This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4121 Views
  • 0 replies
  • 0 Likes

Need some suggestion about the routing between 2 internet outgoing interfaces

I recently submitted a case to PA support about 1 of the internet facing interface cannot contact outside nor contact from outside. Use ping to diagnostic and found that the ping (request) and ping (reply) use 2 different route ). This is because the 2 interfaces has its own zone and for different purpose:1. Staff use the 1st data line, and use ...

jeremylo by L3 Networker
  • 2505 Views
  • 2 replies
  • 0 Likes

Resolved! Feature Request: Panorama: Managed Devices Summary for Dashboard

One of the most common at-a-glance sections of Panorama I use for overall environment status is the Managed Devices Summary page. This is the only / easiest place I know of to check on the HA status, Policy and Template Sync state and Last Commit state for all managed devices at once. I would really like to be able to view this information as a ...

bgolub by L0 Member
  • 2988 Views
  • 2 replies
  • 0 Likes

Question to Signal, Skype and Google Hangouts video calls

Hey guys,When I want to do a video call with Signal messenger, I need to add two rules: Rule1:App: SignalService: application default Rule2:App: STUNService: any Signal accesses random destination ips on random ports. Skype and Google Hangouts need those rules: App: Skype, Google-HangoutsService: application default App: rtpService: application ...

MPI-AE by L4 Transporter
  • 3521 Views
  • 1 replies
  • 0 Likes

how to download the ca certificate for the anydesk

HI Team I getting an error while connecting to any desk error code: could not connect to any desk network SSL_14090086I tried to add the SSL decryption list but still, the issue remains how to add the trust certificate for any desk and is there any link to download ca certificate

HemanthV by L2 Linker
  • 8636 Views
  • 1 replies
  • 0 Likes

Resolved! User not in Allow list

Hello, We use SAML authentication profile. with PAN-OS 8.0.13 and GP 4.1.8. Followed the document below but getting error: SAML SSO authentication failed for user. Reason: User is not in allowlist. http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Palo-Alto-Networks-GlobalProtect.html We have verified our settings as per the guide...

Resolved! userid in multiple VSYS environment

Hello, We are using PA cluster in multiple VSYS environment. We would like to be able to configure user / group based policies across all the VSYS by sharing userid mapping table with all the VSYS (the user identification baseline is the same for all the VSYS). Is there a quick method to achieve this or do we have to configure (same) userid sett...

Resolved! Troubleshooting Application Incomplete with two way TCP traffic

We are having issues with one application while migrating the network from ASA to PAPA is Running 8.0.9 on 3020. Application shows as incomplete with more than 4 packets.We see trasmit and receive in the PA.Nothing in threat logs. As per TAC they say use App override as first step and then flow basic and content basic.Will do this once gets test...

MP18 by Cyber Elite
  • 45129 Views
  • 6 replies
  • 0 Likes

Resolved! Phase 1 is down but phase 2 is up- test vpn phase 1 and 2

we have tunnel from PA to vendor which is using Cisco ASA.When there is no interesting traffic tunnel is down by design this part is ok. but today i saw phase 1 as red and phase 2 as green on gui.I did the test vpn ike command and phase 1 was greenbut i was unable to ping across tunnel i see traffic going via tunnel but no replies. Then i did ...

MP18 by Cyber Elite
  • 9077 Views
  • 2 replies
  • 0 Likes

PA-VM not recognizing SSL and denying traffic

Hello, We are implementing SSL Decryption to PA. Because of this forcepoint agent (that is installed on theworkstation), the return traffic from the Internet (ie: facebook.com, etc) will be denied by the firewall as the SSL certificate has been changed by forcepoint and it is considered untrusted by the firewall. Do you have any recommendation f...

Resolved! Error Message in PANGPA logs

Hello, We are using 4.1.0-98. The clients at fault work fine through a tethered mobile, however when connecting to their home WiFi the connection is successful but nothing will work through the VPN. Below is a log snippet. What exactly is going on here? <error>Gateway Default: Checking network availability and restoring VPN connection when...

Critical System Alert

The firewall has flooded the system logs with the following message:Traffic and logging are resumed since traffic-stop-on-logdb-full feature has been disabled. Software Version- 8.0.3-h4Model: PA-3020 Disk space looks fine: Filesystem Size Used Avail Use% Mounted on/dev/sda2 3.8G 2.7G 897M 76% //dev/sda5 7....

Incorrect User-ID

Hi all, I'm having an odd issue. I have global protect configured and using Okta (saml) authentication. Now everything is working fine except that a handful of users have the wrong user-id. All users are expected to have their email address as their user-id however that handful of users for some reason has the format of "domain\username" inst...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks