This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Temporary disable Miner / Malwaredomainlist offline

Hello! Does anybody know how to temporary disabel a miner without deleting it from config ? Problem is, that currently www.malwaredomainlist.com gets resolved to 127.0.0.1 and the miner alerts in the log files with basepoller._poll ERROR: Exception in polling loop for Malwaredomain_IPs: HTTPSConnectionPool(host=www.malwaredomainlist.com, por...

HA sync option not showing in Panorama

Hi Team, I import the configurations from managed device to panorama then export to managed devices of our A/P firewalls. everything went well. but when I see the summary on panorama passive device template showing as in sync but active device template disappear. PFA below for your reference,

Resolved! Managing Windows Services

Ok, so this may be a stupid question, but I have a server that has a web service running under a domain\webservice account. I want to define a security policy for the service, but the firewall does not consistently get the correct user. After a reboot the user is right, but if I sign on to the box the user becomes me instead. I have tried the...

Pre-Logon Issue

Hi Team, I have configure the Pre-Logon but it's not working (T5208) 10/26/20 14:04:11:874 Debug(9110): SSO password is empty(T5208) 10/26/20 14:04:11:874 Debug(2462): m_preUsername pre-logon(T5208) 10/26/20 14:04:11:874 Debug(9070): Password is empty.(T5208) 10/26/20 14:04:11:874 Debug(2483): CheckCachedPortalForPrelogon 0, PrelogonNeedTimeout...

user based policy not working even if the log shows correct username.

Hi Team, I am facing an intermittent issue as follows.- I have a policy based on the username in domain\username format (Domain in NetBIOS name).I can see sometimes user traffic is not hitting this policy, but the traffic log shows with the correct username (domain\username - hope this eliminates the chance of domain normalization issue).-As the...

Split tunneling issue for office 365 applications

Recently enabled split tunneling for our Global protect VPN, and have added some domains into the split tunnel. For some users domain split tunneling doesn't work. The domains configured to be included in the split tunnel are as follows *autologon.microsoftazuread-sso.com*enterpriseregistration.windows.net*.microsoftonline.com We are trying to a...

Resolved! Upgrading heavily used PaloAlto Firewalls

Hi, I am about upgrade some PaloAlto firewalls with 10s of Vsys but wondering what would be a good report to generate to identify traffic flows for pre and post checks as well as identifying impact to services. any help will be appreciated. Regards,

qasim02 by L2 Linker
  • 6730 Views
  • 6 replies
  • 0 Likes

Resolved! GlobalProtect Max tunnel count ?

HiI'm doing a global protection test.And we created the External Gateway and the Internal Gateway.And for the Internal Gateway, we didn't set up the Tunnel.If so, wouldn't it count to the Globalprotect Max tunnel provided by the equipment?In case of External Gateway, I think it will be applied to the count because it uses Tunnel.However, I don't...

Several subnetworks through the tunnel between Palo Alto and Mikrotik

Site 2 site allows only two networks to be pulled inside the tunnel (one of them behind the mikrotik and the other one behind the palo alto).I’ve tried different settings and it doesn't help.Has anyone had experience building a tunnel between them based on GRE tunnel over IPsec?Several subnetworks need to be passed through the tunnel.

melnikov by L1 Bithead
  • 7847 Views
  • 7 replies
  • 0 Likes

Error while checking Dynamic Updates on Panorama 10.0.1

Hi, Panorama can reach out internet but when checking the updates we are getting a message says "Error while trying to read upgrade info. Please try again later". I did follow https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkuCAC , and it seems everything is fine on panorama. Is there anything else I need to verify? ...

Ludolfo by L1 Bithead
  • 3328 Views
  • 1 replies
  • 0 Likes

Use URL filtering and Regional blocks

We block Regions at the moment, so traffic going to Russian IPs are dropped. But lets say that I now need to allow a specific URL to be allowed to Russia. If I make a rule above our block rule that has a custom URL category associated with it and define HTTPS as the service. Will that now force layer 7 inspection on all of that traffic? Or was i...

Resolved! Can't find user for security policy rule

Having a bit of an issue but can't seem to pinpoint the solution.. When I go to add a security policy rule, under user, i cannot find specific users. However, when I go to the traffic monitor tab, I can see the user mapping is working from the User-ID agent, since I can find those same users there. Not tied to a specific firewall as I'm not ...

MikeC by L3 Networker
  • 5400 Views
  • 4 replies
  • 0 Likes

Resolved! No serial no or Auth Code on VM

Hello All, I want to create support account to license my palo alto vm. But while registering it is asking for Device Serial no or Auth Code and Sales Order no or Customer ID, wheareas i dont have any of these. My PA VM does not show serial no. Snap attached . I downloaded authorization code from PA FW but that is uuid & cpuid. How can i cr...

SSL inbound inspection not working for SMTP

I'm running PANOS 10.0.2SSL inbound inspection for a web server is working but for a seperate SMTP server it is not.Both use the same certificate.Both use the same cipher suites.Two seperate decryption rules wihich are clones of each other, only the public destination IP-adress is different.Both use the same decryption profile.The SMTP server re...

Han.Valk by L2 Linker
  • 3345 Views
  • 1 replies
  • 0 Likes

HTTPS to HTTP Redirect

HI Team, Is it possible to redirect the traffic from HTTPS to HTTP. As my webserver is using HTTP. We outside user connect it's https://abc.com it's should be redirect to http://abc.com. Please advice

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks