This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4236 Views
  • 0 replies
  • 0 Likes

Resolved! Captive-Portal Error with MP Software Process 'keymgr' and 'l3svc' Problem

Model : PA-500OS: 6.1.13Captive-Portal/GlobalProtect are used Hi. I've got some issue from my customer about Captive Portal Issue. The customer said, the Captive-Portal authentication screen, couldn't be seen for few days,even if portal page open, like google, or other starting web-page, they couldn't access to other link with errors. So I'd tri...

error-message.PNG

Upgrade for HA Pair

Hello, i am looking for some guidance on upgrading a non panorama setup of an Active/Passive HA pair of 3050s. They are running code 7.1.6 and we would like to move to a later/latest release of 7.1.x i have searched around but can only find a guide for using Panorama under the upgrade best practices. is there another guide available which deta...

Resolved! Recommended stable release for PAN-OS 8.0.x

Hi, I am planning on updating PAN-OS on our Panorama virtual machine and our two firewalls and would like to know what the most stable release for PAN-OS 8.0.x is? Any help with this query would be greatly appreciated.

Resolved! nt-autorität\anonymous-anmeldung

Hello Guys,I have sometimes a problem with the user identification on the PA500. Our Users can only browse the internet with your AD-User. Sometime the User is lost on the PA. The User "nt-autorität\anonymous-anmeldung" is used? Why? How can I find a solution? Thanks cuWolfgang

Dual WAN (ONE ISP and MPLS link)

Hello All, Need your help/guidance on the following requirement We have 2 WAN links, One ISP with Static public IP and MPLS connection for Internal server access. Requirement: 1) All the Internal users (Trust Zone) has to go through ISP Wan for Internet access 2) Secondaly, to Access Internal Web application servers Hosted...

Sharan.k by L0 Member
  • 2727 Views
  • 2 replies
  • 0 Likes

Resolved! User-ID Agent exclusion list

Hi All Is it good practice to exlude all server subnets in exclude list as I believe we are not interested in administrators to IP mapping for servers? What could be the user cases for exlcude list on firewall and user-id-agent?

Resolved! User-ID based policies exclusion

Hi I want to enable user-id features in all security policies. But I have a question, from users to Domain controller, I should not use user-id feature? as firewall does not know about user-ip mapping untill users are login to domain controller?Also on which security rules, I should not enable user-ID?

Resolved! Zscaler and Minemeld v2

Hello, I'm trying to get simple data from https://ips.zscaler.net/pac/json. I tried to exploit the extractor with http://jmespath.org/ but really, I don't think I need an extractor here, just indicator "ip". But it doesn't work : age_out: default: null interval: 257 sudden_death: true attributes: confidence: 100 share_level...

GlobalProtect Client is not Connecting

Hi there , i'm new here , hope i get a reply 🙂 i'm using an ipsec tunnel between two site . in the second site i'm not able to use the globalprotect , he cannot connected . but , when i change the desktop dns to 8.8.8.8 it worked . any solution !!!

Resolved! Issue with Windows Insider Updates when using SSL Decrypt

PAN-OS 8.0.xWe have users not receiving updates for Windows Insider Program builds when SSL decryption is enabled. Does anyone know what changes need to be made to make this work? I've solved a few other SSL decryption issues where decrypt-exceptions needed to be added or the CA imported as a trusted CA in the PA, but so far I have been unabl...

Demast by L2 Linker
  • 10190 Views
  • 9 replies
  • 0 Likes

Best practice for applying list of IP's to a security policy.

Hello, I'm trying to identify what the best way of applying a list of datacenter IPs to one of our security policies. The list has about 150 IP's and I'm apparently unable to paste the list of IP's into an address group as it gives me an error notice stating static "IP" is not a valid reference for all the IP's in the list. Creating the option...

Non-reordered IoC feed

I have an IP IoC feed that I would like to ingest and re-publish via MM. The feed is ordered by priority i.e. earlier addresses are newer\more active\higher risk, but if I ingest and publish (miner -> output) it is re-ordered by numeric order. Is there any way to prevent this and maintain the initial order? Technically I have a way aroun...

apackard by L4 Transporter
  • 3023 Views
  • 1 replies
  • 0 Likes

Using Minemeld to mine Adobe Creative Cloud addresses?

I saw this link where someone was looking at this same type of thing I am trying to do but I have not seen someone actually create the miners for Minemeld w/ Adobe. I am looking at their GitHub on how to create a miner for them myself, but I figured if someone has done the work already I could work on other things. I tried looking at their Windo...

acdop100 by L0 Member
  • 4681 Views
  • 1 replies
  • 0 Likes

Decrypt Port Mirror problem

We have decrypt port mirrior license on our PA-850But under interface types we can not see the Decrypt mirror type interfaceThe Pan-os version is 8.0.8

Screenshot_7.png
Screenshot_8.png
Radmin_85 by L4 Transporter
  • 4480 Views
  • 5 replies
  • 0 Likes

Resolved! PA 500 not booting up

Hello, we tried to make a factory reset on PA 500 following this link https://live.paloaltonetworks.com/t5/Management-Articles/How-to-perform-a-factory-reset-on-a-Palo-Alto-Networks-device/ta-p/56029 Finally we have not been able to make the factory reset and it gave us those errors attach lowmem_reserve[]: 0 730 970 970DMA32 free:16176kB min:15...

Denis by L2 Linker
  • 5474 Views
  • 6 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks