This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4139 Views
  • 0 replies
  • 0 Likes

Resolved! TLS 1.3 Downgrade Detected error - PAN-OS 9.0.9

Hello Everyone,I am running PAN-OS 9.0.9 on my PA-3020. When enabling SSL forward proxy and try to access google.com, I get the tls13_downgradedetected error on chrome. I get the same problem even when using other browsers but different error description. When I first applied the SSL forward proxy configuration, I was running PAN-OS 8.1.3. So I...

PaloAlto VM Tools VIX_E_TOOLS_NOT_RUNNING using PowerCLI to Invoke-VMScript

Trying to configure my PaloAlto Firewall (PA-VM-ESX-9.0.0) using PowerCLI scripting, no issue creating & deploying VM, setting up PortGroups, and starting PA VM. Needing to perform IP configuration scripting to complete the setup of the PA VM, so just trying to test a very simple script = 'show system info' against the PA VM. Looking at th...

wilgus by L0 Member
  • 3890 Views
  • 1 replies
  • 0 Likes

Resolved! Shadow Rule Warning

Hi, Recently I upgrades my firewall from PANOS 8.0.10 to 8.0.17. The upgrade went fine. However, after making a small configuration change (adding a new address object), my commit showed a Shadow Rule warning. The warning is associated with a rule that I have that is designed to Deny traffic from ANY zone and ANY application whose destinatio...

C&C threat from outside 45.9.148.91 similar Shodan Malware hunter ?

Hi Live community,recently when investigating a false positive C&C threat blocked from "shodan malware hunter" I was pleased to see others had posted into this community about this. In the past 24 hrs we have 2 SIEM alerts for C&C outside to publically presented hosts from 45.9.148.91. Anyone else seeing this behaviour ?PAN did reset bot...

Palo Alto Virtual Firewall

Dear Friend, Can you anybody advice me on palo alto multi vsys capability issues and currently contests of this technology? If one virtual instance compromise how we can make sure it not impact to other vsys ? How multi vsys behaviour on privileged escalation type attack or buffer overflow? Will palo alto guarantee about this possibilities? Ple...

Resolved! Region-to-IP mappings

We have noticed wrong region mappings for ABC 3G public range that is detected on Palo Alto as Armenia country.Please advise on how to update/fix the mappings dynamically through updates. Although IP belongs to Iraq on public databasesContent updates are working normally

Mohammed_Yasin_0-1594044009119.png
Public.jpg
GEO.jpg
Update.jpg

Resolved! GlobalProtect App Dynamic Configuration misses information for 'show-system-tray-notifications'

Hi!Got a bit of a puzzling issue: This morning was committing a change when I got this mysterious error :-"GlobalProtect App Dynamic Configuration misses information for 'show-system-tray-notifications'"... repeated for each of the GlobalProtect portal agent configurations (six across two portals). None of the changes I've made recently go anywh...

Resolved! ipsec question

Hi So i have my public interface ae1.10I attached a ikev2 interface to that and attach it to tunnel.50 no the other side of the ipsec tunnel are providing 192.168.10.0/24 and I am providing 192.168.250.0/24 do I have to place a static route in the v_router saying 192.168.10.0/24 via tunnel.50how do i do that if I haven't applied a ip address to ...

Resolved! HA config sync

Hi guys, I wanna know the Comment column under Network---Interface tab synchronizes when PA is set up as Active- Passive HA?I assumed it wont, and made some changes in comments coloumn and later found out it got synced. I referred the PA document:https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/high-availability/reference-ha-synchroniza...

Seeing these errors in my log pan_packet_diag.log

Hi seems to be filling up my log file ? I have no idea 2020-07-04 12:09:26.595 +1000 Error: pan_cfg_url_policy_need_hdr_insrt_log(pan_cfg_url_policy.c:274): url_profile (nil), cfg available: 12020-07-04 12:09:26.595 +1000 Error: pan_cfg_url_policy_need_hdr_insrt_log(pan_cfg_url_policy.c:274): url_profile (nil), cfg available: 12020-07-04 12:09...

Duo and Palo don't challenge when user connect immediately after disconnect

We have Duo access gateway integrated with Global protect.It works most as per expected. However there is a small issue.When the client machine reboot , the user will go through the entire process to login the global protect. E.g1. 1. They clicked the connect button on the Global Protect Client2. 2. Then they wait until the Duo Windo...

Captive portal browser challenge issue

Hi team, While trying to deploy Kerberos SSO for enduser authentication I came up to the following issue with the captive portal (browser challenge). When an end user logged in a windows (part of the domain) tries to connect to "http://neverssl.com" for example here is what's happens on the wire :1/ The browser send a request to neverssl.com2/ ...

Capture.JPG
Capture.JPG

Resolved! OCSP Responder with Self-Signed Certificate

Following https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIzCAK, I created an OCSP responded. When creating the user certificates, for signed by I tried both the Root and Intermediate certificate. I allowed HTTP_OCSP on both device->setup->Interfaces->Management as well as Network->Interfaces->Network...

Capture.PNG
  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks