This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Using Secure LDAP profiles

In March 2020 Microsoft will be releasing a Security Update which will disable the use of LDAP connections (cleartext over port 389) to/from Windows Servers - only LDAP Secure connections (default port 636) will be accepted by Windows Servers after the Microsoft Security Update has been applied. I assume we have to change PAN firewalls LDAP serv...

PS007 by L2 Linker
  • 3292 Views
  • 1 replies
  • 1 Likes

Resolved! Palo 5220 (8.1.6h2) Throughput

AllWe are pulling data from an a remote server to a SQL server, that sits behind the Palo, using SMB and FTP. The file size is 40G.ALL links between the 2 servers are verified at 10G.The transfer rate is being measured between 75MB and 120MB., apprx (1G)We tested this same type of transfer between servers behind the Palo and the rate was approx ...

mhs_coad by L0 Member
  • 2531 Views
  • 1 replies
  • 0 Likes

Netflow export into IPsec tunnel...

I'm trying to get netflow to export through a vpn tunnel on my PA-VM V9.1 firewall. My route and policy into the tunnel for the target collector is working because I can ping the collector through the tunnel. So I figure I need to change the default service route for netflow, but I'm unable to specify any of the dataplane interfaces/addresses ei...

megrez80 by L2 Linker
  • 6018 Views
  • 5 replies
  • 0 Likes

Layer 2 to Layer 3 Connection , but on same Subnet and IP range?

We have a PaloAlto PA220 at work what is used for telephony/SIP traffic that I set up several months ago. Upstream of the PaloAlto is a unmanaged L2 netgear switch what sits between the leased internet line, the PaloAlto , and a another non-PaloAlto firewall. I want to get rid of this unmanged L2 netgear switch and connect our other non-...

eveares by L1 Bithead
  • 13823 Views
  • 11 replies
  • 0 Likes

Troubleshooting GlobalProtect disconnects

I have a couple of users that say their active connections are suddenly disconnected. What is the best way to determnine the cause of the disconnection? Again this is an active session not a time out

jdprovine by L4 Transporter
  • 8660 Views
  • 3 replies
  • 1 Likes

Resolved! ZPA Minemeld feed from json source truncated to last record

Problem Summary: Trying to locally convey - as a feed - all subnet block ranges from https://ips.zscaler.net/zpa/json - but only getting the last presented. URL Being referenced: https://ips.zscaler.net/zpa/json Example Content: {"Cloud Name":"zscaler.net","Content":[{"IP Protocol":"TCP","Port":443,"Source":"Connector, Zscaler App","Domains":"*....

SSO authentication was solved through override, cause analysis request and Similars

Hi. I have a website that I access via sso authentication, but I can't connect through the firewall. After trying various things, I solved it through the override rule in the firewall The override policy cannot be removed at this time. I wonder why this is possible with an override. Does anyone have a similar case or guess? Tell me please.

jskang by L1 Bithead
  • 2456 Views
  • 1 replies
  • 0 Likes

Resolved! Captive Portal LDAP Authentication redundancy

Hello. I have a Captive Portal that uses next Authentication Profile:CP_AuthWhere:Authentication Sequence:CP_Auth - Auth_Mode_1, Auth_Mode_2Authentication Profile:Auth_Mode_1 - LDAP_1Auth_Mode_2 - LDAP_2LDAP Server Profile:LDAP_1: 10.10.1.101, 10.10.1.102LDAP_2: 10.10.2.103, 10.10.2.104 Base on our monitor logs, we noticed that all our authentic...

JuanAn by L1 Bithead
  • 5540 Views
  • 4 replies
  • 0 Likes

Resolved! Panorama IPsec tunnel to AWS

Need to create IPSec tunnel in Panorama hosted in Google Cloud that is managing our PAN-850 in customer datacenter to our cloud environment in AWS. FYI-we dont have Palo Alto in AWS.

Resolved! unsigned LDAP

Hi,As we know Microsoft is going to disable use of unsigned LDAP port 389 in March 2020.Fortunately I don't have LDAP profile on my PA firewall but I have Kerberos. Will there be any impact ? and do I have to change it ? Thank youKonrad

Resolved! CLI command for IPSEC tunnel info

Hello friends, I am looking for cli command to see all the details related to ipsec tunnels configured on the gateway. I need information related to tunnel id, peer ip and their status. Is there any command available ? I can see details under gui but i cant see tunnel id. Please help on this. Thank you.

Joshim by L1 Bithead
  • 47768 Views
  • 4 replies
  • 0 Likes

SSL test pages of urlfiltering.paloaltonetworks.com not blocked

Hi,If we test https://urlfiltering.paloaltonetworks.com/test-grayware there is no block page however if we test http://urlfiltering.paloaltonetworks.com/test-grayware we do get a block page. I cannot find urlfiltering.paloaltonetworks.com nor *.paloaltonetworks.com in a no ssl decryption profile nor the predefined exclusion list.In the traffic l...

tomdevos by L0 Member
  • 3299 Views
  • 1 replies
  • 0 Likes

Route between Subinterfaces with two VRs

Hello, I have a network with two WAN connections, i have assigned one of them for a vlan 10 and the other for vlan 20 using two VR and NATing also i created dhcp server for both vlan and for now every thing works fine, the problem is i can't access the resources in vlan 20 from vlan 10 and vise versa, what should i do also? should i create a sta...

Untitled.png

How to remove one BGP-RIB Out

Hi, We've configured BGP between Paloalto to Azure by using EBGP. The bgp is established but in RIB Out noticed that prefix 0.0.0.0/0 advertised to the peer respective azure. How to remove this, because due to this the users in bgp unable to access the internet. If I enable the "reject default route" option does this help? or cause any problem ...

bgp azure.JPG
bgp azure.JPG
bgp azure.JPG
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks