This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

Panorama snmp trap

My idea was first to setup panorama to monitor the logs for critical and then send snmp trap.But from what i can see from the PA mibs, there are no way for panorama to send info in the trap about the device? So all i see in the trap is the panorama ip. Is there any way around this? Or is maybe best practise to trap from the individual device?

hbalzac by L3 Networker
  • 4015 Views
  • 2 replies
  • 0 Likes

qos rule allowed application is http-video but stats and cli also shows unknown-tcp

I have configured qos on application http-video only and category is any.Running OS 8.0.9 On qos stats graph it also shows application as unknown-tcpfrom cli when i run command > show session all filter qos-class 1 it shows application as undecided need to understand qos rule only applies application http-video why we see applications unkno...

MP18 by Cyber Elite
  • 2496 Views
  • 3 replies
  • 0 Likes

Resolved! Authentication via LDAP server

We have a PA-3050, I have setup LDAP auth and it is working fine, however I have a question/concern. Yesterday we had a user offsite who needed VPN access, he was not in the AD group initially, so I added him to the AD group and sent him instructions on how to download the agent, when he tried to sign in, it would not allow him, ten or so mins ...

GlobalProtect concurrent Gateway conections

Hi i have two separate PA-220 clusters in separate sites and i can connect to each one independtelly via global protect, but i have to choose one site or the other. is there a way to setup the Global protect to connect to both sites at the same time without the use of a VPN satellite setup? the networks are not overlapping.. thanks,Jonathan

Resolved! A new PA-3250 required licenses

Hi, I'm planning to deploy PA-3250 for a company. I've recommended the following modules for them as per their requirements:PAN-PA-3250-URL4-5YR.PAN-PA-3250-TP-5YR.PAN-PA-3250-WF-5YR. Now, i'm not sure if we must also include the premuim support license inorder to be able to opreate the firewall. Can I safely deploy the device without a support ...

Resolved! Updating MineMeld Miner indicators via http/https API requests from external systems ?

Dear MineMeld community, Can we add/remove indicators from a MineMeld Miner via http/https API? We currently have a simple automation system for IP whitelisting: External System sends an https request to an automation server with an IP address info and some another data: http://AutoRequest.com/request?ip=10.1.1.1&start_date=01/01/201...

Resolved! GlobalProtect - suppress the downgrade/upgrade prompt?

I noticed end-users will get a prompt to upgrade/downgrade their client, depending on whether the Activated version is lower or higher than their installed version.Is there a way to suppress and turn that off? It would IT controlled deployment upgrades more smoother and less confusing to end-users. Is this the setting here?

2018-11-05_9-23-39.png

GlobalProtect Connection Issue

The company I work for recently roled out paloalto vpn service for users to connect via VPNHowever one frustration most if not all users have observed is the initial connection via GlobalProtect client. Across all client versions and all OS's (Windows, MacOs) one thing which is causing frustration has been observed. * Instigating the connection ...

version.png
1.png
2.png
carterg by L2 Linker
  • 10560 Views
  • 5 replies
  • 0 Likes

SSL Inbound Decryption with ADFS

I am seeing issues with inbound decryption and ADFS. Through investigation, I found that the EC Curve 25519 is not supported, but is the default for Windows 10 and Server 2016. Per tech support, this will be available in the latter half of 2019 as a supported encryption standard. After moving off of the prevously mentioned curve, I am seeing t...

Resolved! Does BGP need to be on a separate virtual router ?

I'm currently using rip in a single virtual router. I'm adding BGP for a Microsoft Express Route circuit. I have a consultant to assist in the BGP setup. He says the BGP needs to be in a separate virtual router. Is there a reason for this that anyone knows ? His answer is PaloAlto requires it. ???PA3020. TIA, Greg

gefuchs by L1 Bithead
  • 8896 Views
  • 8 replies
  • 0 Likes

Resolved! Processor not pulling from Miner

Hello Folks, I recently created a new miner to pull domains from a threat intel provider. I can see the Miner is pulling the expected amount of domains. However, my associated processor is not pulling anything from the miner. I've already looked the the obvious things: like is Output enabled on my miner etc. I can see in the logs that the proc...

Untitled.png

User-ID picks up admin users ID not their proper login.

I have noticed that some of our users who have normal and privileged accounts are showing their "Privileged account" under User-ID. Querying in windows shows the correct user... show user ip-user-mapping ipIP address: 1xx.1xx.1.187 (vsys1)User: xyznet\jimp.adminFrom: ADIdle Timeout: 2638sMax. TTL: 2638sGroup(s): x...

Understanding URL Filtering Order / URL Filtering Precedence

I was searching high and low for URL Filtering Order / URL Filtering Precedence when trying to understand how to override an incorrect URL learned from an External Dynamic List. It took the help of our Designated Engineer to get a full and complete answer. I thought I would share the info here so others may benefit as well. This is based off of ...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks