This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Global Protect new Linux UI

I have the GP Linux CLI client working without any issues, however I wanted to test the UI client that just came out (5.1.0) Does anyone know how to actually use this? The PAN documentation has not been updated to mention this new version or the Linux UI yet. Installing it goes fine but I do not see anything installed to my desktop and when atte...

hshawn by L4 Transporter
  • 40957 Views
  • 18 replies
  • 0 Likes

Getting PAN FW logs to Azure Sentinel

I'm currently sending FW logs to Azure Sentinel, via syslog over SSL to an r-syslog server with the Azure agent on the syslog server forwarding logs to Sentinel. I followed the documentation, format is BSD header with custom CEF format for the logs added. Using local4 facility on PA side as well as r-syslog server. Logs are getting in, but they ...

threat log.JPG

Microsoft Direct Access - is user Identification possible?

Hi,We have user identification working nicely using user ID agents on a few of our active directory domain members.I've been looking at MS Direct Access (and formerly UAG) and it seems that a DA implementation would show all connected users as having the same source IP address and therefore user ID. (The private IP address of the DA server.)Do P...

Palo alto not blocking a URL

Hi All, I hope all are doing well. I am trying to block a URL on palo alto firewall using custom URL category but firewall is not blocking the traffic and its passing through allow SSL/Web-browsing rule just below it. This is the rule i created: Rule 4 is allow rule to access websites, whereas rule 2 is used to block the URL - https://natboard.e...

Ankurdatta_0-1594630363624.png
Ankurdatta_1-1594630694984.png

GP password expiry error

Some of our users are getting password expiring msg when they are connecting via GP but when we checked their ldap accounts the password is set to never expire.PANOS version is 8.16-h2 and Global Protect Agent is 4.1.10 is there is bug.Please suggest

Joshan_Lakhani_0-1594884592222.png

Site disconnect and backup issue

we get a lot of site disconnects and backup reports that are constantly in a state of being disconnected this will effect performance as the connection gets closed. please advice. thanks

Resolved! Command to Not Display Names in the CLI?

In the Cisco ASA at the CLI there is a command to not display names but their IP addresses: no names.Is there a similar command in PAN-OS; I'm using v 8.1.13? My goal is to list/export NAT policies without names as the individuals who will review this will recognize IP addresses.Thanks for any help. Jeff

TCP-RST-FROM-CLIENT

Hi, I have allowed a FTP session. However, the FTP session does not connect. When I search the logs, the traffic is allow however the session end reason is tcp-rst-from-client. Please advice. Thks and Rgds

AhDon79 by L0 Member
  • 43631 Views
  • 14 replies
  • 1 Likes

global resource counter appid_post_pkt_queued

Hello,someone know what means this counter increasing?appid_post_pkt_queued 4294967293 826432036 info appid resource The total trailing packets queued in AIE and this?dfa_sw 4415 849 info dfa pktproc The total number of dfa match using softwareaho_sw 4410 848 info aho ...

Marivi by L2 Linker
  • 4040 Views
  • 1 replies
  • 0 Likes

any solution to keep tracking user IP mapping?

One of my customer is requesting me to track user IP address when he move from his desk to meeting room, and vice versa.He carries his laptop, he use same ID account on AD, but his IP address will be changed when he moves around. I know he needs to generate EVENT LOG on AD to pick up the latest info by UIA, but I have no idea how to...Does he ne...

emr_1 by L5 Sessionator
  • 8691 Views
  • 3 replies
  • 0 Likes

Resolved! What can I do with a Global proect subscription?

(posted this in the global protect forum, but this seems to get more traffic, and maybe more suggestions, so I moved it here) So I'm about due to retire my old 3050's and upgrade to 3250's - and this time I've convinced management to buy me the global protect subscription by pointing out that the changes in the way it operates after software ver...

darren_g by L4 Transporter
  • 5755 Views
  • 6 replies
  • 0 Likes

Refund request for VM-Series Next-Generation Firewall Bundle 2

I have used VM-Series Next-Generation Firewall Bundle 2 (sold by Palo Alto Networks Inc.) in AWS for learning purposes. But it charged me $1,887.32 that I can't afford. In the beginning, When I use these services, the web tells me these are free services for 1 year .and not tell me the VM-Series Next-Generation Firewall Bundle 2 has 15 days-tria...

ZiZiHo by L0 Member
  • 2476 Views
  • 2 replies
  • 0 Likes

Computers in remote clinic need to communicate with on prem server

We have just brought some remote clinics online. We have a point-to-point between our PA5520 at the main hospital and a PA820 at our remote site. We're routing between P2P with static routing at the moment. Data/Voice is working, as the VLANs are on the remote site switches themselves. However, we've been asked to get another VLAN working that i...

Downtown_remoteclincs.jpg
lsaintig by L0 Member
  • 2864 Views
  • 1 replies
  • 0 Likes

traffic segmenation affect app-id

Hi So I am working through a ssl decrypt issue with PA support. I am being told that because the stream is being segmented - so not coming as 1500mtu packets. the PA can't work out what the stream is. The implication is that app-id doesn't work properly unless you have full 1500mtu packets. I thnk my SE is agreeing - not 100% sure. I am a bit lo...

Hardware Problems in PA 3220

I had similar problems in 4 firewall pa 3220 in which I could not even enter maintenance mode to take it to the factory reset mode and I had to send them via RMA to the 4 firewalls for their change. Someone had a similar problem , to me a lot of attention that firewalls with very good MTBF have this type of problem if someone knows something...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks