This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! Can you Exclude an address from your traffic search?

the following search string ( app eq dns ) and ( port.dst eq 53 ) and ( addr.dst in 8.8.8.8 )searches and displays all dns traffic using port 53 that has the destination ip of 8.8.8.8I would like to know if I can look at all dns traffic traveling on port 53 except the traffic going to 8.8.8.8

Global Protect on Mobile Devices : Certificate based Authentication - Managed by Intune

Hey Team, I am trying to setup GlobalProtect VPN on mobile devices (both IOS and Android). The requirement is to use client certificate authentication for the connectivity.The client Certificate are deployed to mobile devices via Microsoft Intune, While testing, I noticed if I connect to the portal address in the browser, the authentication is s...

Expedition migration tool steps

Hello all, I am planning to migrate our two checkpoint HA clusters (Active-Standby) with Palo Alto with the help of Migration tool. I never used migration tool ever. Can someone brief me steps to be followed for successful migration?

johnde by L2 Linker
  • 3683 Views
  • 1 replies
  • 0 Likes

Resolved! Configure WebGUI certificate from CLI (PanOS 9.0)

Dear all,lost access to the WebGUI.opaque: websrvr: Exited 4 times, waiting 1770 seconds to retry Before that I received another email from the firewall:opaque: Shared certificate xxx and corresponding key have expired.(OK, I know, my fault) So I suspect that this is the reason for the web server failing. All instructions I found so far talk abo...

high MP CPU load due to appweb3 process

PA-5020, sitting on 8.0.4.From time to time MP load increases rapadily due to appweb3 process going above 300%. Looking like this: There is no direct correlation found between the spikes and actions taken within the GUI. Spike may go on for a while - 20 minutes, 2 hours, 5 hours, etc. During that time GUI is still usable and everything is operat...

cpu-load.png
nikoo by L3 Networker
  • 9406 Views
  • 4 replies
  • 0 Likes

QOS Bandwidth Limitation Download & UPLOAD

I would like to understand bandwidth limitation steps on Internet download and upload Example - lets say i want to restrict steaming url category on download and upload 1. create QOS policy to map traffic going to inside to Internet youtube as Class 8 with DSCP marking2. Create QOS Profile with class 8 to egress max/guaranteed3. Apply QOS Inte...

kan0062 by L1 Bithead
  • 8133 Views
  • 1 replies
  • 0 Likes

Resolved! After Forward Trust certificate is renewed

After Forward Trust certificate is renewed is there a way to validate the renewed certificate is working correctly from either GUI or CLI?Device > Certificate Management > Certificates > Forward UNTrust Certificate

GP prompts for internal gw connectivity

Hi all, I've deployed a GlobalProtect installation solely for the purpose of User-ID. The GP agent connects to the internal portal/GW (one box) upon login with Kerberos SSO. However, when the internal gateway is not reachable (user has no network, user isn't on-prem), the GlobalProtect Agent notifies the user about this (no network / can't reach...

GP GW Prompt.png
Arne-VDH by L3 Networker
  • 9848 Views
  • 12 replies
  • 0 Likes

Resolved! API - Manage Users for VPN access

Hello Community, i'm currently planing a project which should be able to control the VPN user access via the API.It should be a simple tool where you just need to click a single button. The tool then activates or deactivates the user for that VPN via the API.How do i activate/deactivate local user on the PA with the API?I've already searched thr...

JustAGuy by L1 Bithead
  • 4562 Views
  • 3 replies
  • 0 Likes

Resolved! TCPDUMP execution

Hello, I have to do a TCPDUMP to test the communication of my Active Directory because a have a problem with the User-ID service. I have read the documentation and I don't understand when says that the TCPDUMP captures the traffic that traverses the MGT interface. So what happens with the traffic that traverses the data plane and not the manage...

iscott by L2 Linker
  • 3194 Views
  • 1 replies
  • 0 Likes

Resolved! Static Route Path Monitoring Clarification

Hi, Let's say a scenario where I have a default route configured to go out interface 2 with a Metric of 10 Then I have another static route to go out interface 3 with metric of 5. On this route I setup path monitoring to ping an ip address that is accessible to both interface 2 and interface 3. Does the static route path monitoring ensure that i...

Resolved! NCAA 2020 App-ID

Is there any timeframe for when the new NCAA app-id's released for March Madness? I found the 2017 app-is signatures, and a link for the 2018 signatures but was not able to access the files.

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks