This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4225 Views
  • 0 replies
  • 0 Likes

Resolved! Wildfire API

i am working on paloalto VM version 5.0.6 and tying to read reports from wildfire with the help of API using cURL.i am pulling the report on the basis of "device_id" and "report_id" but getting error.curl -i -k -F device_id=[SERIAL NUMBER] -F report_id=[TID FROM LOG] -F format=xml are above options are supported in version 5.0.6?if yes then anyt...

Resolved! General Interface status?

Hi folks, We have a PA-200 over in London (on the recall list) that get complaints that the internet has intermittent connectivity issues.Everytime I login to it, the interface (1/1) is up, green, and no indication of a problem. Other than contacting the service provider about outage status, does anyone have method(s) on the firewall to determin...

OMatlock by L4 Transporter
  • 4286 Views
  • 4 replies
  • 0 Likes

User activity report

Hi Team, Customer trying to utilize Palo Alto to generate user activity reports that show detailed web browsing. I understand from other articles (https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/monitoring/view-and-manage-reports/generate-usergroup-activity-reports) that the browse time isn't something that the firewalls have the...

sprabhu by L3 Networker
  • 2137 Views
  • 1 replies
  • 0 Likes

Resolved! Best Practice for HA1 IP address

I have a lots of customers who uses HA pair with 1.1.1.1/30 and 1.1.1.2/30 for HA1 port.This HA1 port connected directly. And reason for selecting these IPs are because nobody was using it in the past. Today, I read this article:https://blog.cloudflare.com/announcing-1111/https://www.theverge.com/2018/4/1/17185732/cloudflare-dns-service-1-1-1-1 ...

emr_1 by L6 Presenter
  • 4861 Views
  • 3 replies
  • 0 Likes

Resolved! DNS not working

Hi There, I am new to Palo Alto and we are currently simulating PA VM ESX-7.0.1. I try to implement DNS but though I have reachability to the DNS server (google DNS) my address resolution is not working as expected. Please find the snap below. Thanks in advance Prashanth

snap.PNG

Resolved! What is mean log .1 .old

Hi all, I would like to know about log cache example mp.log.1 or mp.log.old extension .1, old how it occurred and in this case usually with compromise or disk full

Global Protect IPSec/SSL

Hello, If global protect fails to establish a IPSec tunnel and uses SSL instead, does it attempt to switch tunnel types if it sees it can do a IPSec tunnel or will it keep it's current tunnel type until the GP client get's refreshed and sees what connection it can establish? The reason I ask is because Global Protect is extremly slow when it us...

URL Filtering with no block page

Is it possible to have URL filtering by category with just a quiet drop of traffic, no reset or block page? Basically I want to filter without people knowing I am filtering, they just can't connect to a bad website. I can't figure out how to do that; everything looks like URL filtering requires some sort of response page.

Resolved! Identify Policy Deny Source

I am seeing some decrypted sessions hitting an allow rule, but the session end reason gets logged as a "policy-deny". Here is a screenshot of one example:In the above example, rule "outbound" is configured as:Source Zone: MSUNSource Address: AnyDestination Zone: CharterDestination Address: AnyApplication: AnyService: AnyAction: AllowSecurity Pr...

policy deny.PNG

Resolved! Authentication error Gprotect

Hi, we have a cluster of PA5020 with PanOS 7.1.12. Yesterday we had a problem, the Global protect authentication was failing. So we failover the cluster and it worked again. Today this problem has happened again. Looking in bug we could be hitting this bug. So i would like to confirm if we are hitting this bug. How could we check "proxy memory"....

bug.JPG

Seek for help: Failure to use Global Protect VPN

I came into a problem for global protect VPN connection, could anyone please help me? After installing of the GlobalProtect64.msi program(finished installtion), it didnot work on my computer(cannot establish connection, windows 8.1, 64 bits system). I checked log files"debug_drv.log": [Info 297]Driver inf file is installed successfully.[Info 327...

Multi site dual-isp with redundant VPN connections: PBF vs alternatives?

When we got out PanOS firewalls a few years back, we set them up with a single virtual router and PBF to handle our active/passive ISPs. Time went on, and to support fancier topologies, such as fully redundant VPN connections between us an AWS, we moved to dual VRs: one default that holds all our routes AND the standby ISP, and one that pretty m...

uvdes by L2 Linker
  • 16142 Views
  • 12 replies
  • 0 Likes

Computer wakes up

Hello,My laptop which is couple of months ol runs win 10 is constantly turning on when in sleep mode. Any advice and what causes this?

WillAlt by L1 Bithead
  • 3793 Views
  • 2 replies
  • 0 Likes

Resolved! Educator at Heart - Jobs for trainers PCNSE certified?

About to take the PCNSE in a few weeks. I don't mind being a consultant, but I like training the most. Are there many jobs out there for PCNSE certified individuals interested in training, and if so where are they needed most? Also, what is the salary that is fair in expectation if you may know? Thanks!

Resolved! PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

Hi, When we do SSL inbound inspection for some of our web servers, SSLLabs test scores goes from A+ to B. I also tested with "openssl s_client -connect mailadmin.artvin.edu.tr:443 -showcerts" and it show the same problem. The problem is, when doing ssl inbound inspection, both SSLLabs test and openssl test shows "Secure Renegotiation IS NOT supp...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks