This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4468 Views
  • 0 replies
  • 0 Likes

Resolved! DNS Proxy feature

Hey guys, I've read about DNS proxy and how it works. My question is, what are the benefits of using DNS proxy on the firewall? This obviously gives the Palo insight into the DNS responses, but if the DNS traffic traverses the firewall it can snoop in on the DNS anyway. I don't see anything specific to DNS under logs to even show the DNS interac...

Global Protect // Multible post-vpn-connect scripts

After connecting with Global Protect I execute an post-vpn-connect script to mount the users network shares. I execute them in the context of the user.Unfortunately, I need to execute another post-vpn-connect script in the context of an admin. Does anybody know how to execute two different post-vpn-connect scripts with differet user contexts? R...

BHaaf by L0 Member
  • 4546 Views
  • 2 replies
  • 0 Likes

Mac computer GlobalProtect with Computer Cert How To

Below are the instructions that I have cobbled together to install GlobalProtect on a Mac and not have the system ask for authentication of an administrator at each connection. Full document with pictures is available on my GitHub.https://github.com/scriptingcaveman/PaloAlto-Documents The use case that led me to these directions is a non-admini...

Office 365 JSON-to-flatfile converter as EDL feeder

Hi PAN Community,How's everything going? I hope everyone is well and safe. I know there are plenty of MineMeld fans out there but just in case MineMeld deployment is an overkill for your organization and Office 365 security is a burning item in your task list, I thought I'd share a simple and elegant solution that has been running in my setup fo...

SFP Virtualwire on PA-820

Hi,I configure my device to virtualwire mode with sfp baseT transceiver but it wan't to work (they are red in GUI).When I change to Layer3 mode everything work corectly (change to green).In CLI I can see transceiver.Have you got similar problem or any advice what should I do?

KamWes by L1 Bithead
  • 3774 Views
  • 4 replies
  • 0 Likes

Global Protect Access routes

Hi,I have question for access routes. We have configured global protect and advertised only one access route however after connecting to global protect VPN, we can see multiple access routes in client machine. Is there any other criteria for access routes to be advertised?

gpandya by L1 Bithead
  • 8263 Views
  • 5 replies
  • 0 Likes

IPSEC VPN Phase 2 issue-Peer Checkpoint

I have 15 proxy-ids in the vpn tunnel whose peer is checkpoint firewall. Just one out of 15 usually remains really busy and lot of traffic get encap/decap on it. Remote users accessing resources within other 14 proxy-ids have absolutely no issues but they occasionally loose connectivity to those that are in the busiest proxy id and it recovers ...

Resolved! dedicated log collector setup and licensing

hi,I am preparing a new environment (my plan is for 2x management only + 2x log collector only) and have no experience with dedicated lot collectors yet. Please help me to clarify few things:- log collector for sure needs licenses, are they the same like for management only ?- can i stack log collectors to get more storage? If so, logs are load ...

PANORAMA COMMIT AND PUSH TO FIREWALL FAILS WITH ERROR

For the last few days, we have been trying to import firewalls into Panorama and have not been successful at it. Panorama firmware is 9.0.7Palo Alto firmware: 8.1.13 Description of issue: During the importing process, I was able to extract the configs from PA firewall onto the Panorama. However, when I tried to commit the configs back to PA fire...

Captive Portal SSO w/ Okta - "User Authenticated"

We've implemented Okta SAML SSO with our layer-3 Captive Portal redirect page for IP-User mapping. The solution works, but users are landing on a "User Authenticated" web page, rather than the website they originally browsed to. Users now have to re-browse to the website first landed on, or browsed to to access the site. I figured SAML SSO would...

2020-02-19 11_54_24-Program Manager.png

Firewall active sessions age

Does PAN OS has a feature to calculate session age for any active session ? In particular looking from SOC point of view if they want to monitor long time period active sessions used by attackers to compromise security. I am not looking for session timeout or reasons for that, but a life span of active session running.

PS007 by L2 Linker
  • 6309 Views
  • 6 replies
  • 0 Likes

Resolved! Paloalto NGFW file system integrity check??

hithis is jo. from S.Korea case(PA-3060 / PAN-OS 8.0.7)customer want to check'file system integrity check' when it occur.(monitor->system log)when the integrity log occur want to send to Syslogserver. test.I`d reboot Pa-220 and checked system log however I cant find any integrity log. Qustions1, how can I find integrity log?2. Integrity check...

HTTP response code logging

So PAN doesn't log HTTP response code, at least I do not seem to find one under URL Filtering logs, and if it doesn't, then how Palo could claim that it is the replacement of proxy?

rKarki by L1 Bithead
  • 6385 Views
  • 3 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks