This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Custom Miner commit error : Unknown Node Class : minemeld.ft.azure.AzureChinaJSON in Azure-China-Min

Hello, I am trying to create a custom miner for Azure China feed. I have successfully tested it in one of the servers, but it doesn't let me commit when I create a Miner.Already applied the solution from https://live.paloaltonetworks.com/t5/MineMeld-Discussions/how-to-write-a-simple-miner-documentation/td-p/156793Below are the steps I followed:1...

Global Protect 8.1 - Building Clientless VPN but stuck on DNS-Proxy Setup

I am starting to build a clientless vpn setup, but I am getting errors when building a DNS Proxy and DNS Server Profile. I get this error msg. I tried ethernet, tunnels and loopback interfaces and they all failed. I tried following the instructions but i get the same error message. Does it matter if use the a loopback or tunnel interface? all of...

Resolved! Apple MACs and Global Protect VPN identification?

How are you identifying Apple Mac devices/making sure they are part of your organization before letting them connect through Global Protect? We have an MDM - that joins our MACs, but the User ID-MDM integration is proving to be a bit more difficult than I had plannned. Are most of you using a certificate that is exported to a machine, and or...

Sec101 by L4 Transporter
  • 4508 Views
  • 2 replies
  • 0 Likes

UDP Sessions Discarded (DUO timeouts)

Anyone experience any issues with 2FA timing out occasionally. For example, we have a weird situation where the 2FA integrated with DUO is working fine but after a week or two suddenly all users stop getting the push notification. Looking at the PAN logs, we see a discarded session and as soon as we clear that up, everything starts to work norma...

saadm204 by L0 Member
  • 2787 Views
  • 1 replies
  • 0 Likes

SSL Decryption: SHA1-Intermediate certificate gets decrypted, even if not allowed to

Hi paloalto community, I tested my new ssl decryption rules against the badssl dashboard ( https://badssl.com/dashboard/ ).So far it looks good. Unfortunately the check for sha1-intermediate doesn’t pass. Our PA-850 (Firmware 9.0.5) does create a secure connection to this site for the client ( https://sha1-intermediate.badssl.com/ ), even I conf...

2019-12-30 14_17_20-pa-1.png
2019-12-30 14_17_08-pa-1.png
2019-12-30 14_16_37-pa-1.png
mrkskhn by L1 Bithead
  • 6744 Views
  • 4 replies
  • 0 Likes

Resolved! How to block malware getting executed?.

I would like to block malware files. On my gateway firewall, what filetypes should I block? . If I block only exe/DLL files getting dowloaded, will it help to avoid final malware getting executed ? What I would like to understand is, even if I allow communication with Command and Control (C2) servers, if I block executable/dll files, will it re...

Raja3000 by L0 Member
  • 6069 Views
  • 5 replies
  • 0 Likes

what do we exactly mean by threat prevention throughput of firewall ?

Hi Experts,I am always in doubt when someone asks how much PA 220 can support as far as throughput is concerned.In datasheet there are 2 throughput , firewall throughput ( 560 Mbps) and threat prevention throughput ( 260mbps).Customer has line of 2 active links 80mbps each ( 80*2 =160 ). Someone please explain what is exactly threat prevention ...

Palo Alto Support Going down hill

Is it just me or is Palo Alto Phone support going down hill. It use to be when you called within 15 min you had a tech but over the last 2 years its getting worst to get a human on the phone and opening a ticket online is no better. I opened a ticket as a Sev 2 and got a is this issue resolved request from the tech with 0 Troubleshooting from th...

Resolved! Routing by country/region.

Ok, Palo Gurus - I'm fairly new to the platform, but learning as quickly as I can. As best I can tell, although Palo maintains lists of IP ranges associated with countries - "Regions" (Great!), these can only be referenced in security policies (Stupid.) I tried referencing Regions both in the Static routing section of the Virtual Router (nope) ...

Decryption changes v9.0.4

We upgraded the firewall to v9.0.4 from 8.1.11h2 this weekend and came in to our hosted exchange / outlook profiles failing to load. I added the mail host server in the do not decrypt policy and a percentage of the users reported services normal. It was not until I disabled decryption completely until the entire network started working consisten...

Millette by L1 Bithead
  • 3225 Views
  • 1 replies
  • 1 Likes

Zone mapping in SDWAN

I find this document below hard to follow or understand. Can someone explain it to me in simpler terms? For example, suppose I have the following zones already: Trust, Untrust, VPN. What would this map to in SDWAN? What is zone-internal? Is that Trust? Where exactly is that used by SDWAN? https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin...

BBartik by L2 Linker
  • 4449 Views
  • 2 replies
  • 0 Likes

Resolved! Configure Global Protect with username and password

Hi, I'm installing Global Protect on multiple windows devices that they are sharing the same username and password to authenticate with Global Protect.I'm trying to configure Global Protect client to add username and password to authenticate during the silent installation. Which means to add the username and password with command after or during...

xsuper23 by L0 Member
  • 9491 Views
  • 1 replies
  • 0 Likes

Wildfire statistics

Hi, I have a question related to Wildfire: We need wildfire statistics during the year 2019, inspected files, files with malware, files with grayware and files with pishing. Is there any way to collect this info? from PA or wildfire web? I can not find it 😞

BigPalo by L4 Transporter
  • 2400 Views
  • 1 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks