This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

Issues with decryption on versions higher than 10.2.8-x, TAC no help

Brief summary, we have a pair of 3420's that where on 10.2.8-h3 for several months with no issues, suddenly one day we had issues with what seems to be OOM but was never fully confirmed by TAC, but recommended to upgrade to 10.2.10-hx(we choose 7 as it included the fix and other fixes as its incremental). This seems to have fixed the OOM issue, ...

Log Forwarding - Traffic Works, Others Do Not

I have to be missing something simple, for forwarding logs to a collection server. I can get the traffic logs, no issues, but all the other logs, will not send (Threat, Wildfire...). Do the other logs need some kind of special forwarding, or permissions in the OS? I have all the log types set in one section of the Objects->Log Forward, i am a...

Block the Teamviewer connection from outside to a specific computer

Hello! Is it possible to block a user from using Teamviewer whether he or she is on a personal laptop or mobile device using the Teamviewer app to remote/connect to a specific computer inside the corp network? HR has asked to block any outside connection so the end-user cannot use any more Teamviewer from the outside world to remote to a specifi...

FreddyC by L1 Bithead
  • 4113 Views
  • 3 replies
  • 0 Likes

Resolved! IPSec setup with certificate

what are the steps to configure certificate based IPSEC. Do we have step by step document to configure OR the use of certificates for IPSec. and what are the steps to troubleshoot Phase1 / 2 for the same?

Terminal Services Agent allocates ports outside the defined port range

Hi, I have the problem, that the Terminal Services Agent sometimes allocates ports to users that are out of their port range.That leads to the usage of wrong security polices. For example for one user I configured 22800-22999 as the port range.That user is not allowed to download certain files.Now sometimes the user gets port 58729 allocated and...

GlobalProtect not allowing internet access when Parallels or Docker are running

MacOS installed: macOS Sonoma 14.5 latest GlobalProtect client installed: 6.0.7-372 Parallels Desktop: 18.2.0 (53488) As the post title says, when Parallels or Docker are running, our GP isn't allowing network access (myself and others are having similar issues, I don't run Docker locally personally, so I didn't put a version number, but inclu...

User-ID Agent Connected Status Shows Red

This is a PSA for anyone having issues connecting/ setting up the User-ID Agent program on a Windows server.After installing the correct User-ID Agent from Paloalto's support site, you need to make sure you've set correct security/ access settings for the user you will bind to the agent. I found these instructions pretty easy to follow.https://k...

Unable to add AD group to Group Include List

System logs showing error: User Group Count of 'xxxx' Exceeds Threshold of 1000. I am trying to shrink the group numbers by using specific user group. Issues: 1. on Panorama template setting, there is no option to select the user group, pls refer to attached screenshot. 2. On firewall local device, i tried to configure configure by override fr...

After upgradation no traffic flow between DMZ to WAN

Hi Team, I hope you are doing well. One of our customers is attempting to upgrade their PAN-OS version from 11.0.4-h1 to a higher version, as the 11.0 version is nearing its end-of-life. The issue encountered is that whenever we upgrade beyond version 11.0.4-h1, communication between the DMZ and WAN zones is lost. Specifically, after the u...

Error deleting custom URL categories?

I created a custom URL category and then tried to delete it and got this on the validate, any ideas please? Operation ValidateStatus FailedDetails member corp-blocking-exclusions is an invalid referenceInvalid blockInvalid url-filtering corp defaultInvalid url-filteringInvalid profilesInvalid vsys vsys1Invalid vsysInvalid configurat...

Panorama and firewall upgrades schedule

Have a question related to the upgrades; Can i schedule the Panorama software upgrade ? Also , can i schedule the Managed firewall upgrades through Panorama ? I see schedule option for App and threat updates but not for PanOS images

Resolved! User-ID from multiple sources - what takes precedence

Hi,We are setting up user-ID with agents on member servers, checking domain controller event logs. We also run an internal globalprotect gateway.With both active and potentially providing the same user-ip mapping, which one does the firewall user? the one from GP or the one from the DCs?Thanks,Shannon

SARowe_NZ by L3 Networker
  • 6066 Views
  • 3 replies
  • 0 Likes

Error when renewing Certificate "Failed to read certificate"

Hello Bro, Recently, I was trying to renew a certificate but I received the error "Failed to read certificate". I have tried it like 4 times receiving the same error. Tried by renewing the CA first or by the child first, both cases I receive the same error. error message attached. Any ideas Bro, TIA

SYSTEM ALERT : high : Number of hints on disk has exceeded 5000 due to log forward failures

Hello I receive many alerts with subject SYSTEM ALERT : high : Number of hints on disk has exceeded 5000 due to log forward failures. I do not have panorama (never did). Is there a way for these alerts to stop. Below is the alert i received from email. domain: 1receive_time: 2024/05/29 13:18:52serial: xxxxxxxxxxseqno: 7373667907529615763action...

kvagenas by L1 Bithead
  • 2539 Views
  • 3 replies
  • 0 Likes

Certificate not valid

I am trying to setup Machine authentication, where it actually validates the machine certificate, I have a PKI infrastructure, that pushes certificates to the machines, with there name in Common Name, and SAN, of the machine hostname. On they Certificate Profile i have enabled CRL, and added both Root and intermediate CA, and set username to su...

Spiff_21 by L1 Bithead
  • 69546 Views
  • 4 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks