This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Windows, Kerberos, LDAP, RADIUS

Hi! My company is rolling out a small pile of Palo Alto firewall models and I'm trying to learn the nuances and best practices of these devices. Initial implementation and basic functionality has been pretty straightforward. Now we are trying more advanced things. My current issue is user authentication. I have a scenario that I feel must be ver...

Resolved! PAN Syslog: Verifying the device is sending to all the configured

I added an additional syslog destination on three of my PANs but I'm only seeing that traffic at an intervening PAN for two of the sources. I've used the troubleshooting methods noted here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClqICAS - but those are only showing me one syslog destination when four are config...

palomed by L3 Networker
  • 32596 Views
  • 8 replies
  • 0 Likes

GlobalProtect not working if laptop has no internet at boot

I have prelogon setup for globalprotect using machine certificates, so that when a laptop boots up with internet is automatically connects to globalprotect. This works perfectly fine, except for when a laptop does not have internet access. If a laptop does not have internet access, then globalprotect just errors out and does not try to reconne...

How to identify app data vs differen in traffic recieved on app data

Hi Guys, Lets say I have application SAP that allows port 8443 but looks like APP-ID is not getting matched and we are getting insufficent data followed by deny rule , question is how can we look for difference between expected application data and difference we are seeing. Just to approve application owners this is pattern we are looking for bu...

Resolved! V-Wire in VMware.

I am trying to trial V-Wire for an upcoming requirement . The final goal is to secure a number of VMware VM's on their original IP's [differing subnets ] behind a v-wire. So I have a VM100 which I have assigned 2 interfacesone to a vswitch connected to a virtual PC 192.x.x.5 other to a vswtich connected to a virtual server 192.x.x.10 there's ...

Resolved! Can PA firewalls run multiple OSPF Processes?

Replacing a Cisco ASA fw with a Palo Alto and there is 2 OSPF processes running on the ASA ( 1 & 2 ). Can I run 2 process on a Palo Alto firewall? I've had a look and tried with running seperate VR's but I cant see how I can advertise the OSPF 2 process subnets into OSPF 1. It's really simple on a router -router ospf 1rtr#redistribute ospf...

Global Protect : Authentication Profile based on source IP

Hi,I would like to accomplish the following I have an always on VPN configured to use user-id password at logon.When the user is on one of our remote sites with know public IP's I want to use only LDAP in all other situation when he is external I want RADIUS(MFA). Can I make an authentication profile and link it to source IP? Kind regards, Fre...

GOMEZZZ by L2 Linker
  • 5366 Views
  • 4 replies
  • 0 Likes

External Dynamic List Issue OS 9.0.4

Dear Friend, I have configured external dynamic list on PAN OS 9.0.4. When I add new URL selecting IP List like http://panwdbl.appspot.com/lists/bruteforceblocker.txt it's no't adding. Given the error as follows. But if i change it's to URL List its working.But in PAN OS 7.1.14 its capable to add. please support ASAP. ThanksLakshitha. Not Wor...

Capture1.JPG
clipboard_image_0.png

Regarding application traffic passing through the PA, the mobilephone cannot be accessed, and the co

Hi support, The situation is this. After the normal traffic passes through the PA, it goes to the nginx proxy server in the DMZ. The nginx then sends the traffic to the back-end server, and finally the server sends the traffic to the nginx proxy server. The nginx then sends the traffic to the PA, and the PA is finally given to the user. Howe...

Minemeld install on Ubuntu 18.04 issue

Hi All, I have installed minemeld on Ubuntu 18.04 using Ansible Playbook. I have followed the instuctions on https://github.com/PaloAltoNetworks/minemeld-ansible#howto-on-ubuntu-1804 and rebooted the device but I get the Error Checking Credentials: Bad Gateway error. Looking at the supervisorrd.conf status I see minemeld-web in a fatal statu...

a.jones by L3 Networker
  • 4317 Views
  • 1 replies
  • 1 Likes

Resolved! Wildfire Private Cloud(WF500) license..

Hello All,We have PA-3250 which is having wildfire license, we have wildfire private cloud appliance as well and we have connected our existing firewall PA-3250 to wildfire cloud. Now we need to purchase PA-220 . Do we still require wildfire license in PA-220 when we already have private cloud appliance for wildfire. Thanking You in advance for...

OmPrasad by L1 Bithead
  • 4216 Views
  • 3 replies
  • 0 Likes

BI- DIRECTINAL NAT IN PALO ALTO

BI- DIRECTINAL NAT IN PALO ALTO Go to Policies > NAT > AddCreate a NAT Rule:Name the rule as per your convivence.Select the source zone as LANDestination zone as WANInterface as the WAN (exit interface)Service as the preferred port.Source ip address as the internal LAN IP.Destination ip address as any.Now in translated packet, Select Stati...

What apps and services are used for Meraki Cloud?

I can't seem to get the policy right for my Meraki APs to check in with the meraki cloud. I have allowed DNS, Ping, Meraki-cloud-controller using any port and allowed to *.meraki.com and *.opendns.com. Still see stuff hit my deny. Anyone know the correct combo for a policy?

Resolved! PA 5220 Packet Descriptor Max value

When I run show running resource monitor. I see packet descriptor max value most of time above 80 like in 90's. sometimes 100 100. Packet descriptor average value is still under 80.We have ssl decryption enabled on the PA.Also we have decrypt mirror configured. What can be reason that packet descriptor is going over 90 so often? Mike

MP18 by Cyber Elite
  • 8459 Views
  • 8 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks