This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4129 Views
  • 0 replies
  • 0 Likes

HIP Checks for Browser Version

I have a customer that would like to limit GP authentication based upon browser version running on the clients. They would like to collect all browser versions and then start blocking connections from clients below minimum settings. Trying to figure out how to do this but not seeing any straightforward method to collect all web browser versions...

Panorama Task Manager History

Does anyone know how far back the task manager log should be in Panorama? I am seeing ~60 entries that go back only about 1 day in the GUI. The show jobs all command shows even less history. Chris

How to safely allow downloading files from AWS CDN

Hello communities, I am having problem and need to have your advice. Currently, downloading files is not allowed in our network. However, there is a business requirement to allow download some report files (pdf, exel, word...) from a website which is hosted on AWS. There is not hard to controll website accessing using websites' FQDN but when the...

tienngo by L2 Linker
  • 3220 Views
  • 1 replies
  • 0 Likes

Resolved! Panorama upgrade failed

Hi All, I'm currently running a virtual panorama 8.1.x , trying to upgrade to 9.0.10. The upgrade failed with below error. Panorama is currently in legacy mode. The system disk is 50GB, there is also an additional 500GB disk. 4vCPU and 16GB of ram. I believe my issue the system disk is too small. I'm aware of this link to migrate the syst...

MikeC by L3 Networker
  • 4700 Views
  • 2 replies
  • 0 Likes

Global Protect Portal responding to Radius challenge

I have setup the Global Protect Portal to authenticate with a Radius server. I can see that it's working after submitting a correct username/password combination, but when the Radius server sends back a challenge for the user to enter a PIN for 2FA, upon entering the PIN the global protect portal does not seem to send the request back to the Rad...

PA-220 radius authentication for management

Hi All, I am trying to configure my PA-220's with Radius Authentication for management access am having some issues around the configuration.The PA-220's are running PAN-OS 10.01.I have created an Admin Role, Authentication Profile and a Radius Server Profile.I have created a Radius Client and Network Policy using the Vendor Specific 25461 attri...

Scott64 by L1 Bithead
  • 2141 Views
  • 1 replies
  • 0 Likes

GP is unable to Sign In IPhone when Connect on Demand Option is Enabled.

Hi Team, I have an issue that, When the Global Protect App is installed on an IPhone / IPad. We are unable to Sign-In / Connect to VPN if the "Connect to On Demand" option is in Enable state. If we disable that option and then tried to Sign In / Connect the VPN we are able to connect. Just want to know the reason behind this why it is connecting...

SahulH_1-1601901920037.png
SahulH by L3 Networker
  • 2313 Views
  • 1 replies
  • 0 Likes

Resolved! Stupid question time........

Let's say I have an objected named "Pizza" with an ip of 10.10.10.10/32 and it is in use on a security rule.I create another object named "Pizza1" with an ip of 0.10.10.10/32 and use it in a different security rule. Could that create a problem with the first rule assuming different let's say destinations or APP-ID/Ports?

Integrating Minemeld Taxi with Cisco ESA

Hi All, I am trying to set-up Taxii output in Minemeld with Cisco ESA and I am receiving below error. The Warning message is: THREAT_FEEDS: Unable to fetch the observables from the source: CofenseTaxiiMinemeld after 3 failed attempts. Reason for failure: Taxii Error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)...

Inbound SSL decryption troubleshooting on PANOS 9

I am trying to configure URL filtering on an internal SSL web host and having problems. I've found multiple videos and articles on both URL filtering and inbound SSL decryption but I cannot get it to work. I've taken a step back and am just trying to verify the SSL decryption is working. I have uploaded the SSL cert (PKCS12 format) no problem...

acravens by L0 Member
  • 4533 Views
  • 3 replies
  • 0 Likes

PA220 HA shutdown problem

Hello, I have an active/passive PA220 cluster which unfortunately had a shutdown and now I want to find out what exactly the reason was.At Monitor -> System: HA Group 1: Dataplane is down: dataplane exit failureHA Group 1: Moved from state Active to state Non-Functional HA Group 1: HA heartbeat backup information has been used for HA state ch...

PA500 Restart Reason Log

I am trying to determine why a PA500 firewall was rebooted...i ran this command: tail mp-log masterd.log and got the below. I couldn't find any references for the restart reasons. How do i know if there was a power outage? Thoughts? 2018-11-28 13:37:13.158 -0500 INFO: l3svc: received user restart2018-11-28 13:37:13.172 -0500 INFO: l3svc: User re...

Expedition Tool Cisco to PA

I am having an Existing setup of cisco where all my ISP are terminated which is a standlalone device ,now migrating to PA 3220 with HA,but over here my ISP will be terminated on switch and from switch one cable to PA 3220 will be going...how do i migrate interfaces of all ISP(Approx 5) to Palo Alto(1).How do i do remap,in this case,will i need t...

Swetang by L1 Bithead
  • 2151 Views
  • 1 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks