General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Foward Trust Cert and MacBook Pro

I have a problem with my PAN generated FTC when used by MacBook Pro. My PANOS is 11.2.10-h3 and the test MBP is Sonoma 14.8.4. The FTC is loaded on the System Key Chain and is set to "Always Trust". The x509 basic constraints CA is TRUE as inspected on the MBP. Yet when I browse a site with a decryption policy, the resulting cert from the FT...

Resolved! Change to Applipedia

I discovered that the veeam app in applipedia does not cover port 6173 (used for guest interaction from veeam with a vm). Is there a possiblity to inform palo alto via a button / link or anything else in applipedia or somewhere else to correct this app

MikeHinz by L1 Bithead
  • 1404 Views
  • 2 replies
  • 0 Likes

This Mac is owned by Palo Alto Network ( PANDA ) ?

Hi, Ive purchased a 2nd hand macbook pro ( 2024 model ) literally just a few hrs ago, now from Facebook Marketplace, and upon trying to set it up - it takes me to a Recovery screen. I then try to Install new MacOS & it comes up with 'this device is owned by Palo Alto Networks' Im not gunna act smart, but i have no idea wtf that actually mea...

Resolved! SSL Connection Error During Panorama-Orchestrated HA Upgrade

Hi all, First time posting, so bear with me. We manage fairly large fleets of devices across multiple clients, so the new HA upgrade orchestration from Panorama looked like a big time-saver. We decided to test it with one client but ran into the issue shown in the screenshot: "Download error: SSL connection error". Has anyone encountered this — ...

return traffic being dropped, not being sent through the vpn tunnel

issue: 1 server behind PA being accessed through 2 different tunnels tunnel 1 = working tunnel 2 = incoming traffic working, the return traffic is being grabbed by interzone-default = deny, and on the PA seen as a new session being initiated, for which there is ofc no security rule in place to allow anyone with an idea why the return traffic ...

20f2c37f-cc78-4da5-bea8-6c2fc3fb4fe3.png

Resolved! Static Port Address Translation question

This configuration issue seems like it should be very easy to figure, but I have not performed this in the past and I cannot seem to figure it out. We will have multiple devices on the trusted network, and I need to NAT them all to a single Public IP address using a different port number for each private device. All devices will utilize port 44...

JohnSturk_0-1695407774096.png
JohnSturk_1-1695407912202.png

Is It Possible to Distribute Client Certificates to iOS Devices Using GlobalProtect SCEP Without MDM?

I would like to ask whether it is possible to distribute a client certificate to an iOS device at the time of GlobalProtect authentication by using SCEP, without relying on any MDM solution. My goal is to enable client certificate–based distribution and authentication for GlobalProtect on iOS, and I am currently exploring approaches that do not ...

Panorama continuously pulling expired Strata Logging Service License

I have a customer here who is running into an issue when applying their new Strata logging Service License on Panorama. The old license expired awhile ago and the new license was never applied. They have now lost all visibility of their cloud services from Panorama and so are trynig to apply the new license. In GUI we can pull the new licens...

IPSEC to Azure establish but cannot use traceroute

Hi All We have PA 410 and has established an ipsec tunnel to Azure.We testing from PA-410 to cloud that ping, SSH, and traceroute are working normally.However, when testing from cloud to PA-410, ping and SSH work as expected, but traceroute does not function. A packet capture was performed and it was observed that the traffic UDP was dropped ...

Feature Request List

Hi community In a lot of topics there are discussions and questions about PAN-OS enhancements and missing (not yet implemented) features. So far the PaloAlto Feature Request list isn't available to the public but in a lot of these existing topics feature request IDs (FR ID) are mentionned. Even knowing that PAN-OS is already a feature rich fir...

Remo by L7 Applicator
  • 117373 Views
  • 151 replies
  • 21 Likes

Search for old KB kA10g00000PLW6

I am looking for a this KB that I bookmarked in 2022. https://knowledgebase.paloaltonetworks.com/KCSArtcleDetail?id=kA10g00000PLW6 Can you someone point me to the new KB? Thanks, Jay

wuj by L1 Bithead
  • 1004 Views
  • 4 replies
  • 0 Likes

How to add Wildcard Domains as a destination for Firewall policy PA1420

Dear all, I have blocked the Port 80 in my network so any clients try to access the internet over the port 80 should not be allowed. But the thing is that some of the micorsoft IPs and Domains runs over the port 80. Now I want to add a new firewall rule to my palo alto 1420 to allowlist Miscrosoft IPs and domains over the port 80 and 443, ...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels