This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4127 Views
  • 0 replies
  • 0 Likes

Traffic from GP interface

Hi Team, I am seeing some traffic initiated from GP interface to outside using source port udp/4500 to public IPs of clients( GP uses 4501 and I have xauth configured). Are these traffics are because of GP xauth configuration.. anybody has noticed it before ?.I dont have any Ipsec tunnels configured from this interface.thanks in advance.

Convert active/active to active/standby Firewalls

I have active/active scenario PA-220 FW. FW1 has diffident config than FW2. I want to make FW1 is the active without loosing any data. Do I need to erase or do factory reset for FW2 before I sync it from FW1 which is the main configuration that I want to keep?

Certificate error connecting to PAN UI after mac os catalina update

I am sure everyone who upgraded to catalina has this issue.Apple has pushed out new certificate requirementshttps://support.apple.com/en-us/HT210176Not sure about other parameters, but my pan device is serving a certificate that is valid for 10 years (greater than the 825 days accepted by macOS). And i can't override the certificate error anyway...

josggf by L2 Linker
  • 3640 Views
  • 1 replies
  • 0 Likes

SSL Decryption in different countries?

Hello All, Starting to deploy 100+ firewalls worldwide. Have configured SSL decryption for General Browsing rule.A template has been configured in Panorama, so they all have the exact same setup.North America and Europe locations I tested are OK. Tried a Brazil office yesterday and if decryption is enabled, for very basic sites like UPS and Fede...

Rievax by L2 Linker
  • 4378 Views
  • 4 replies
  • 0 Likes

Resolved! Can alternate usernames be used for Credential Detection?

We are using Multiple Username Formats under Group Mapping and E-mail address as one of the alternate usernames. Output for CLI command show user user-attributes user all displays e-mail address as Alt Username.We have also User Credential Detection enabled and using Group Mapping mode.The problem is when a user enters credentials in some websit...

marroz by L1 Bithead
  • 5856 Views
  • 4 replies
  • 0 Likes

Firewall-Log Forwarding-Email alert sending multiple message customization to avoid huge email

Hi Team, We have configured log forwarding on critical policies and facing challenge lot of emails getting generated and triggered multiple mails. Need experts input for customization of email sent to recipient with subject "x number of times" example. This will avoid huge email traffic flow. Thanks in advance.

Resolved! check now and Invalid image, Failed to download file

i was trying to download GP client 4.6 from GUI and got error Invalid image, Failed to download file tried few times every time got above error. then i clicked on check now then it worked. Need to know how i was able to download the global protect client 4.6 when i clicked on check now?

MP18 by Cyber Elite
  • 21014 Views
  • 3 replies
  • 2 Likes

Resolved! 4 AD servers and only one shows as Connected user-id agentless

hello team we have this new set up for group-mapping , with 4 AD servers, we already set-up everything, we can see in the user monitoring all activity from user, however in the section relate to server monitor the status only shows one server connected, we follow the KB: https://knowledgebase.paloaltonetworks.com/KCArticleDetail?id=kA10g000000C...

Resolved! block all facebook but one page

I know there are multiple discussion threads on how to allow just one FB page but block all other access . I tried every single of them and none worked properly.I created a url filtering profile allowing just my company page and blocked social media but the problem is when a user first clicks my company page he/she would be taken to a login page...

Resolved! Ethernet aggregate group

Hello,I have been reviewing aggregate Ethernet interface group https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/network/network-interfaces/aggregate-ethernet-ae-interface-group and I see LACP is not enable by default, then I would like to know, How work the aggregate when you not use LACP? What is the default behavior of ag...

Marivi by L2 Linker
  • 8955 Views
  • 5 replies
  • 0 Likes

Check Point R77 firewal security rules +400 rules policy migration

hello team We have to migrate a Checkpoint R77 policies firewal security rules +400 rules policy migration, however we can't see those policies when we export to the expedition tool, we know that in R80 version you can use the CLI on the CKpoint to export in pieces those big amount of rules from 0-400 and from 400-800 and so.we try to use the sa...

What's new in MineMeld 0.9.32

Release Date: 2017-02-06 Changes to the default behavior To avoid data corruption, MineMeld engine now periodically checks availble disk space. If the available disk space falls below the limit of 10MB per configured node, the engine shuts down and refuses to start. If after the update the engine does not start you can try to free disk space ...

mm-wheel-extension.gif
lmori by L7 Applicator
  • 9262 Views
  • 4 replies
  • 2 Likes

Sync Between Active Directory and User-ID

Hi there, I have security policy allowed for particular group A. when i add/remove member in group A it doesnt sync with the security policy. Is there a way to sync between active directory and User-ID/ Security policy? Thanks in advance.Pratik

Resolved! Error at task npm install on RHEL

Hi all,I'm installing minemeld-ansible on Redhat 7.When i run this command:sudo ansible-playbook -K -i 127.0.0.1, local.ymlI got this error:TASK [minemeld : npm install] *********************************************************************************************************************************************************************************...

Panorama: Bulk Edit Security Policy to update Security Profile Group

Hi, I have about 900 rules spread across 2 different groups within Panorama. I would like to apply a shared Security Profile Group to all these rules where there action is Allow. I have done some searching around but have not found any answers, however I apologise up front if I have missed a post (or article) where this has already been answere...

  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks