This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Best way to identify Macs for URL filtering?

All the Macs are AD joined and everyone logs into the domain. Problem we are having is that after a few hours the Macs are not identified any longer and the URL filtering stops working. The Mac users are creative and get some relaxed filtering....so they can't go to sites they are allowed to go to that the general population is not. Is there a s...

Internet Access Captive Portal

Dear Friends ! i have restrice Internet Access to Clients but before they fall in to Captive Portal Page, they reach to google.com https certificate then PAN poral Certificateas well the Clients are able to ping, traceroute destinations in Internet before they login to Captive Portali would like to configure PAN in such a way to 100% restrict cl...

Resolved! Cust Data Pattern for Azure Information Protection (AIP)

Hello, We're looking to leverage Palo Data Filtering to provide some DLP in our enterprise. PANOS 8.0.12 on a 5020 pair. Microsoft shop running Win 10, and we have implemented Microsoft Azure Information Protection (AIP), which is MS's labeling/protection mechanism. MS Publishes the DLP Tag information here. They call it a 'Custom Property.'...

User ID for ncomputing environment

HI all,My customer has ncomputing (thin client) environment and all servers are Ubuntu. They wanted to implement User-ID feature in this environment. As we do not have any User ID agent for Linux, how can we get user info? Can we use Captive portal, will that work per session?Thanks,Abhijeet

DNS Security Subscription on EXISTING PA-220 Lab Appliance

Is anyone having the same problem as me? I have an existing PA-220 lab appliance (the lab SKU includes all available subs and support) that was deployed prior to the announcement of PAN-OS 9.0 and DNS Securty. I have since upgraded the appliance to 9.0, but I cannot find a way to add the DNS Security subscription to the appliance within the su...

Resolved! Is there a way to disable specific traps in PAN?

I have a long open issue with PAN TAC where the PAN 5060 is sending traps when detecting an issue with HA secondary availability. The HA is fine so these messages are just spam for practical purposes. Is there a means to disable these specific traps?

Publishing website issue.

Hi Experts,I am trying to publish a website, the webserver is behnid my Palo alto, i created NAT rule from public IP to be natted to the internal webserver IP address. What is starnge here is that i am not able to see my traffic when trying to reach the website from external. I was testing from my mobile so i put in Montior traffic tab source is...

PLEASE HELP.. same config but not working! from PA 3050 to PA 3220

Dear experts, I am moving from PA3050 to PA3220. I did export the current configurations from the old PA3050 and imported to the new PA3220, i committed successfully, but when i migrate cables from old device to the new one i get random issue! like some zones are not reachable, like i have ping to internet and telnet and traceroute but i can't b...

Old certificate showing even after new certificate mapped to the ssl profile

Hello, We are using Software Version - 8.0.8, Global Protect Agent - 4.0.4 One user is able to connect the VPN through portal but when accessed the URL from the internet still seeing the old certificate after new certificated mapped. We tried to reinstall the GlobalProtect client by accessing the GlobalProtect portal so the client pulls the late...

Resolved! Recommended PAN-OS version

Hello Please need to know the recommended upgrade PAN-OS version from Paloalto for PA-3020. Appricate your help Thanks

DPWorld by L1 Bithead
  • 7638 Views
  • 2 replies
  • 0 Likes

Preventing Split-Brained Monster, HA Failure Technique Idea?

I am trying to develop a technique to handle HA failure conditions, between two PA units, in an "Active/Passive" configuration. What I want to try is to connect an HA1 link to an intermediate switch. By default, what I notice is that if I take down the link between the primary PA box and the L2 switch, the PA backup unit will then become "Active...

pa-test.png

Global Protect connects even machine certificate not present in store

Has anyone encountered this issue ? https to portal interface IP gives an error "Valid client ceriticate required".GP users are still able to connect to GP VPN even if machine certificate not present in store. I have Global protect Portal configuration > Agent > App > Client Certificate Store Lookup as "Machine".

File Blocking applications

What is the reason that the Applications field within File Blocking Profiles only allow a subset of all applications? For instance, I have a file blocking profile that alerts on several file extensions for webmail applications I've specified, and I'm trying to add meetup-email, startmail, and zimbra, but these are not available. I thought perha...

Resolved! Mitigating CVE-2019-5786

Anyone know which Content Update (released or upcoming) might contain a mitigation for CVE-2019-5786? Description: https://www.helpnetsecurity.com/2019/03/06/chrome-cve-2019-5786/ Cheers

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks