This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Newbie: Local (wildcard?) certificate(s)

I'm running a VM-100 with several zones where I have MS AD / WSUS in one, two zones with lots of wireless device management, another zone for vmware management etc.

 

Every day I run into web browsers yelling about unsecure acces to local device manage

...

Resolved! Base ID manager is reset

Anyone run into this issue? It raised a "Critical" log but appears to have occurred during a validate. Having issues finding any references on this alert discription.

 

Base ID manager is reset - System Log

 

ert.png

ADSSP Integration for Cached PW Update

Wondering if anyone has successfully integrated ADSSP Cached Credential Updating with PAN VPN and GlobalProtect client.

 

Have tried to find command line references for the GP client but am coming up blank. 

 

ADSSP needs to call the VPN connection durin

...

inter-logger-agent message in Panorama

Anyone know what this message refers to, and/or suggest any steps to trouble-shoot?

 

 

The message is showing up in System log of a backup Panorama M-500 manager.  X.X.X.X is the IP assigned to dedicated port on primary Panorama M-500 manager.  The int

...

fl1654 by L3 Networker
  • 2453 Views
  • 2 replies
  • 0 Likes

Resolved! Microsoft Windows Auto Pilot and SSL decryption

 

Hi Everyone,

 

Seems the Microsoft Windows Auto Pilot does not work when SSL decryption is enabled.

I tested see no drops on the global counters and nothing on PA PCaps.

 

When disabled SSL decryption it worked fine.

 

Any ideas?

 

Mike

MP18 by Cyber Elite
  • 4412 Views
  • 4 replies
  • 0 Likes

Resolved! Query on HA1 link

Hello,

 

We have an Active-Passive setup. The HA1 link in the Active unit shows down (red) if the Link settings are set to auto/auto.

If I change the settings to 100mb link, full duplex and link state to up, the port shows up (green).

Shouldn't it work i

...

Auto.png
Full.png

Authenticating with Captive Portal

I just got off the phone with technical support and the technician said that the only traffic I can authenticate is http/https. Can someone confirm that the use case below is not valid? 

 

Here is what I want to do:

 

Use HTTPS to authenticate a user 

 

Af

...

joynert by L1 Bithead
  • 6470 Views
  • 12 replies
  • 0 Likes

Exclude account(s) from authentication?

I know there is the allow list, but what about an exclude?  We use Captive Portal for BYOD and have thousands of accounts we want to allow, but exclude our double digit generic accounts from being able to log in.  What's the best way to achieve this?

QOS bypass traffic

is there any way to get more info about what kinds of traffic are being classified as "bypass" traffic?

i have not found anything in cli, traffic logs or acc.

wlloyd by L2 Linker
  • 2468 Views
  • 1 replies
  • 0 Likes

Resolved! User ID mapping when switching between wired and wireless

A lot of my users login into their computers using the wired connection. Then when they are off to meetings, they switch to wireless (without logging out and logging back in).  If I turn off client probing, this creates an issue where they switch to

...

MikeC by L3 Networker
  • 4594 Views
  • 4 replies
  • 0 Likes

Resolved! FQDN cache limitations

I wanted to reach out tot he community and see how people are handling FQDN cache limit issues. 

Example:

 

* Internal DNS caches up to 8 IPs for each FQDN

* PAN device will cache up to 10 (source: https://knowledgebase.paloaltonetworks.com/KCSArticleDet

...

hshawn by L4 Transporter
  • 5479 Views
  • 2 replies
  • 1 Likes

Multicast configuration for IPTV

Hi all,

I'm lost configuring my PA-500 for IPTV using multicast.

My provider has a new option for IPTV.

They stated that in order to test the configuration one should try to open:

https://www.fiber7.ch/documents/129/Big_Buck_Bunny_Stream.xspf

 

So fa

...

Resolved! Connecting PA820 to Cisco ASA HA

Hi All,

 

I want to connect PA820 to ASA HA setup. ASA1 and ASA2 need to connect to PA820. Can I use link aggregation on PA820 for this scenario? If one of the ASAs fails will this setup work to pass on the traffic using the other ASA.

 

Thank you.

sajidsil by L0 Member
  • 2821 Views
  • 2 replies
  • 0 Likes
  • 24198 Posts
  • 100 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks