This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4481 Views
  • 0 replies
  • 0 Likes

Resolved! Error Message in PANGPA logs

Hello, We are using 4.1.0-98. The clients at fault work fine through a tethered mobile, however when connecting to their home WiFi the connection is successful but nothing will work through the VPN. Below is a log snippet. What exactly is going on here? <error>Gateway Default: Checking network availability and restoring VPN connection when...

Critical System Alert

The firewall has flooded the system logs with the following message:Traffic and logging are resumed since traffic-stop-on-logdb-full feature has been disabled. Software Version- 8.0.3-h4Model: PA-3020 Disk space looks fine: Filesystem Size Used Avail Use% Mounted on/dev/sda2 3.8G 2.7G 897M 76% //dev/sda5 7....

Incorrect User-ID

Hi all, I'm having an odd issue. I have global protect configured and using Okta (saml) authentication. Now everything is working fine except that a handful of users have the wrong user-id. All users are expected to have their email address as their user-id however that handful of users for some reason has the format of "domain\username" inst...

Resolved! Identical Rules on 2 Firewalls

Hello Is there a way in which I can see which security rules are identical on 2 Palo Alto Firewalls? Probably with Migration Tool or something? BR,RJ

Resolved! Feature Request: Preference Option to Restrict Zones/Objects to Only Existing When Building Policies

The current PAN-OS GUI makes adding objects and zones on the fly very easy while building policies.Unfortunately this sometimes casues unwanted side effects:As an example, when building a security policy including the zone "Admin" I started typing "admin" in the zone add field as a search and pressed enter. Instead of choosing the already-built ...

bgolub by L0 Member
  • 2538 Views
  • 1 replies
  • 0 Likes

Resolved! PanOS 8.1.5 No SNMP ifInOctets/ifOutOctets

We recently upgraded our firewall to version 8.1.5 and noticed that SNMP data traffic monitoring stopped working. If we get de SNMP values, we receive this informations: IF-MIB::ifIndex.9 = INTEGER: 9 IF-MIB::ifDescr.9 = STRING: ethernet1/4 IF-MIB::ifType.9 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.9 = INTEGER: 1500 IF-MIB::ifSpeed.9 = Gauge32...

Resolved! DNS is changing?

Anybody has hear about it and are PA firewalls effected by it. It seems they are making some changes to its functioning. Does PA application supports the said change? https://dnsflagday.net______________________________ What is happening? The current DNS is unnecessarily slow and suffers from inability to deploy new features. To remediate these...

raji_toor by L4 Transporter
  • 4486 Views
  • 3 replies
  • 0 Likes

GP+DECRYPT+MFA

Hello, I have been playing around with this setup: - user connect to internal network with globalprotect- initiating any connection to internal resources trigger ether a redirect to captive portal for MFA challenge or a global protect popup with the captive portal URL for MFA challenge. This seem to work as expected, but I have encounter a show-...

norbhinn by L1 Bithead
  • 2356 Views
  • 2 replies
  • 0 Likes

Resolved! Application changed color in ACC.

Hello, I changed a timeout value on an application and then changed it back to original setting, after this: The application show up in a greenish color (like the support info button color) in ACCThe application lost its category and sub-category. Both show up as unknown. Anyone else experience this? Bug?

norbhinn by L1 Bithead
  • 2738 Views
  • 2 replies
  • 0 Likes

Resolved! LACP question

I was given this design to implement on our PA 5050's. This would be to segregate a user segment (4500x-VSS) from the data center (7K's vpc). Can anyone tell me if this is a valid LACP connection? I have never seen it done without a Stacking or VPC link on the other end of the port-channel connections, in this case the Palo 5050's. I am going to...

Capture.JPG
jstalone by L0 Member
  • 2240 Views
  • 1 replies
  • 0 Likes

H323 Gatekeeper Question

Hello everyone, The agency I work for is experiencing H323 call drops. After some research I found documentation here that Palos do not support H323 signaling when a gatekeeper is in call routed mode. The gatekeeper is currently in call routed mode. My question is, does this affect all versions of Palos or only certain versions? Also, what would...

VTCguy by L0 Member
  • 2706 Views
  • 1 replies
  • 0 Likes

Resolved! What is best way to provision Global Protect and LSVPN portal and gateway on one device?

This is for a lab at the moment, but want real-world advice in case I attempt it. I had a portal and gateway setup for client SSL VPN and wanted to add LSVPN. Due to complete documents for each type of GP feature, but none combining the two, I went through many iterations of mixing the two, but always having some kind of error with needed profi...

Create User based Internet access rule

Hi, Could someone please advise how I can limit internet access by user? I would like the below Block level 1 - blocks the bad stuff but allows everything else Block level 2 - blocks everything apart from an allow list I believe I have set Enable User-ID up and I have set 2 groups within AD and attached the users to those groups. I seem to b...

SSL Decryption not working with Policy based forwarding

I have configured SSL decryption with one ISP which is configured via default route and it is working fine. I have another ISP and I configured to forward internet traffic from particular endpoints (same trust zone) to 2nd ISP, for this purpose i created NAT and a PBF rule for those particular endpoints, scenario was working fine till now. I wa...

  • 24380 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks