This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

GlobalProtect Best Practices

I searched through previous threads to see what the best practices are for securing GlobalProtect but the only thread I saw was dated and didn't have too much information. Could anyone share what their best practice is with setting up GlobalProtect? I'm currently using Cisco AnyConnect and would like to transition to GlobalProtect. My enviornmen...

Resolved! LDAP not work if management interface IP address cannot reach Windows AD

Configuration as below 1. Mangement interface with IP 192.168.1.2 (non-PA device as gateway)2. Windows AD with IP 172.16.1.2 (PA device layer3 interface as gateway)3. Subnet 192.168.1.0/24 and 172.16.1.0/24 cannot reach each other With correct LDAP config (LDAP IP, Port, Base DN, etc.). Go to "Device > User Identification > Group Mapping S...

jeremylo by L3 Networker
  • 3239 Views
  • 2 replies
  • 0 Likes

Resolved! VPN not working

Hi, we are configuring a VPn between Palo Alto and PFsense. The VPN is configured properly but its nos getting up. No phase 1 up. We have treid to change all values proposals and lifetime. This is the log. We tried to change lifetime with no success. Whats happening? ====> Initiated SA: 1.1.1.1[500]-2.2.2.2[500] cookie:4ff9f28d21a8b446:cc5af...

BigPalo by L4 Transporter
  • 5223 Views
  • 4 replies
  • 0 Likes

Anti Phishing Continue Page does not redirect and shows certificate error

Hi All, The customer has deployed Credential Detection feature. They are able to view logs of the same on the firewall. They have the action as "Continue" for "Auction" URL category. On submission of credential Response page do not appear and " SEC_ERROR_UNKNOWN_ISSUER" error is displayed. I checked the certificate when the error appears in ...

chromeCapture.PNG

ACC displaying "No data to display"

Hi All,I've been trying to troubleshoot an issue with a PA-5060 using PanOS 7.1.10. For whatever reason Application Command Center is not displaying any data. I've tried to check if any resources may have been hung but there doesn't appear to be any that are hung. Any other thoughts on how to fix this issue? Thanks

Resolved! Understanding Virtual Wire

I am trying to wrap my head around virtual wire from a practical perspective. To me it sounds like an access list apllied between 2 interfaces (e.g Internet & Users). That sounds like a typical concept with firewalls but since security rules would already be called upon to permit or deny traffic between each zone can someone help me under...

Resolved! New To PA- Differences between WebUI & Panorama

My company is about to deploy PA's in a few of our data centers as well as a single Panorama VM. I have a traditional ASA background & want to know some basic theory on how PA's are configured. I am enjoying the free training on the support site but I notice that so far most of it is taught based around configuring from the WebUI. If I un...

Resolved! MineMeld install error bower install

Hi all, I have installed successfully minemeld on a test Ubuntu 16.04. I try to do the same now in production and get an error on bower install : fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["bower", "install", "--allow-root"], "delta": "0:00:04.657525", "end": "2018-06-29 10:13:24.610040", "msg": "non-zero return code", "rc": 1...

Global protect data file not downloading_not showing anything in Dynamic updates

we have valid license of GP gateway but Global protect data file not downloading_not showing anything in Dynamic updates. when clicking on check now nothing shows up , tried configuring it as automatic download and install but no luck . https://live.paloaltonetworks.com/t5/General-Topics/Not-showing-dynamic-updates-for-global-protect-data-file-...

Rameshwar by L3 Networker
  • 4130 Views
  • 2 replies
  • 0 Likes

User Acitivity Reports - Denied Traffic

Afaik the User Activity Reports only show allowed traffic from the users. I am trying to find the URL from an IP, which I can see the user have been trying to visit, but got denied.Is there anyway to do so? The IP is a service from Amazon, and therefor it's not possible for me to make a simple nslookup.

Unable to block Skype

Testing target is Skype which came with Windows 10.Use the method in the link below and was work (for 1-2 days)https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Block-Skype/ta-p/52103 Then 1 day suddenly found that it not working anymore.Since I'm evaluating it (PA-220). There were many configuration changed. Any idea what possi...

jeremylo by L3 Networker
  • 2299 Views
  • 1 replies
  • 0 Likes

Always-ON VPN in the internal network.

Hello, I am looking to configure an always-on VPN with full tunnel access and enable"Enforce Global protect for Network access".This basically means that users have to connect GP portal to access network when logging in to their machine when off-prem. Giving us the ability to filter the traffic 24x7 even when off-prem. But, I am now facing a cha...

Resolved! Cannot ping INTO mgmt interface, but can ping out?

Did something the other day and now i cannot ping/https/ssh to the firewall on its management interface, even though from the firewall i can ping out. I dont think this is a routing issue as i can do it the other way(out of the device), and the device i am sourcing the pings from is within the same subnet. Also i have checked arp table and mac t...

welly_59 by L3 Networker
  • 16952 Views
  • 13 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks