This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4484 Views
  • 0 replies
  • 0 Likes

Resolved! GlobalProtect and general Internet access?

Hey folks, Using PAN-OS 7.1.15 and Globalprotect client 4.0.1. Trying to confirm something. From what I can tell, when connected to VPN via GlobalProtect, my general internet access goes through the VPN tunnel route successfully (after security rule between the zones of course). That is the case, correct? Split tunnel is just not available or ...

OMatlock by L4 Transporter
  • 12493 Views
  • 12 replies
  • 0 Likes

List of Service Accounts

Does anyone have a running list of service accounts used/needed for best practices? User-ID (per domain or per domain trust)LDAP profile (per domain for Group Mappings) What else?

mike406 by L2 Linker
  • 2059 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect client can't authenticate anymore after upgrade to 4.1

We have upgraded our firewall to version 8.1 and the GlobalProtect agent to 4.1.We use a certificate to authenticate with our GlobalProtect Agent but after the upgrade (8.0.5 and 4.0.3) nobody can't authenticate anymore.In the logs I always see this:First'GlobalProtect portal user authentication succeeded. Login from: 10.1.2.10, Source region: 1...

ZEBIT by L3 Networker
  • 4809 Views
  • 5 replies
  • 0 Likes

Resolved! SNMP Paloalto

Hello ! I want to do snmp polling to a palo alto firewall, but not using any management "software" (like zabbix). I'm trying to do it via bash command snmpget, in which i pass the object OID 1.3.6.1.2.1.25.3.3.1.2.1 (CPU util on the management plane). Something like this: # snmpget -v 2c -c public 192.168.100.1 1.3.6.1.2.1.25.3.3.1.2.1 In which ...

DanielVe by L1 Bithead
  • 4460 Views
  • 3 replies
  • 0 Likes

Max session age?

Quick question here. If there is a perfect TCP or UDP session that is just sending stream data for example (say, an IP camera feed to a DVR server) and there are no app hiccups or dropped packets - is there a max session age for this condition? I can't seem to find anything in the docs, and I have a few sessions that are nearing 2 weeks old, s...

dberber1 by L2 Linker
  • 3272 Views
  • 3 replies
  • 0 Likes

Resolved! PA inbound decryption

PA drop (decrypt-error, policy-deny) packet when client present a certificate (SMTP STARTTLS). PAN OS version: 8.1 Test cases 1) Client cert TRUSTED, TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384 Client send Certificate Verify TLS payload openssl s_client -starttls smtp -crlf -tls1_2 -cert trusted-cert.pem -key private.key -cipher 'ECDHE-RSA-AES256-G...

decrypt-error.jpg
decrypt-error2.jpg
decrypt-ok.jpg
decrypt-ok2.jpg
blabla by L2 Linker
  • 8395 Views
  • 8 replies
  • 0 Likes

Dataplane increment from 07/03/2018

Hi, We realised that we have had an increment in dataplane from 07/03/2018. Before this day the normal value was 42% aprox. After that day the normal value is incremented to 58%. So we would like to know the reason for this increment.I check "resource monitor", sessions, cpus, etc.... and i dont see anything about what it could cause this increm...

Resolved! Panorama fails to deploy PanOS to Firewalls

We have a Panorama (M-100) managing several PA5020 firewalls. We need to update the PanOS from 6.1.7 to 6.1.10 (don't push for higher this is all we can do for now). I've updated the Panorama to the 6.1.10 version. Now i try to use the deployment software option and upload the 5020 PanOS but nothing shows after the status bar finishes. Isn't it...

Resolved! Any 'Bards' up for a poetic challenge?

It doesn't always need to be hard work and no play, some fun distractions should be part of the job 😉 Therefore I'm calling on all the bards among you (poet warriors in case you never played AD&D 🙂 ) to have a swing at a geeky or funny limerick and show us your best To keep things interesting, I'll be handing out loot to the top contribu...

reaper by Cyber Elite
  • 3571 Views
  • 2 replies
  • 6 Likes

Resolved! User ID agent user-IP mapping refresh evets

Hi Experts As you know the default cache time for user-IP mapping in user-ID agent is 45 minutes. If I am not using WMI or netbios or server session monitoring then: 1- How user-IP mapping can be maintained by user-ID agent? This means user has to logout and login again after every 45 minutes? Can I increase this to 10 hours to cover the office ...

Resolved! how to add PA forward decryption certificate to Minemeld

Dear all, first of all, thanks a lot to all contributors for this great project. Quick question: I configured my Minemeld instance in my local network and I also have SSL interception configured on my PA. For the moment I had to exclude the IP of the Minemeld instance from SSL interception because of error messages. I assume that's because M...

Resolved! Certificate Error on Miner Refresh

Currently Running MineMeld Version 0.9.40 on Ubuntu 14.04. I am getting the following certificate error. I have tried updating the self-signed cert, restart, ubuntu reboot. with no change.

iheredia by L1 Bithead
  • 11504 Views
  • 6 replies
  • 0 Likes

Resolved! Certificate is expired and is shown in the browser

Good Morning, System: PA-3020SW Ver: 8.0.6 we are trying to implement a certificate on our Test Firewall and have encountered the an expired certificate.We have created the certificate (self-signed); however, when I go to the Palo Alto GUI, the browser says 'Not secure.' The information from the certificate shows that the certificate was valid f...

Certificate Error.png
jasfree by L1 Bithead
  • 5563 Views
  • 4 replies
  • 0 Likes

Resolved! URL classified as Malware but not sinkholed

Hello, Quick question for a specific URL (cia.toh.info) This URL is classified as malware in PAN-DB but doesn't show ip in the AV release notes as a malware site so it doesn't get sinkholed when we do a DNS lookup for that url. We've noticed other URLs exhibiting the same behavior. Has anyone else seen this? Is there a disconnect between the ...

epeeler by L2 Linker
  • 2604 Views
  • 1 replies
  • 0 Likes

Virtual Wire

Hello! Is possible to have configured Antispyware with DNS Sinkholing and External dynamic lists (URL filtering) in virtual wire envirnoment.Is it working if I configure only one L3 port on PA and put on fake IP , all other interfaces remain on virtual Wire mode?I'm using PA-3020. Thank you very much for your answerAles

ales by L0 Member
  • 2005 Views
  • 1 replies
  • 0 Likes
  • 24380 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks