This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4243 Views
  • 0 replies
  • 0 Likes

Resolved! GlobalProtect App Dynamic Configuration misses information for 'show-system-tray-notifications'

Hi!Got a bit of a puzzling issue: This morning was committing a change when I got this mysterious error :-"GlobalProtect App Dynamic Configuration misses information for 'show-system-tray-notifications'"... repeated for each of the GlobalProtect portal agent configurations (six across two portals). None of the changes I've made recently go anywh...

Resolved! ipsec question

Hi So i have my public interface ae1.10I attached a ikev2 interface to that and attach it to tunnel.50 no the other side of the ipsec tunnel are providing 192.168.10.0/24 and I am providing 192.168.250.0/24 do I have to place a static route in the v_router saying 192.168.10.0/24 via tunnel.50how do i do that if I haven't applied a ip address to ...

Resolved! HA config sync

Hi guys, I wanna know the Comment column under Network---Interface tab synchronizes when PA is set up as Active- Passive HA?I assumed it wont, and made some changes in comments coloumn and later found out it got synced. I referred the PA document:https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/high-availability/reference-ha-synchroniza...

Seeing these errors in my log pan_packet_diag.log

Hi seems to be filling up my log file ? I have no idea 2020-07-04 12:09:26.595 +1000 Error: pan_cfg_url_policy_need_hdr_insrt_log(pan_cfg_url_policy.c:274): url_profile (nil), cfg available: 12020-07-04 12:09:26.595 +1000 Error: pan_cfg_url_policy_need_hdr_insrt_log(pan_cfg_url_policy.c:274): url_profile (nil), cfg available: 12020-07-04 12:09...

Duo and Palo don't challenge when user connect immediately after disconnect

We have Duo access gateway integrated with Global protect.It works most as per expected. However there is a small issue.When the client machine reboot , the user will go through the entire process to login the global protect. E.g1. 1. They clicked the connect button on the Global Protect Client2. 2. Then they wait until the Duo Windo...

Captive portal browser challenge issue

Hi team, While trying to deploy Kerberos SSO for enduser authentication I came up to the following issue with the captive portal (browser challenge). When an end user logged in a windows (part of the domain) tries to connect to "http://neverssl.com" for example here is what's happens on the wire :1/ The browser send a request to neverssl.com2/ ...

Capture.JPG
Capture.JPG

Resolved! OCSP Responder with Self-Signed Certificate

Following https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIzCAK, I created an OCSP responded. When creating the user certificates, for signed by I tried both the Root and Intermediate certificate. I allowed HTTP_OCSP on both device->setup->Interfaces->Management as well as Network->Interfaces->Network...

Capture.PNG

Resolved! GlobalProtect DNS issues in Windows after disconnect

I am using GlobalProtect 5.09 with PanOS 9.0.7. While using dual monitors with a split-tunnel VPN, I find that when VPN disconnects dns resolution is still trying to use internal dns servers. I am forced to reboot my desktop at home multiple times per day when using remote desktop with two monitors, or to use rdp on a single monitor. The dual m...

SSL decryption on PA incase the SSL termintated on WAF

We have a website hosted behind WAF and Firewall (Palo Alto). The WAF already has the server valid SSL Certificate from public CA. Do we need to install SSL certificate (decryption ) on PA Firewall also for inbound traffic to make it more secure ?

msalhi by L0 Member
  • 3910 Views
  • 3 replies
  • 0 Likes

Can Use Okta SAML for GP- "Prelogon Then On-Demand" connection method

Hi Team, We tried to implement the OKTA SAML authentication method for GP in our organization. Does Global Protect - "Prelogon Then On-Demand" connection method supports Okta SAML for authentication (MFA).? If not what is a recommended GP connection method to use Okta SAML authentication. Could you please help us here! I tried all resources I di...

Resolved! PA 7k LACP over Multiple NPC

Hi, I'm curious to know if it is possible to configure an AE Group of interfaces in a PA 7000 series appliances with interfaces accross multiple NPC's? This just seems to me to be the most logical way to load share on the platform with multiple NPC's, assuming its supported. Thanks

Custom Application Signature

HelloFor the same application, I have several links and ports (https://application.intra.mydomin.corp:8530/toto, https://application.intra.mydomin.corp:8130/titi, https://application.mydomin.corp:8530/toto,..) and I would like to create a rule and specify the application and not a rule based on the protocol. How I can create a custom applicatio...

public ip addresses and link address /30

Hi, I have a question regarding public interface configuration. ISP gave me /30 link network address space and /28 public IP address pool. Can you suggest me best way to configure this public address on PA. Should I use virtual wire, loopback interface or can I assign /28 address pool as VLAN on interface.Thank you for replay

patux80 by L0 Member
  • 3500 Views
  • 1 replies
  • 0 Likes

Authentication Bypass in SAML Authentication.

Dear Support Team, Please do us favour to update Security appliance Palo Alto with latest signature which help to prevent from latest vulnerability Authentication Bypass in SAML Authentication. Patch requirement for CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication RegardsKarthikeyan Balamurugan

Incomplete ARP when deployed in Azure

Hello, I deployed NGFW 8.1 using Terraform (v0.11.36) in Azure. It provisions VM and all the resources like resource group, VNet, subnet, IP's etc., But the only problem is with the UnTrust(eth1/1) NIC as it complains 'Incomplete ARP even after configuring the Interfaces and the static routes in Virtual router page. I only get this problem when ...

  • 24359 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks