This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

Resolved! How to export sample miner from minemeld app in autofocus

Hi experts, I have a customer who uses Autofocus with Minemeld and, uses splunk. This customer is using two minemeld. One of Minemeld is from Autofocus app and, another is Standalone Minemeld deployed on Splunk. but, I found out difference number of miner samples between Autofocus app and Standalone Minemeld. Below is number of samples wh...

stand.jpg
clould.jpg
jilim by L1 Bithead
  • 4857 Views
  • 1 replies
  • 0 Likes

After installing update 8.0.8 PA3020 in FIPS\CC mode inaccessible. Device stuck in boot loop.

After installing update 8.0.8 on a couple of our PA 3020s they became inaccessible using the web access and SSH. We had to do a factory reset on the devices. Every time we tried to put the devices back into FIPS\CC with 8.0.8 installed the devices would get stuck in a boot loop. We had to do a factory reset and reinstall version 8.0.7. Then w...

Destination NAT not working

Hello all, I am having issues with my NAT config. I have everything from this doc completed but not seeing any traffic hit my outside interface in the logs.https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/networking/nat/nat-configuration-examples/destination-nat-exampleone-to-many-mapping I basically have a Synology NAS im trying ...

NAT.PNG
policy.PNG

Resolved! GlobalProtect and general Internet access?

Hey folks, Using PAN-OS 7.1.15 and Globalprotect client 4.0.1. Trying to confirm something. From what I can tell, when connected to VPN via GlobalProtect, my general internet access goes through the VPN tunnel route successfully (after security rule between the zones of course). That is the case, correct? Split tunnel is just not available or ...

OMatlock by L4 Transporter
  • 12312 Views
  • 12 replies
  • 0 Likes

List of Service Accounts

Does anyone have a running list of service accounts used/needed for best practices? User-ID (per domain or per domain trust)LDAP profile (per domain for Group Mappings) What else?

mike406 by L2 Linker
  • 2036 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect client can't authenticate anymore after upgrade to 4.1

We have upgraded our firewall to version 8.1 and the GlobalProtect agent to 4.1.We use a certificate to authenticate with our GlobalProtect Agent but after the upgrade (8.0.5 and 4.0.3) nobody can't authenticate anymore.In the logs I always see this:First'GlobalProtect portal user authentication succeeded. Login from: 10.1.2.10, Source region: 1...

ZEBIT by L3 Networker
  • 4741 Views
  • 5 replies
  • 0 Likes

Resolved! SNMP Paloalto

Hello ! I want to do snmp polling to a palo alto firewall, but not using any management "software" (like zabbix). I'm trying to do it via bash command snmpget, in which i pass the object OID 1.3.6.1.2.1.25.3.3.1.2.1 (CPU util on the management plane). Something like this: # snmpget -v 2c -c public 192.168.100.1 1.3.6.1.2.1.25.3.3.1.2.1 In which ...

DanielVe by L1 Bithead
  • 4386 Views
  • 3 replies
  • 0 Likes

Max session age?

Quick question here. If there is a perfect TCP or UDP session that is just sending stream data for example (say, an IP camera feed to a DVR server) and there are no app hiccups or dropped packets - is there a max session age for this condition? I can't seem to find anything in the docs, and I have a few sessions that are nearing 2 weeks old, s...

dberber1 by L2 Linker
  • 3227 Views
  • 3 replies
  • 0 Likes

Resolved! PA inbound decryption

PA drop (decrypt-error, policy-deny) packet when client present a certificate (SMTP STARTTLS). PAN OS version: 8.1 Test cases 1) Client cert TRUSTED, TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384 Client send Certificate Verify TLS payload openssl s_client -starttls smtp -crlf -tls1_2 -cert trusted-cert.pem -key private.key -cipher 'ECDHE-RSA-AES256-G...

decrypt-error.jpg
decrypt-error2.jpg
decrypt-ok.jpg
decrypt-ok2.jpg
blabla by L2 Linker
  • 8295 Views
  • 8 replies
  • 0 Likes

Dataplane increment from 07/03/2018

Hi, We realised that we have had an increment in dataplane from 07/03/2018. Before this day the normal value was 42% aprox. After that day the normal value is incremented to 58%. So we would like to know the reason for this increment.I check "resource monitor", sessions, cpus, etc.... and i dont see anything about what it could cause this increm...

Resolved! Panorama fails to deploy PanOS to Firewalls

We have a Panorama (M-100) managing several PA5020 firewalls. We need to update the PanOS from 6.1.7 to 6.1.10 (don't push for higher this is all we can do for now). I've updated the Panorama to the 6.1.10 version. Now i try to use the deployment software option and upload the 5020 PanOS but nothing shows after the status bar finishes. Isn't it...

Resolved! Any 'Bards' up for a poetic challenge?

It doesn't always need to be hard work and no play, some fun distractions should be part of the job 😉 Therefore I'm calling on all the bards among you (poet warriors in case you never played AD&D 🙂 ) to have a swing at a geeky or funny limerick and show us your best To keep things interesting, I'll be handing out loot to the top contribu...

reaper by Cyber Elite
  • 3528 Views
  • 2 replies
  • 6 Likes

Resolved! User ID agent user-IP mapping refresh evets

Hi Experts As you know the default cache time for user-IP mapping in user-ID agent is 45 minutes. If I am not using WMI or netbios or server session monitoring then: 1- How user-IP mapping can be maintained by user-ID agent? This means user has to logout and login again after every 45 minutes? Can I increase this to 10 hours to cover the office ...

Resolved! how to add PA forward decryption certificate to Minemeld

Dear all, first of all, thanks a lot to all contributors for this great project. Quick question: I configured my Minemeld instance in my local network and I also have SSL interception configured on my PA. For the moment I had to exclude the IP of the Minemeld instance from SSL interception because of error messages. I assume that's because M...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks