed with different ports , web services and all working fine now. As this is first time am planning to enable forward proxy ,not sure which are the user side issues they may face.Queries are like 1.Whether user...

Resolved! PA HA with Port-Channel towards inside/trust connection

Hi,We need to add secondary PA-220 to existing (production) standalone PA-220 and make it has Active/Standby. Trust interface on PA will be trunk with two sub-interfaces. Both the PA trust interfaces are going to connect downstream Core switch. Core switch is stack and we are thinking to configure port-channel and it both PA1 and PA2 trust inter...

PA-HA.png

Resolved! Export GlobalProtect MSI file

Is there a way to export a deactivated GlobalProtect client MSI installer from the firewall or download a version from the support website? A client also has a palo alto firewall, but is on a different client version than what I use internally. The global protect installer has been failing whenever there is an update, which may or may not have...

Resolved! Log export error

Hello All, I am facing issue to export traffic logs from the firewall in CSV format. getting the error "no jobs query found". Troubleshooting:-* Increased the CSV row number up to 1048576.* I can export URL filtering logs, security policy, NAT policy in CSV format.* Applied filter in traffic logs for 10 minutes but still getting the same error.*...

VSYS Migartion Query From DC5220 to ISP 5050

Spoiler (Highlight to read)Hi Team,I have below network ArchitectureUpstream Internet Firewalls PA 5050 Active/StandbyDownstream Datacenter Deployment 5220 Active/StandbyNow We have 2 VYS in DC 1 is Normal 2nd DMZ Vsys.Now i have to remove DMZ vsys to ISP can some guide how to remove vsys from datacenter 5220 to ISP 5050.ISP-PA5050-connected 5k ...

  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks