This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Resolved! packet drops on traffic going through IPsec tunnel.

Hi,We are getting packet drops on traffic going through IPsec tunnel.We have checked ISP link but there is no drops on ISP link even no load on it. Tunnel is aslo up but getting intermittent drops on traffic goint on IPsec tunnel.We have checked both end firewall but no sucesses.Kindly help.uleThnaks & RegardPradeep Chaugule

Resolved! Custom Reports takes ages

Greetings All,I am presently running PanOS 5.0.4 on a PA-500 HA. When I try generating a custom report for "URL Log" for a period of 7 days for Top 50 grouped by Top 50 groups with the URL consisting of porn and category not equal to web-advertisements, it takes ages to generate the report i.e. approx. an hour and then when I try to export in e...

After upgrading to 8.1.1 VPN always on pre-logon->user-logon failings

Wondering if anyone else has seen this? We upgraded to 8.1.1 from 8.0.8 this morning and immediately had users reporting their VPN client prompting for credientials over and over again forever. The firewall says invalid username/password hwoever we can cerifiy this is not the case using the CLI test commands... Rolling back to 8.0.8 resolves the...

commit_warnings_on_8.1.1.png
hshawn by L4 Transporter
  • 3529 Views
  • 5 replies
  • 0 Likes

Anyone use "Expired Active Directory Password Change for Remote Users" in PAN version 8.1 and GP Ver

Hi,Anyone use "Expired Active Directory Password Change for Remote Users" in PAN version 8.1 and GP Version 4.1?https://www.paloaltonetworks.com/documentation/41/globalprotect/globalprotect-app-new-features/new-features-released-in-gp-agent-4_1/expired-active-directory-password-change-for-remote-usersDoes it work? Can you do it with LDAP or do y...

junior_r by L3 Networker
  • 3819 Views
  • 3 replies
  • 0 Likes

UDP log that hit any deny rule and show allow

Hello, i have a question about UDP session rule 34untrust anytrust anyapp icmp, traceroute, pingservice anyaction allow rule 214any any deny you can see allow log hit rule 214i found similar case about tcp.https://live.paloaltonetworks.com/t5/Management-Articles/Action-Configured-in-Security-Rules-and-Seen-in-Traffic-Log-is/ta-p/62785 i think ...

20180616_111325.png
hbshin by L2 Linker
  • 2612 Views
  • 3 replies
  • 0 Likes

Moving a Layer Two Switch between FW pair and Edge Router from ISP Issue

We are attempting to move a pair of VCP'd layer 2 switches between our ISP's CIENA and our PA 5220 pair. Our ISP is only giving us a single handoff so we were attempting to plug the handoff into the layer 2 switches (nexus 9ks with VCP) on a access port with vlan 602. The switches also have trunk ports connecting to the Palo Alto's with LACP.W...

davic09 by L0 Member
  • 2387 Views
  • 1 replies
  • 0 Likes

World Cup 2018

Anyone have a custom APP-ID to block world cup 2018? or is palo going to release one?

Ntripp by L1 Bithead
  • 5362 Views
  • 5 replies
  • 0 Likes

Resolved! Taxii Feed Error

Dear all, today my Taxii Output stopping working, in minemeld-engine.log i see these errors: 2018-06-15T13:23:33 (24179)actorbase._actor_loop ERROR: CyberSOC-taxiiDataFeed-Test - error executing ActorCommand(command='update', kwargs_={u'source': u'MISP_CyberSOC_anyEvents', u'indicator': u'https://pastebin.com/v10rKA6d', u'value': {u'confidence':...

rafy92 by L1 Bithead
  • 6672 Views
  • 5 replies
  • 0 Likes

Failed to resolve domain name

Hi,i get in the system monitor a message Type dnsproxy and event resole-fail mgmt-obj 'Failed to resolve domain name:server.domain.com after trying all attempts to name server(s): IP_from_internal_DNS 8.8.4.4 'and i dont know why.I have set and Object for the server.domain.com DNS Name to the IP but error comes again.In Device -> Setup ->...

Globalprotect client VPN for remote users and Office LAN users?

My company has a number of offices which do not have an on-site fw but instead have a router to connect to corporate MPLS through which they also receive internet.I’ve been asked to look at implementing a globalprotect vpn for all users whether they are on office lan or remote. Is this a standard use case, tunnelling all traffic through vpn to t...

welly_59 by L3 Networker
  • 4367 Views
  • 5 replies
  • 0 Likes

Global Protect and CCMCACHE

I have a user that I am trying to reinstall Global Protect (v.4.0.6-7) for. However, whenever I try to install it, i get message that it is trying to find globalprotect64.msi in c:\windows\ccmcache11. CCMcache11 does not exist. So I pointed the installation to the msi file I had for it in the downloads folder but it then said it was corrupt. I ...

Arena225 by L0 Member
  • 3816 Views
  • 3 replies
  • 0 Likes

OSPF Adjacencies Flapping over IPSec Tunnel

Hello, I would like to open this issue up for discussion, and possible resolution. We have an IPSec Tunnel between two Palo Alto Firewalls (PAN 3050 & PAN 820), and we advertise OSPF routes to interconnect both sites, over the tunnel. This was working fine for months with no issues. Four days ago, we upgraded the 3050 from PANOS7.1 to PAN...

want to upgrade to 8.0.X

Hey guys,I have a HA pair of 3020s with 7.1.7and a single 820 firewall with 8.0.2 Which version can you recommend for the 3020s and the 820? 8.0.5?8.0.6?Is there anything to be aware of?

MPI-AE by L4 Transporter
  • 7039 Views
  • 14 replies
  • 0 Likes

Resolved! I have two questions. about UDP Application & policy action

Hello, I have two questions. 1. How can Paloalto Firewall identify UDP Applications (ex : sip, ntp, sip, dns, snmp, tftp..) with one packet from source received ? 2. when i configure service any What is difference policy action deny & drop? Best regards.

hbshin by L2 Linker
  • 2725 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks