This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4129 Views
  • 0 replies
  • 0 Likes

Incorrect User-ID

Hi all, I'm having an odd issue. I have global protect configured and using Okta (saml) authentication. Now everything is working fine except that a handful of users have the wrong user-id. All users are expected to have their email address as their user-id however that handful of users for some reason has the format of "domain\username" inst...

Resolved! Identical Rules on 2 Firewalls

Hello Is there a way in which I can see which security rules are identical on 2 Palo Alto Firewalls? Probably with Migration Tool or something? BR,RJ

Resolved! Feature Request: Preference Option to Restrict Zones/Objects to Only Existing When Building Policies

The current PAN-OS GUI makes adding objects and zones on the fly very easy while building policies.Unfortunately this sometimes casues unwanted side effects:As an example, when building a security policy including the zone "Admin" I started typing "admin" in the zone add field as a search and pressed enter. Instead of choosing the already-built ...

bgolub by L0 Member
  • 2479 Views
  • 1 replies
  • 0 Likes

Resolved! PanOS 8.1.5 No SNMP ifInOctets/ifOutOctets

We recently upgraded our firewall to version 8.1.5 and noticed that SNMP data traffic monitoring stopped working. If we get de SNMP values, we receive this informations: IF-MIB::ifIndex.9 = INTEGER: 9 IF-MIB::ifDescr.9 = STRING: ethernet1/4 IF-MIB::ifType.9 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.9 = INTEGER: 1500 IF-MIB::ifSpeed.9 = Gauge32...

Resolved! DNS is changing?

Anybody has hear about it and are PA firewalls effected by it. It seems they are making some changes to its functioning. Does PA application supports the said change? https://dnsflagday.net______________________________ What is happening? The current DNS is unnecessarily slow and suffers from inability to deploy new features. To remediate these...

raji_toor by L4 Transporter
  • 4387 Views
  • 3 replies
  • 0 Likes

GP+DECRYPT+MFA

Hello, I have been playing around with this setup: - user connect to internal network with globalprotect- initiating any connection to internal resources trigger ether a redirect to captive portal for MFA challenge or a global protect popup with the captive portal URL for MFA challenge. This seem to work as expected, but I have encounter a show-...

norbhinn by L1 Bithead
  • 2305 Views
  • 2 replies
  • 0 Likes

Resolved! Application changed color in ACC.

Hello, I changed a timeout value on an application and then changed it back to original setting, after this: The application show up in a greenish color (like the support info button color) in ACCThe application lost its category and sub-category. Both show up as unknown. Anyone else experience this? Bug?

norbhinn by L1 Bithead
  • 2660 Views
  • 2 replies
  • 0 Likes

Resolved! LACP question

I was given this design to implement on our PA 5050's. This would be to segregate a user segment (4500x-VSS) from the data center (7K's vpc). Can anyone tell me if this is a valid LACP connection? I have never seen it done without a Stacking or VPC link on the other end of the port-channel connections, in this case the Palo 5050's. I am going to...

Capture.JPG
jstalone by L0 Member
  • 2177 Views
  • 1 replies
  • 0 Likes

H323 Gatekeeper Question

Hello everyone, The agency I work for is experiencing H323 call drops. After some research I found documentation here that Palos do not support H323 signaling when a gatekeeper is in call routed mode. The gatekeeper is currently in call routed mode. My question is, does this affect all versions of Palos or only certain versions? Also, what would...

VTCguy by L0 Member
  • 2635 Views
  • 1 replies
  • 0 Likes

Resolved! What is best way to provision Global Protect and LSVPN portal and gateway on one device?

This is for a lab at the moment, but want real-world advice in case I attempt it. I had a portal and gateway setup for client SSL VPN and wanted to add LSVPN. Due to complete documents for each type of GP feature, but none combining the two, I went through many iterations of mixing the two, but always having some kind of error with needed profi...

Create User based Internet access rule

Hi, Could someone please advise how I can limit internet access by user? I would like the below Block level 1 - blocks the bad stuff but allows everything else Block level 2 - blocks everything apart from an allow list I believe I have set Enable User-ID up and I have set 2 groups within AD and attached the users to those groups. I seem to b...

SSL Decryption not working with Policy based forwarding

I have configured SSL decryption with one ISP which is configured via default route and it is working fine. I have another ISP and I configured to forward internet traffic from particular endpoints (same trust zone) to 2nd ISP, for this purpose i created NAT and a PBF rule for those particular endpoints, scenario was working fine till now. I wa...

8.0.15 How is it running

Hello Community,How is it running for those that have already upgraded? I would wait but the release of the recent vulnerabilities have pushed this forward for me. https://securityadvisories.paloaltonetworks.com/ Thanks in advance!

Template not showing up in Device Groups

Created template I have Templates showing up over Network and Device tabs. But when I commit there isn't a radio button for templates and when you look under Device Groups and click the group I created it in, the template does not show up. Panorama 8.1.4

ccall678 by L0 Member
  • 3136 Views
  • 1 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks