General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

 

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

jforsythe by Community Team Member
  • 275 Views
  • 0 replies
  • 0 Likes

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 3600 Views
  • 2 replies
  • 14 Likes

QOS to a specific webpage/service for admin staff

Greetings

 

I awhile back asked the company that initially setup and installed my palo alto to set up a rule so that my admin staff will not have issues reaching a specific website. but i dont think they did it properly.

 

As a school of about a thousand

...

Clientless VPN Web Page redirection Issue

Hi all,

 

I published one of web service through clientless vpn (OS 8.0.13). After authentication Its not loding properly. I go through developer tool (F12) its given following screen.please help.

 

 

Thanks,

Lakshitha.

Bird.JPG

Forticlient connecting but no traffic goes through

Hello,

 

I am trying to use Forticlient to connect to a remote network outside our coporate network.

 

The connection is successfully established, it seems that the traffic is sent but no traffic gets received from the Forticlient.

 

 

Anything needs to be

...

Screen Shot 07-22-19 at 02.06 PM.PNG
AGAGroup by L1 Bithead
  • 5719 Views
  • 4 replies
  • 0 Likes

GP switch from 'pre-logon' user to 'logged in' user

Hi,

 

We have got global protect pre-logon set up and pretty much working now after quite a few issues.

We still have one issue, although the pre-logon user connects fine when starting the end device prior to logging on (says connected on the windows sc

...

GP Client on MACs does not always detect internal network

We have an issue that seems to be impacting our MAC users only.  They connect to an internal wireless network, but the GP client does not detect that they are on the internal network.  (We're using the always-on feature.)  We've reduced the timeout t

...

ktunkel by L0 Member
  • 2457 Views
  • 1 replies
  • 0 Likes

NAT Configuration to access Remote Desktop

Hi,

We need to configure an input rule to authorize an public IP address to access at one of our virtual machine on our subnet.

Concretely, I need to authorize public IP address 195.193.194.195 access directly to our virtual machine with the private IP

...

feelgood by L2 Linker
  • 12539 Views
  • 10 replies
  • 0 Likes

SSL Decrypt & Windows Updates

Hello,

 

I've been having a problem with Windows Updates when SSL Decrypt is turned on and I'm wondering if anyone else had to add these "new" Microsoft URL's to the decryption exclusion list. My firewall is on version 8.0.3 and my Windows version is W

...

kalakai by L2 Linker
  • 7336 Views
  • 3 replies
  • 5 Likes

PA is dropping SYN packet with ECN and CWR

Hi Team, @reaper , @BPry 

 

Recently I have come across a scenario that palo alto was dropping TCP SYN packets which have ECN and CWR bits set. upon checking the global counter, i have seen that the drop reason was 'process owner message err, no predic

...

Resolved! Agentless User-ID - change password

Hi 2 all

 

We have working Agentless User-ID and User-Based and Group-Based Policy

Special AD-account, "pauser" have necessary permissions.

 

I found, what its login and password is configured in 

Device > User Identification > User Mapping > WMI Autentica

...

aaobuhov by L2 Linker
  • 2909 Views
  • 1 replies
  • 0 Likes

Anti-Spam list for EDL

Hello.

 

A customer would like to add smo more anti-spam features to a Palo Alto FW setup and is intersted in using EDLs in connection with publicly available anti-spam lists. Anyone knows a good and free anyti-spam list I could use for that? I've chec

...

santonic by L6 Presenter
  • 4261 Views
  • 2 replies
  • 0 Likes

Resolved! Setting up a NAT pool with a PAT address for any spillover

We migrated from Cisco ASAs to PAN-3020 devices and I'm curious whether a feature from my ASAs exists in the PAN world. On our ASAs, we could create a pool of dynamic NAT addresses that would be matched 1-for-1 with inside hosts going to the Internet

...

LorenzoM by L1 Bithead
  • 5170 Views
  • 2 replies
  • 0 Likes

Remote Access on passive node of firewall ha cluster

Hello all,

 

I am currently configuring an HA cluster (active / passive) with the following configuration:

 

Primary (active) box: PA-820
ethernet1 / 1: 1.1.1.1/29 (external interface)
ethernet1 / 2: 192.168.0.1/24 (internal interface)
MGMT: 192.168.50.251/

...

  • 24175 Posts
  • 100 Subscriptions
Top Liked Authors
Labels