This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

SSL Expired Cert and SSL decryption

We have vendor site which we access.Recently their SSL cert expired and when I try to access that website chrome shows cert is invalid and still in brower it showsit is decrypting the website and i can see the PA cert there. Traffic log shows isession end reason was policy deny? Why PA shows cert as invalid or non trusted when vendor ssl cert is...

MP18 by Cyber Elite
  • 14277 Views
  • 11 replies
  • 0 Likes

Dynamic External Lists for Hostnames

Trying to figure out the best way to accomplish a task. We have a "Suspicious" rule on our firewall that should be where we place hostnames for users that are observed to have questionable traffic.This will be a dynamic list that will be updated by adding/removing hosts at any given time depending on security alertsSince we use LDAP I know we ca...

Resolved! Creation of new Session and 6 Tuples

Need to confirm below - If PA has the active session and need create a same session but the old session is active?What action will take depending on 6 tuples?

MP18 by Cyber Elite
  • 9550 Views
  • 4 replies
  • 0 Likes

Resolved! Reading firewall palo A20 logs

Hello Paloalto community, I ask for help please, I collect the logs of a Firewall palo lato A20 with graylog, I find a difficulty in reading Firewall logs. Can anyone help me to explain this logs, I want a clear interpretation of this logs.On the web interface of Graylog I see this logs from FW Palo alto: 1/ All the logs of the FW palo are "le...

F LOGS.PNG
Ayoub2 by L1 Bithead
  • 3202 Views
  • 1 replies
  • 0 Likes

Lost communications via HTTPS

Hello all,I had a problem with a PA-220, version 8.0.9.Suddenly I lost HTTPS service for the management interface, It was still working but I only had access via SSH.When I entered #show deviceconfig system service I couldn't see the services HTTPS & SSH (as disable-hhtps/ssh no)Then I entered #set deviceconfig system service disable-https n...

upatino by L1 Bithead
  • 3517 Views
  • 1 replies
  • 0 Likes

disable automic start globalportect and create a shortcut

Hello, My customer need a "GlobalProtect msi" to ditribute by GPO that complies with the following.- Customize Portal URL. That is Ok, we edit the with orca software https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkwCAC.- the installation of globalprotect must be create a shortcut in the desktop.- in the installation ...

MPoffal by L2 Linker
  • 3789 Views
  • 1 replies
  • 0 Likes

Why is "set address BLAH tag BLAH not working?!

admin@PA-5250-LOANER# show address TULLYset address TULLY ip-netmask 192.168.15.245set address TULLY tag Safenet_Listener_Service[edit]admin@PA-5250-LOANER# set address POPLICOLA tag Portal_ServicesServer error : tag 'Portal_Services' is not a valid reference[edit]admin@PA-5250-LOANER# Is there a syntax issue here that I am not seeing?

Resolved! UDP 443 becoming more prevelant

Today I have discovered that the latest Facebook App for Apple IOS is using udp/443 for communication. This behavior seems similar to the Google Quic protocol. I also caught a glimpse of an article referencing the move to a http2/api WWW. If this is going to be the direction the industry goes, does anyone know how long it takes Palo Alto to sign...

Syslog Fields Mismatch the documentation PanOSV9.0

I have syslogs coming to my SIEM from the device with PanOS V9.0. The number of fields i am receiving and the number of fields specified in the documentation doesnot match.For example, in TRAFFIC logs, 1,2019/05/09 15:09:20,xxxxxxxxxxxx,TRAFFIC,end,2304,2019/05/09 15:09:20,xx.xx.xx.xx,xx.xx.xx.xx,xx.xx.xx.xx,xx.xx.xx.xx,Allow all,,,ocsp,vsys1,In...

gnikesh by L1 Bithead
  • 3491 Views
  • 2 replies
  • 0 Likes

Resolved! VPN Site a Site Palo Alto Pas de traffic retour

Bonjourj'ai monté un tunnel vpn entre un PA-850 et un PA-220. La gateway IKE et le tunnel sont au vert.Je n'obtiens aucuns trafic en reception dans le tunnel sur le site A. Le site B quant a lui recoit mes requetes et y repond, mais comme je n'ai pas de reception je n'obtiens pas la reponse.Du coup je me suis dis il y a une policy qui bloque ou...

Resolved! setting security rules for vpn access for certain users?

i created a remote vpn and a vpn zone for local users , i created a security rule from vpn zone into inside but the problem is when i try to set certain access for different users , when i type the user name it doesnt auto complete it or list other local users in the security rule? shouldnt it list all the local users created to choose from them...

chuckles by L2 Linker
  • 2897 Views
  • 1 replies
  • 0 Likes

Resolved! By using LAN unable to connect VPN

Hi Experts, I have installed Global Protect VPN client. When I'm trying to connect VPN it is throwing an error "Server Certificate is invalid".When I connect mobile internet or internet dongle to my machine I can connect VPN. But when I connect through LAN it is giving the error. Can anyone please help me to overcome this issue? Thanks in advanc...

Prasuna by L1 Bithead
  • 4232 Views
  • 4 replies
  • 0 Likes

How to get IP public of GitHub

Hi All I am considering to use Minemeld in company with Palo Alto Firewall. I tested it and I saw it support to get IP of AWS, Google Cloud, Azure but I didn't see GitHub. So how I can create custome Miner to collect IP public of GitHub. Please help me to resolve it. Thanks, Giang Le

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks