This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4433 Views
  • 0 replies
  • 0 Likes

Resolved! User-ID from multiple sources - what takes precedence

Hi,We are setting up user-ID with agents on member servers, checking domain controller event logs. We also run an internal globalprotect gateway.With both active and potentially providing the same user-ip mapping, which one does the firewall user? the one from GP or the one from the DCs?Thanks,Shannon

SARowe_NZ by L3 Networker
  • 6220 Views
  • 3 replies
  • 0 Likes

Error when renewing Certificate "Failed to read certificate"

Hello Bro, Recently, I was trying to renew a certificate but I received the error "Failed to read certificate". I have tried it like 4 times receiving the same error. Tried by renewing the CA first or by the child first, both cases I receive the same error. error message attached. Any ideas Bro, TIA

SYSTEM ALERT : high : Number of hints on disk has exceeded 5000 due to log forward failures

Hello I receive many alerts with subject SYSTEM ALERT : high : Number of hints on disk has exceeded 5000 due to log forward failures. I do not have panorama (never did). Is there a way for these alerts to stop. Below is the alert i received from email. domain: 1receive_time: 2024/05/29 13:18:52serial: xxxxxxxxxxseqno: 7373667907529615763action...

kvagenas by L1 Bithead
  • 2713 Views
  • 3 replies
  • 0 Likes

Certificate not valid

I am trying to setup Machine authentication, where it actually validates the machine certificate, I have a PKI infrastructure, that pushes certificates to the machines, with there name in Common Name, and SAN, of the machine hostname. On they Certificate Profile i have enabled CRL, and added both Root and intermediate CA, and set username to su...

Spiff_21 by L1 Bithead
  • 69670 Views
  • 4 replies
  • 0 Likes

radius and PANF gui

Hello , I have integrated Radius with VM FW the ssh to FW works . I have not created any local user on FW , All users are on radius server but gui to FW does not work with radius account ; when i enter radius creds in gui , it accepts and comes back to the login screen again ? Is that a known issue I created 10 users in Radius and a...

LDAP

We plan to enable channel binding for LDAP on our domain controllers. Since the firewalls use LDAP for querying AD information from the domain controllers, do we need to make any configurations to the firewalls to be compatible?

Captive portal auth with Client Certificate as first auth method and local auth as fallback

Hello team, To identify my users, I have used Captive Portal with ldap authentication profile.Then I removed the ldap from the captive protal config and added a "Certificate profile", and it works well as well. However, when I assign both an ldap profile AND a certificate profile to my captive portal configuration (Device> User Identificatio...

Rule has application any and port 3389 we see discard for application cotp

We have security policy to allow any application on port 3389.I see users are able to connect to server on port 3389. traffic log shows denied on application cotp.my understanding is that if you have application as any it should cover all the applications.why it is getting denied on app cotp for port 3389? Running PAN os 8.1.9

MP18 by Cyber Elite
  • 15455 Views
  • 9 replies
  • 0 Likes

Intrazone-default rule

Hello, I would like some advice on Palo Alto's default intrazone-default rule. Unless I have a drop any any above this rule I see IP's from all over the public internet hitting my Palo Alto and being accepted on the intrazone rule as the traffic is from zone outside to zone inside. I want all of these random public IP's to be blocked and not a...

PA restart with Internal packet path monitoring failure

We have a pair of 3220 in a cluster. Yesterday we upgraded to 10.2.9-h11 and today we faced a restart of the Active peer twice with this error: Internal packet path monitoring failure, restarting dataplane I could not find any bugs related to this in 10.2.9-h11 Any thoughts? Should we upgrade further?

Max Tunnels for GlobalProtect

Can someone help me to understand the maximum number of concurrent connections possible with the GlobalProtect Clientless VPN solution? Preferably any documentation where this is specified would be great!

mitchduf by L0 Member
  • 842 Views
  • 1 replies
  • 0 Likes

User's traffic not hitting correct security rule.

We're running into an issue where a rule that is meant to update anti-virus protection on port 443 is slipping through and being caught by a lower rule which denies any application and service. (Hardware: PA-5050, OS version : 8.1.6).As far as the security rule is concerned, we have mentioned FQDNs as the destinations (instead of IPs & URLs)...

  • 24374 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks