This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4472 Views
  • 0 replies
  • 0 Likes

SSL/TLS proxy

An internal client can only make sslv3 connections while an external server only accepts tls 1.2 so the goal is to create a policy that will allow this, using the PA as an SSL proxy. Is this possible? I was looking at decryption policies but I'm not sure how to fwd the connection attemt to be tls 1.2 to the external server. any help would b...

How do you completely remove a Firewall from Panorama

We are in a situation where we have over 50 Palo Altos that we have migrated to panorama over the years. Many of our Palos still have local rules on them as well as Panorama based rules. We would like to convert these firewalls to use only Panorama rules. To our understanding you can export the firewalls from Panorama and then import them again ...

panorama-error.png
CZellars by L1 Bithead
  • 10835 Views
  • 3 replies
  • 0 Likes

Filter security policies by no description

I am trying to view only security policies that do not have a description. I have found the following links but am unable to get the output i need. I need to show rules with no description and for all the operations i must define a valuen and all i am after is a NUL. https://www.paloaltonetworks.com/documentation/traps/4-2/traps-endpoint-secur...

Captive Portal web form displaying basic auth in chrome

When I set up the Captive Portal and configure it for browser challenge, on non domain joined machines I get the following prompt before I'm sent to the web-form. Is there any way I can get rid of this or at least get it encrypted so users aren't attempting to send credentials in clear text over the wire?

Capture.PNG
Lcroce by L1 Bithead
  • 3509 Views
  • 2 replies
  • 0 Likes

MineMeld - Feeds Authentication Verification

Hello Folks, My MineMeld experience has been great thus far thanks alot for creating such a robust community product. I set up authentication feeds recently and am curious where I can verfiy authentication is successful? Is this a Firewall Log or a MineMeld log? Thanks, Eddie

Resolved! Firewall cert-SSL forward proxy-To actual destination,

I know for a fact that firewall intercepts SSL connection and generates on-the-fly cert to clients under decryption scenario. But, I wasn't able to find enough resources explaning how firewall intitates connection to the actual destination on client behalf? I mean to ask does the firewall uses palo default cert as personal certificate when inti...

Missing fields in custom reports that would be useful

I am trying to make a more meaningful executive style report for user activity and web browsing. Currently the 'User Activity' report has columns which are not availble when generating a custom report; estimated browse time, count, bytes, etc. If I could create custom reports using these fields and filter or set thresholds I could remove a lot ...

mike406 by L2 Linker
  • 3358 Views
  • 1 replies
  • 0 Likes

Strange dataplane MGMT plane behaviour

Hi, We are having strange behaviour with DP and MGMT plane. We received these alarms: show log system | match severe2018/07/20 12:00:02 high general general 0 Dataplane under severe load2018/07/21 12:00:02 high general general 0 Dataplane under severe load2018/07/23 12:00:02 high general general 0 Dataplane u...

BigPalo by L4 Transporter
  • 4578 Views
  • 8 replies
  • 0 Likes

MineMeld docker based on centos / rhel?

Hello! I have been looking for a docker image that is based on Centos / Rhel and not Ubuntu, but I cannot find any. Is there any image beeing worked on? Also, the Docker image runs root inside, which I cannot seem to change as I get the following errors: runsv nginx: fatal: unable to open supervise/lock: file does not existrunsv minemeld: ...

Resolved! Do BGP and OSPF have to have same router-id on a virtual router ?

Hi, I'm running BGP and OSPF on same virtual router and whenever I commit a change, I get the following warning: In virtual-router VR_1, BGP router-id 1.1.1.1 is different from OSPF router-id 10.1.1.1.Since I'm getting warned about it, I'm thinking it probably is preferred for BGP and OSPF to have same router-id on a given virtual router. It's...

Resolved! User-ID Redistributed users not the log file

Hi Guys, For one our customer we have two virtual cluster - frontend and backend firewalls. On the frontend firewall we have Global Protect enabled, with LDAP and User-Group Mapping, assign different access for different user group. Connected users should be able to reach some internal resources behind the backend firewall as well.We have config...

Resolved! Any way to de-auth a user outside of SSH?

I know that we can force a logout for a user from the captive portal on the CLI as shown in the link below but is there a way to access this functionality through the web management portal? https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Force-Captive-Portal-Re-Authentication/ta-p/57746

Lcroce by L1 Bithead
  • 3905 Views
  • 5 replies
  • 0 Likes
  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks