This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

SSL Decryption breaks certain website functionality

So I’ve enabled SSL decryption and as expected some sites or applications fail when it’s turned on. No problem I can exclude the domain from decryption.I have a special case though, in the fact that one of these web applications is a service that my company is developing. When decryption is on it breaks screensharimg from our web application. Th...

welly_59 by L3 Networker
  • 5822 Views
  • 3 replies
  • 0 Likes

Wildfire fails to update since Content Update 8058 installed

Hi All, Came into work today to 100 emails that wildfire has been downloading but failing to update. I have narrowed it down to content update 8058 being installed. Device PA3020OS 8.1.2No HA, No Panorama. If i try to install the wildfire updates manually you get an error that it failed to commit. I have made a change (stop my boss receiving the...

PhilH by L2 Linker
  • 3096 Views
  • 3 replies
  • 0 Likes

Resolved! Route specific traffic out backup ISP?

We have dual ISP (ISP-A and ISP-B) and utilizting PBR which works just fine. Now I have use case whereas I have a NAT configured on ISP-B (1 to 1) and I want to force traffic to a specific destination out the backup interface. I want to do this to ensure traffic destined for a specific address IP-B is sent out the backup interface. I tried ad...

drewdown by L4 Transporter
  • 14567 Views
  • 13 replies
  • 0 Likes

Resolved! Upgrading GlobalProtect while on corp network

Hi everyone, I have a client who said every time they try to upgrade globalprotect, they have mixed results. The issue seems to be that they'll set the GP App to "Allow with prompt". However, the users will never get the prompt while they are on the corporate network. It seems possibly, when the users go home, they'll get the prompt to download ...

ce1028 by L4 Transporter
  • 6156 Views
  • 9 replies
  • 0 Likes

Resolved! Adding app depencendies

This might be a dumb question, but I visited 3 clients in the past 2 weeks that did not include application depenendcies in their policy rules For example, they'll have a rule allowing webex-base, but don't add rtcp, rtp-base, or stun. To be fair, at least 1 of them had a rule that contains an application filter that allows risks 1, 2 and 3, so...

ce1028 by L4 Transporter
  • 3095 Views
  • 2 replies
  • 0 Likes

SSL Version

Is there any way for the traffic logs to display the SSL/TLS version that's in use for a particular flow? I don't see the data in the traffic logs or in the session info at the CLI.

Resolved! HTTPS URL Filtering without decryption

Hello all, I am trying to implement URL Filtering for HTTPS websites but without decryption. I found a post on how to deliver response pages to Users. (https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Serve-a-URL-Response-Page-Over-an-HTTPS-Session-Without/ta-p/55998) The URL Filtering is working for me but I dont understand th...

Resolved! Untrust to Untrust - Allow

I was working at a customer site and noticed the customer's last rule before their "Catch-All - Deny" rule was "Untrust - Untrust Allow". It was a universal rule with source zone untrust destination zone untrust set to allow. When I asked why they had this rule, the response was "By default, the firewall comes with a default intrazone allow r...

ce1028 by L4 Transporter
  • 18066 Views
  • 11 replies
  • 0 Likes

Binding to AD with globalprotect

We have user accessing the globalprotect VPN using their AD account and we have userid enabled, but we do not see any evidence of the users in the AD domain controller, is that because GP is accessing the DC using a service account? Is there anyway to get the AD accounts to bind on the DC? We need these records for other things

jdprovine by L4 Transporter
  • 7419 Views
  • 13 replies
  • 0 Likes

Dual ISP IPSEC vpn tunnel monitor drops the connection

Hi all, I added second ISP to firewall and created ECMP for dual ISP followed those guides: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Implement-ECMP-Load-Balancing-on-the-Firewall/ta-p/110339# https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-a-Palo-Alto-Networks-Firewall-with-Dual-ISPs/ta-p/59...

SShnap by L3 Networker
  • 4087 Views
  • 3 replies
  • 0 Likes

GRE support on PAN-OS 8.0

Hi,is it possible to terminate a GRE tunnel on a PaloAlto? Parhaps there is something new in 8.0 Best regrads,Sebastian

sst by L0 Member
  • 5755 Views
  • 5 replies
  • 0 Likes

Resolved! Log forwarding - Local on Gateway or Panorama

Hello - I have Firewalls configured with Log Forwarding to Panorama. The question is, do the traffic logs of the Firewall Gateway keeps the copy of the logs and send another copy to Panorama or does it have only one copy forwarded to Panorama Can i configure to forward all the traffic logs of the Firewall to the Panorama and not to keep local co...

PA VM licensing issue between support accounts

Hi, Although looking through this in internal sources as well, but maybe you guys have seen this and have an idea. Initially there was PA VM-100 trial registered in Support Account 1 - partner account. Everything's good.Trial expired, full license was purchased - auth code was registered in Support Account 2 - customer specific account. VM-100 w...

nikoo by L3 Networker
  • 6241 Views
  • 3 replies
  • 0 Likes
  • 24379 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks