This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

Global Protect SSO with Pre-login using Certificate Issue

We are rolling out GP with SSO with Pre-login using certificates as of last week. The GP agents are connecting at pre-auth and subsequently doing SSO once the user signs in with cached credentials. After the weekend, we are having multiple users reporting they cannot login. We are seeing lots of events 'globalprotectportal-auth-fail' with desc...

Resolved! Block email attachment from specific domain

Hello experts, Is there any way in Palo Alto to block email attachments coming from specific domain?Lets say i want to block all email attachments which are coming from *@xyz.com. Is it possible?

Vikashh by L2 Linker
  • 8776 Views
  • 5 replies
  • 0 Likes

Globalprotect is greyed out on maOS Catalina

Globalprotect stopped working on user's Macbook. After reinstalling Globalprotect (version 4.0.5-8) on macOS Catalina in version 10.15.4, it is not possible to click on Connect, even the window for writing username and password is not displayed. All options in the application are grayed out. Please provide some solution. Anna Strupiechowska, IT ...

MicrosoftTeams-image (31).png

TLS Vulnerabilities.

Hi I am running Minemeld on Ubuntu 16.04 The server is starting to show up in Vulnerability Scans depsite updating Ubuntu. This is a list of the Vulnerbilties. TLS Server Supports TLS version 1.0 TLS Server Supports TLS version 1.1 Diffie-Hellman group smaller than 2048 bits TLS/SSL Birthday attacks on 64-bit block ciphers (SWEE...

Global Protect Gateway

Hi everybody, I'm getting through this issue: although we have 3 gateways configured in our portal, my GP client allways connect to the same one. How to deal with this client behavior?Tks in advance

Email Alerts for Reporting

How we can set up email Alert for report We have an O365 email environment that is based on Azure Cloud. looking for Email alerts for reporting and My Email ID has MFA for accessing the emails. Now I have applied my Email ID in the Palo Alto 3060 for report sending. after applying Email Profile and Attempt to test the Email-scheduler. An Error t...

Resolved! Keeping UID to IP address Associations Current - A.K.A. UID Refreshes / Timeouts / Confirmations

This is a question about how a firewall, FW, keeps IP to UID associations current/up-to-date in an environment where such associations might be changing every few seconds. A FW associates a UID with an internal IP address, e.g. 10.10.10.10, which has no UID associated with it. Let's say that I logon as ipj1965 from 10.10.10.10. The first time a ...

Resolved! forcefully logout all GP users from gateways

Hi Anyone, I'm trying to logout all GP VPN users forcefully logout from the gateway either doesn't logout users or no errors throwing on command as well >request global-protect-gateway client-logout gateway gp-gateway reason force-logout user * computer * Login & logout time is same before and after execute this commands. Please let me kn...

Karup by L1 Bithead
  • 11469 Views
  • 4 replies
  • 0 Likes

SSL Inbound Decryption and PA

Hi Everyone, Learned something new from you today.We are going to enable SSL decryption for Inbound traffic coming from Internet to our web servers.Need to know when does PA intercept the traffic coming form Internet to the web server which is hosting the website? During 3 way TCP handshake or when first Data packet comes? RegardsMP

MP18 by Cyber Elite
  • 3057 Views
  • 3 replies
  • 0 Likes

Eventid eq routed-OSPF-neighbor-down

PAN-OS - 8.1.12 Want to understand the below Massage and Why it occurs ?? >less mp-log routed.log 2020-04-15 09:28:05.296 +0400 TM_SPF: start full SPF calculation rid 172.16.80.162020-04-15 09:28:05.296 +0400 TM_SPF: Do the full SPF calculation rid 172.16.80.162020-04-15 09:28:05.296 +0400 TM_SPF: full routing calculation finished rid 172.16....

PAN GPA Service issue error - return error code = 10061.

PAN GPA is giving error , checking service on PC it reports stopped when I try to connect through agent. Tried to uninstall and install again , did not help. anyone faced same issue ? T14992) 04/17/20 08:50:44:186 Debug( 692): CAC, name is DigitalMediaDevices(T14992) 04/17/20 08:50:47:523 Info ( 246): InitWinConnection ...(T14992) 04/17/20 08:5...

Resolved! Configuration of Security Profiles

Hello, I have a question related to the actions that I can configure in Security Profile. Specifically, Vulnerability Protection. What happens if I set the action as "Alert"? Will it drop the connection? Or the connection will be permitted, and it just logs the traffic of the malicious action executed? Regards,

iscott by L2 Linker
  • 2691 Views
  • 1 replies
  • 0 Likes

Active/Passive vs. Active/Active

I am currently working on a network redesign project with all Cisco gear. Our network engineer is opting for a complete HSRP Active/Active environment. According to all deployment documentation, HA Active/Passive seems to be the preferred methed for the Palo Alto's. I see that the PA's do support A/A HA using VRRP, so I do not see a configuratio...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks