This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4440 Views
  • 0 replies
  • 0 Likes

Seek for help: Failure to use Global Protect VPN

I came into a problem for global protect VPN connection, could anyone please help me? After installing of the GlobalProtect64.msi program(finished installtion), it didnot work on my computer(cannot establish connection, windows 8.1, 64 bits system). I checked log files"debug_drv.log": [Info 297]Driver inf file is installed successfully.[Info 327...

Multi site dual-isp with redundant VPN connections: PBF vs alternatives?

When we got out PanOS firewalls a few years back, we set them up with a single virtual router and PBF to handle our active/passive ISPs. Time went on, and to support fancier topologies, such as fully redundant VPN connections between us an AWS, we moved to dual VRs: one default that holds all our routes AND the standby ISP, and one that pretty m...

uvdes by L2 Linker
  • 16557 Views
  • 12 replies
  • 0 Likes

Computer wakes up

Hello,My laptop which is couple of months ol runs win 10 is constantly turning on when in sleep mode. Any advice and what causes this?

WillAlt by L1 Bithead
  • 3825 Views
  • 2 replies
  • 0 Likes

Resolved! Educator at Heart - Jobs for trainers PCNSE certified?

About to take the PCNSE in a few weeks. I don't mind being a consultant, but I like training the most. Are there many jobs out there for PCNSE certified individuals interested in training, and if so where are they needed most? Also, what is the salary that is fair in expectation if you may know? Thanks!

Resolved! PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

Hi, When we do SSL inbound inspection for some of our web servers, SSLLabs test scores goes from A+ to B. I also tested with "openssl s_client -connect mailadmin.artvin.edu.tr:443 -showcerts" and it show the same problem. The problem is, when doing ssl inbound inspection, both SSLLabs test and openssl test shows "Secure Renegotiation IS NOT supp...

Resolved! How to export sample miner from minemeld app in autofocus

Hi experts, I have a customer who uses Autofocus with Minemeld and, uses splunk. This customer is using two minemeld. One of Minemeld is from Autofocus app and, another is Standalone Minemeld deployed on Splunk. but, I found out difference number of miner samples between Autofocus app and Standalone Minemeld. Below is number of samples wh...

stand.jpg
clould.jpg
jilim by L1 Bithead
  • 4887 Views
  • 1 replies
  • 0 Likes

After installing update 8.0.8 PA3020 in FIPS\CC mode inaccessible. Device stuck in boot loop.

After installing update 8.0.8 on a couple of our PA 3020s they became inaccessible using the web access and SSH. We had to do a factory reset on the devices. Every time we tried to put the devices back into FIPS\CC with 8.0.8 installed the devices would get stuck in a boot loop. We had to do a factory reset and reinstall version 8.0.7. Then w...

Destination NAT not working

Hello all, I am having issues with my NAT config. I have everything from this doc completed but not seeing any traffic hit my outside interface in the logs.https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/networking/nat/nat-configuration-examples/destination-nat-exampleone-to-many-mapping I basically have a Synology NAS im trying ...

NAT.PNG
policy.PNG

Resolved! GlobalProtect and general Internet access?

Hey folks, Using PAN-OS 7.1.15 and Globalprotect client 4.0.1. Trying to confirm something. From what I can tell, when connected to VPN via GlobalProtect, my general internet access goes through the VPN tunnel route successfully (after security rule between the zones of course). That is the case, correct? Split tunnel is just not available or ...

OMatlock by L4 Transporter
  • 12474 Views
  • 12 replies
  • 0 Likes

List of Service Accounts

Does anyone have a running list of service accounts used/needed for best practices? User-ID (per domain or per domain trust)LDAP profile (per domain for Group Mappings) What else?

mike406 by L2 Linker
  • 2056 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect client can't authenticate anymore after upgrade to 4.1

We have upgraded our firewall to version 8.1 and the GlobalProtect agent to 4.1.We use a certificate to authenticate with our GlobalProtect Agent but after the upgrade (8.0.5 and 4.0.3) nobody can't authenticate anymore.In the logs I always see this:First'GlobalProtect portal user authentication succeeded. Login from: 10.1.2.10, Source region: 1...

ZEBIT by L3 Networker
  • 4800 Views
  • 5 replies
  • 0 Likes

Resolved! SNMP Paloalto

Hello ! I want to do snmp polling to a palo alto firewall, but not using any management "software" (like zabbix). I'm trying to do it via bash command snmpget, in which i pass the object OID 1.3.6.1.2.1.25.3.3.1.2.1 (CPU util on the management plane). Something like this: # snmpget -v 2c -c public 192.168.100.1 1.3.6.1.2.1.25.3.3.1.2.1 In which ...

DanielVe by L1 Bithead
  • 4455 Views
  • 3 replies
  • 0 Likes

Max session age?

Quick question here. If there is a perfect TCP or UDP session that is just sending stream data for example (say, an IP camera feed to a DVR server) and there are no app hiccups or dropped packets - is there a max session age for this condition? I can't seem to find anything in the docs, and I have a few sessions that are nearing 2 weeks old, s...

dberber1 by L2 Linker
  • 3271 Views
  • 3 replies
  • 0 Likes

Resolved! PA inbound decryption

PA drop (decrypt-error, policy-deny) packet when client present a certificate (SMTP STARTTLS). PAN OS version: 8.1 Test cases 1) Client cert TRUSTED, TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384 Client send Certificate Verify TLS payload openssl s_client -starttls smtp -crlf -tls1_2 -cert trusted-cert.pem -key private.key -cipher 'ECDHE-RSA-AES256-G...

decrypt-error.jpg
decrypt-error2.jpg
decrypt-ok.jpg
decrypt-ok2.jpg
blabla by L2 Linker
  • 8384 Views
  • 8 replies
  • 0 Likes
  • 24375 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks