This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4225 Views
  • 0 replies
  • 0 Likes

Bug fix

Do I have to go to 7.1.7 to fix this bug, since it is addressed as the fix for this bug or will a newer version fix it like 7.1.18 or 7.1.19 still fix it even if it is not listed in the list of fixes? You would think that the newer version more even if it not listed.

pabug.PNG
jdprovine by L4 Transporter
  • 5436 Views
  • 10 replies
  • 0 Likes

Resolved! SSL decryption troubleshooting - decrypt-cert-validation

I have been working with SSL decryption over 4 month on testing team. Most of the traffic is OK but I see some of the traffic are being Aged-Out and some and decrypt-cert-validation as the session end reason. Tried to do packet capture without seeing the reason it being blocked. The end user receive the error: "There is an issue with the SSL ce...

2018_09_26_14_53_27_Certificate_Error.jpg
2018-09-26 14_57_38-trs.pcap.jpg
2018-09-26 14_56_41-rcv (2).pcap.jpg
2018-09-26 14_55_59-fw (2).pcap.jpg
SShnap by L3 Networker
  • 38402 Views
  • 5 replies
  • 0 Likes

Resolved! QoS and SSL decryption questions.

Seems some of our customers are trying to slow down youtube, facebook etc. without SSL decryption. The confusing part is in the logs these show up as youtube-base, facebook-base etc but only sometimes and then other times they show up as SSL. So is using the QoS feature pointless without performing SSL decryption first? Ref:https://live.paloalto...

1Gbps support for PA-500

Hello, We decided to upgrade our internet line to 1Gbps from current 100Mbps and now we are using PA-500. As PA-500's Threat prevention throughput is 100Mbps, does it mean we only have 100Mbps(transmission speed) even the PA-500's interface capacity is 1000Mbps? ThanksQu Dong

qd_056 by L2 Linker
  • 3797 Views
  • 3 replies
  • 0 Likes

Authentication via LDAP server not sending complete DN name

Hi Team, I have configured LDAP server profile and confirmed the condition of reading group via Group mapping it works. When I try to test the LDAP username through authentication profile it succeed upto LDAP authentication but after it is sending DN name only with domain name and my user get failed to authenticate. What else I need to check. ...

Problem with MS Exchange 2016

hellowe have EXCHANGE server at TRUST zone.When we try to make SSL inbound inspection to this server active sync does not work and even when we try to open OWA via browser we get an error ERR_SSL_VERSION_OR_CIPHER_MISMATCH Is there any idea where can be the problem?

Radmin_85 by L4 Transporter
  • 4999 Views
  • 4 replies
  • 1 Likes

Resolved! Replacing office 365 from XML and RSS with Restful API

Hi all, In view of the changes Microsoft is going to make in future as describe in the following link, would the current miner for O365 still works? https://support.office.com/en-gb/article/managing-office-365-endpoints-99cab9d4-ef59-4207-9f2b-3728eb46bf9a?ui=en-US&rs=en-GB&ad=GB#ID0EADAAA=4._Web_service&ID0EACAAA=4._Web_service

chtoh82 by L2 Linker
  • 18467 Views
  • 12 replies
  • 1 Likes

Yahoo Mail Client

We recently started experiencing a problem with Yahoo app on Android devices or the Yahoo client from receiving email through our PA's. Has anyone experienced a similar problem? Thanks in advance.

Raimson by L0 Member
  • 2923 Views
  • 3 replies
  • 0 Likes

Resolved! routing problems between wans and lan

I recently inherited a Palo Alto PA-3020 in a place i've been working and I'm wondering if anyone would be able to help me out on a config error i've been having I'm trying to get a setup like in the visio diagram below but there seems to be some routing issues. I will send a redacted config to anyone who responds. I would be looking for basical...

Drawing1.png
kclarke6 by L1 Bithead
  • 4720 Views
  • 5 replies
  • 0 Likes

Resolved! app-id changed for mssql-db-base

We just noticed that what used to show up as mssql-db-base is now showing as mssql-db-unencrypted. Yep, this is internet stuff that we know is not encrypted so that makes sense and the first thing I did was check to see if there wasn an app-id update that may introduce this change but I do not see anything that would impact that. Has anyone else...

2018-09-26 15_29_15-a little digging - Message (HTML).png
hshawn by L4 Transporter
  • 15930 Views
  • 1 replies
  • 0 Likes

Aerohive Log / User IDs / Device Mac

Hello, we have some Aerohive WiFi access points and they are managed with the HiveManager.Now when a user logs on to a WLAN SSID with his hive user and then surfs, you only see the internal IP of the access point in the Paloalto Log. If several users do this, you can't tell it apart because no user information arrives at the PA.How can I transfe...

Teamviewer is not blocking

Hi, I have PA-820 with fully updated signatures, I have blocked Teamviewer via security policy. PA is recognising the application and traffic log showing that teamviewer connection is blocked but on host machine teamviewer is running and outbound / inbound teamviewer connections are sucessful. I have also tried by applying ssl decryption but sti...

Okta Admin Authentication on HA deployment

Hi, I have configured multiple Active/Passive firewalls for Okta SSO (admin authentication) this is working as expected on the active devices, however I was planning to use a separate authentication profile for the passive devices. Everytime I push the profile for the secondary firewall it syncs it back to the primary. It was my understanding th...

PA-3220 HSCI port's LED is not light up

I've got two new PA-3220s in HA (active/passive). Active firewall's HSCI port does not light up green LED, whereas passive light up green. I used an SFP+ and MM cable (tried Twinax as well). I have a replaced firewall for active firewall, but it still doesn't up. However, all HA state looks fine on the Dashboard/High Availability.Is this somethi...

Active_No HSCI LED.jpg
Passive_HSCI Ok.jpg
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks