This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4230 Views
  • 0 replies
  • 0 Likes

unable to create a global protect VPN connection while carrier using Dual stack lite

We are receiving many reports about extremely slow and unstable GlobalProtect connections with some internet providers in Marburg .The providers don’t provide native IPv4 addresses in consumer tariffs, IPv4 packets are tunneled via carrier-grade NAT (Dual Stack lite). This causes packet fragmentation. End user are unable to connect to VPN or if ...

Remove feed entries from old (deleted) feed

I was receiving feed information from the Zeus tracker miners which was discontinued earlier this year. I removed the miners and deleted them from the aggregators, but the data is still in the feeds. How do I remove/expire the data? Attached a screen shot of one of the data entries in the feed. Thanks! Mike

deanm by L2 Linker
  • 4827 Views
  • 1 replies
  • 2 Likes

Log Parsing

Hi team, i am sending the firewall logs to a kibana for log analytic purpose and i ran into a minor issue i can not find a good working grok parsing for the logs that will actually work. any chances any one here done that and can help me with it ? Bets Regards,Alex.

TAP in environments with asynchronous routing

We have a situation where we can't get all the mirrored traffic to the same interface. But as it's asynchronour souting nevironment a packet can be mirrored to one interface and the reply to the other. So we need to connect 2 PA TAP interfaces to capture whole sessions. The question is will PA match the packets into same session if we put both i...

santonic by L6 Presenter
  • 4008 Views
  • 2 replies
  • 0 Likes

Reverse Proxy and X-forwarded-for

We use a load balancer to terminate SSL connections coming into our publicly accessible web servers from the Internet. The same load balancers are used as a reverse proxy. Because this produces a blind-spot for us, we have configured the load balancer to insert the real Internet IP into the XFF entry of the resulting inbound HTTP packet (we do...

Deleted rule still matching traffic

Hi team, We have experiencing something strange behaviour on one of our Palo Alto. Palo Alto is managed via Panorama, our costumer add a security rule directly to device (not using Panorama). We delete the rule on the device, so doesn't appears anymore on Palo Alto device, but traffic still match the rule... (You can saw it in Monitor, we dele...

nanukanu by L2 Linker
  • 3230 Views
  • 2 replies
  • 0 Likes

Custom Miner commit error : Unknown Node Class : minemeld.ft.azure.AzureChinaJSON in Azure-China-Min

Hello, I am trying to create a custom miner for Azure China feed. I have successfully tested it in one of the servers, but it doesn't let me commit when I create a Miner.Already applied the solution from https://live.paloaltonetworks.com/t5/MineMeld-Discussions/how-to-write-a-simple-miner-documentation/td-p/156793Below are the steps I followed:1...

Global Protect 8.1 - Building Clientless VPN but stuck on DNS-Proxy Setup

I am starting to build a clientless vpn setup, but I am getting errors when building a DNS Proxy and DNS Server Profile. I get this error msg. I tried ethernet, tunnels and loopback interfaces and they all failed. I tried following the instructions but i get the same error message. Does it matter if use the a loopback or tunnel interface? all of...

Resolved! Apple MACs and Global Protect VPN identification?

How are you identifying Apple Mac devices/making sure they are part of your organization before letting them connect through Global Protect? We have an MDM - that joins our MACs, but the User ID-MDM integration is proving to be a bit more difficult than I had plannned. Are most of you using a certificate that is exported to a machine, and or...

Sec101 by L4 Transporter
  • 4544 Views
  • 2 replies
  • 0 Likes

UDP Sessions Discarded (DUO timeouts)

Anyone experience any issues with 2FA timing out occasionally. For example, we have a weird situation where the 2FA integrated with DUO is working fine but after a week or two suddenly all users stop getting the push notification. Looking at the PAN logs, we see a discarded session and as soon as we clear that up, everything starts to work norma...

saadm204 by L0 Member
  • 2810 Views
  • 1 replies
  • 0 Likes

SSL Decryption: SHA1-Intermediate certificate gets decrypted, even if not allowed to

Hi paloalto community, I tested my new ssl decryption rules against the badssl dashboard ( https://badssl.com/dashboard/ ).So far it looks good. Unfortunately the check for sha1-intermediate doesn’t pass. Our PA-850 (Firmware 9.0.5) does create a secure connection to this site for the client ( https://sha1-intermediate.badssl.com/ ), even I conf...

2019-12-30 14_17_20-pa-1.png
2019-12-30 14_17_08-pa-1.png
2019-12-30 14_16_37-pa-1.png
mrkskhn by L1 Bithead
  • 6820 Views
  • 4 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks