This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

Best Practice IPSec Tunnels

I was wondering if anyone had some good best practice recommendations for IPSec tunnel configurations. I’ve set up a lot of these in my time, but I’m realizing that I still don’t have a firm grasp over all these choices other than “make them match on both ends if you want them to work” and “more secure is better than less secure”. Especially, fo...

locampo by L2 Linker
  • 3874 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect breaking the Internet

Hello, We have an issue with our Global Protect client. The end users are able to connect and work fine, but when they press the disconnect button on the Global Protect client it is breaks their internet. Whether the user is connected to a WiFi network or via an ethernet cable or doesn't matter. To illustrate the issue, this is what we do:1. Use...

Error.jpg
Farzana by L4 Transporter
  • 12902 Views
  • 3 replies
  • 0 Likes

Allowing Mapquest

Greetings, One of my departments is requesting access to Mapquest for their users. Currently they have limited Internet access. I have added *.mapquest.com/ and it brings up a very limited webpage (no links). So I did some searching and found that Mapquest also uses a hosting site called mqcdn so i added *.content.mcqdn.com/ in as well. I was a...

Resolved! Group Mapping vs Authentication Profile

Hi Here is what we want to do:1. Implement a security policy rule based on user group membership2. There is no User ID using any Agent. The users will authenticate using captive portal.3. Firewall will use LDAP to retrieve group mapping4. PAN OS 7.1 Here's the question:Assume that I want to allow only users from LDAP Group "HR" in the security p...

NTP and proxy bypass

Hi i have a problem at the moment where it appears there is a proxy/Vpn application that is using port 123 .as i have lots of byod devices that require access to NTP i leave the port open. When I look at the monitor logs it source port can be anything from 123 to any other port and the dest port is 123 and P.A is letting me know the application ...

Resolved! Query on Certificate/access Internet

Is there a way to configure the firewall so that users can access internet without needing to install certificate?Currently users have to have a certificate installed on their devices to be able to connect to the internet.Any article on this?

Farzana by L4 Transporter
  • 2917 Views
  • 2 replies
  • 0 Likes

Session info not in sync in CLI and Web GUI

My PAs are on PAN OS 7.1 OS, I have noticed that session info is immediately displayed in CLI when I use sh session all filter command but when I see in GUI , there is a delay or sometimes I never see that session in Web GUI >Monitor>trafficIs this a bug ?

Resolved! After upgrading a pair of PA-3050 to 8.0.4, very slow throughput, reduced network connection speeds

After upgrading a pair of PA-3050 to 8.0.4, very slow throughput, reduced network connection speeds Before upgrading from 8.0.2 to 8.0.4, we hace average speeds of 18/18 Mbps with other headquarters, and 100/100 with Internet.After upgrading to 8.0.2, we have very slow connection with headquarters and Internet, average speeds of 300 Kbps with he...

High Avaibility problem A\P

There are two PA-500 firewalls in High Availability state A\PAfter failover process the passive device become active but didnt pass the traffic.One possible reason which i suppose to be is the Gratious Arp packets are not send to the port of switch (cisco 3850) which is connected to passive devicebecause when we type show mac-address interface ...

Radmin_85 by L4 Transporter
  • 2850 Views
  • 3 replies
  • 0 Likes

Global Protect - Nowhere to enter credentials

Hiya, I'm very new to this so if this is the wrong place please move it or let me know so I can repost in the correct place. I use Global Protect to connect to my University account through a VPN. However it updated overnight and is now version 4.0.4-9. Before it updated I had the option to enter the Portal, Username and Password. Now i only hav...

EmsUni by L0 Member
  • 1890 Views
  • 1 replies
  • 0 Likes

Custom report export takes a lot of time

I am facing an issue while exporting a custom report. I am running 8.0.3 on PA-220. After I create a report I used "Run Now" option and tried exporting the result (100 records) into CSV/PDF. It is taking a lot of time in Exporting state. I thought it is due to ip-hostname resolve timeout and tried unchecking the Hostname columns. But when I hov...

Minemeld upload feeds from otx AlienVault

Hi, I just trying to figure out how correctly add miners from OTX AlienVault. The main Issue is when I added threat feed or any indicators from different groups or AV user, it always stuck with error "collection error - not found". Using prototype something like this :_________________________________age_outdefault: 30dsudden_death: falseatt...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks