This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Resolved! routing problems between wans and lan

I recently inherited a Palo Alto PA-3020 in a place i've been working and I'm wondering if anyone would be able to help me out on a config error i've been having I'm trying to get a setup like in the visio diagram below but there seems to be some routing issues. I will send a redacted config to anyone who responds. I would be looking for basical...

Drawing1.png
kclarke6 by L1 Bithead
  • 4663 Views
  • 5 replies
  • 0 Likes

Resolved! app-id changed for mssql-db-base

We just noticed that what used to show up as mssql-db-base is now showing as mssql-db-unencrypted. Yep, this is internet stuff that we know is not encrypted so that makes sense and the first thing I did was check to see if there wasn an app-id update that may introduce this change but I do not see anything that would impact that. Has anyone else...

2018-09-26 15_29_15-a little digging - Message (HTML).png
hshawn by L4 Transporter
  • 15814 Views
  • 1 replies
  • 0 Likes

Aerohive Log / User IDs / Device Mac

Hello, we have some Aerohive WiFi access points and they are managed with the HiveManager.Now when a user logs on to a WLAN SSID with his hive user and then surfs, you only see the internal IP of the access point in the Paloalto Log. If several users do this, you can't tell it apart because no user information arrives at the PA.How can I transfe...

Teamviewer is not blocking

Hi, I have PA-820 with fully updated signatures, I have blocked Teamviewer via security policy. PA is recognising the application and traffic log showing that teamviewer connection is blocked but on host machine teamviewer is running and outbound / inbound teamviewer connections are sucessful. I have also tried by applying ssl decryption but sti...

Okta Admin Authentication on HA deployment

Hi, I have configured multiple Active/Passive firewalls for Okta SSO (admin authentication) this is working as expected on the active devices, however I was planning to use a separate authentication profile for the passive devices. Everytime I push the profile for the secondary firewall it syncs it back to the primary. It was my understanding th...

PA-3220 HSCI port's LED is not light up

I've got two new PA-3220s in HA (active/passive). Active firewall's HSCI port does not light up green LED, whereas passive light up green. I used an SFP+ and MM cable (tried Twinax as well). I have a replaced firewall for active firewall, but it still doesn't up. However, all HA state looks fine on the Dashboard/High Availability.Is this somethi...

Active_No HSCI LED.jpg
Passive_HSCI Ok.jpg

SSL decryption presenting untrusted certificate for certain site

Can somebody explain why the PA is presenting the untrusted certificate when browsing to https://community.mcafee.com ? So far all of the other HTTPS sites that I've tested have worked perfectly. This is on 7.1.3. I opened a ticket with PAN and the tech said it's because the PAN doesn't trust some of the CA's used by that site's certificate, bu...

Jsitter by L1 Bithead
  • 14801 Views
  • 2 replies
  • 0 Likes

Resolved! threat packet captures impact on cpu

Hello.I would like to enable some packet captures on certain threats and was wondering if anyone has tested if there is an impact on the mgmt plane cpu when enabling extra pcaps?I know enabling packet capture has an impact on cpu. however I would think the impact woudl be mainly(or exclusively) on the data plane cpu;reason I ask is I currently h...

Clientless App feature enable BUG 8.1.3

The only I can describe this configuration is that is is a bug. I do not see any reason why such a feature would exist and not be clearly documented. Issue: When commiting that change after deploying a GlobalProtect Clienless app a warning would appear saying: Warning: Clientless VPN Content is missing. The feature is not enabled. (...

Global Protect, use custom port for portal, followed the tutorial on paloaltonetwork

Hi, I followed the tutorial : How to Configure GlobalProtect Portal Page to be Accessed on any Port but it's not working.When I connect using browser I get an error. I see in monitor that the port is accessed and I see the rules for the nat as well, but in the application it's written "incomplete". How can I debug it further ?Thanks for help.Jon

GlobalProtect agent can not connect to my internal Network

Hello,After correctly configuring global protect VPN on the firewall, and installed the agent globalprotect on the remote machine, when I am in connected mode with the agent I can not connect to my internal network not even send a ping, I checked the security rules and the NAT between the two zones, the access route but the problem persists

ADINESMA by L0 Member
  • 3324 Views
  • 1 replies
  • 0 Likes

Resolved! authetication override

Why is it necessary to enter "generate cookie for authentication override and accept cookie for the authentication override on both the portal and gateway? I would think it would make more sense to select generate cookie for authentication override on the portal and accept cookie for the authentication override on the gateway.I am also not sure...

jdprovine by L4 Transporter
  • 5221 Views
  • 6 replies
  • 0 Likes

logical interface packets drops

Hi, we are experiencing this issue that we are troubleshooting from a couple of days. we have done all our checks WAN and LAN side however there is a paloalto firewall between WAN routers and core switch in a Vwire mode with an any-any rule. the only problem I have noticed so far is that at the time of issue the firewall is not too responsive i....

qasim02 by L2 Linker
  • 3538 Views
  • 3 replies
  • 0 Likes

Resolved! how to get CA trusted root cer for global protect url

Hi, We have external global protect gateway with dns name.when users browse to domain name they get warning message certificate is not trusted. How can i get trusted cer from CA like go daddy so that when remote users download the GP client they do not get cert warning? RegardsMike

MP18 by Cyber Elite
  • 2493 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect client - Block inbound traffic - Internet Adapter

Hi,The scenarios is as follows:a) I have a Windows10-client with Global Protect (GP) version 4.1.4 installedb) The Win10 has inbound RDP (tcp-3389) enabled so that the support can access the client remotelyc) The GP is configured with "Always On" so that it connect to our company network as soon as it finds an ISP-connection The problem:a) Whil...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks