This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4122 Views
  • 0 replies
  • 0 Likes

Resolved! Pattern of network vulnerability scanning coming from all over the world

In the last month or so we have seen lots of network vulnerability scanning for the following 3 Threat IDs coming from all over the world.- MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability(30426)- WebUI mainfile.php Arbitrary Command Injection Vulnerability(38836)- Wireless IP Camera Pre-Auth Info Leak Vulnerability(33556)We ...

CTW1983 by L2 Linker
  • 4015 Views
  • 2 replies
  • 0 Likes

Best Implementation of PA 8.0

Dear All Expert,Do anybody can share Best Implementation of PA-8.0 ?https://www.sans.org/reading-room/whitepapers/auditing/palo-alto-firewall-security-configuration-benchmark-35777 Best Regards,Chhayheng

Resolved! Cannot access PA-200 via Console

Greetings all, I have a PA-200, there it was previously configured and it was stored for long time, we wanted to reuse it, however, I cannot access it via console, when I connect to it nothing there in Putty just black screen. here is what I have: Console cable connected to USB-Serial( Iam sure the cable and adaptor works fine, I tested it with...

mfkoko by L1 Bithead
  • 14924 Views
  • 8 replies
  • 0 Likes

Block SSL urls for BYOD student users- Maintain Cert trust chain

Hello all... I find myself in a bit of quandary on how to deal with blocking\inspecting various SSL based urls for our student BYOD users. I realize I need to decrypt the traffic in order to take action on it... but our problem lies with how to deal with certs....and keeping browsers happy with an intact trust chain. PA support told me that I mu...

Is it possible to export the private key from the forward-untrust certificate to view in wireshark ?

I want to check a specific HTTP request that is send to a webserver and which is currently blocked by one of our vulnerability checks to verify if the signature is correct.But I need to be able to view the decrypted data on the exported capture, therfor I have to import the private key of the forward-untrust certificate into wireshark....But I h...

DaxVC by L2 Linker
  • 2582 Views
  • 1 replies
  • 0 Likes

dismiss global protect download link From GP Portal

hi Guys, well, i m running on version 8.03 and have done all necessary clientless configuration but one thing is a bit weird to me. - Once a user log in via the Portal, he is able to use or see the GP download link, has anyone any idea on how to dismiss the GP download Link from the Portal? i want them to see only the assigned applications. ...

big_Gilo by L2 Linker
  • 2451 Views
  • 1 replies
  • 0 Likes

FTP weird behaviour

Hi, We realised that our PA is doing something strange with FTP appWe have create and above rule (Servidores a INET 1). All our FTP connections involved should match this rule but we see connections which are jumping this rule and mathicng in another one below (Servidores a INET ftp) This is the log traffic (source 192.168.53.182) where all...

policies.jpg
good rule.jpg
Bad rule.jpg

Skype for Business - Send files

Hi, Having some issues with Skype for Business and file sending. When i have SSL Decryption on, I cant recieve or send files over SfB (Works when I turn it off).Does someone know what URL`s i should add to the "NoDecrypt" url list to make it work?

JoneSkj by L1 Bithead
  • 3211 Views
  • 4 replies
  • 0 Likes

Resolved! DHCP Clients Not Getting IP From ISP Router Thru VWIRE

Hi All, I may be missing something but wanted to check with you all. I have a network with a PA-200 (vwire) between a FIOS router and a Netgear Layer 2 switch. I also have WAPs connected to the switch. The FIOS router is providing DHCP address to the wired/wireless clients connected. The DHCP clients are not getting IP addresses and I'm get...

GlobalProtect & User-ID

Hello, I am trying to find some information on how to configure GlobalProtect with User-ID but haven't been able to. What I am trying to do is to enforce a new policy where when some of the users, who have laptops that aren't joint to the enterprise AD but have AD user accounts, will need to use GlobalProtect. And, use GlobalProtect with User-ID...

Resolved! I'm unable to use Remote desktop from internet to PC in Trust zone

Hello all,I wanna Remote desktop from my PC in home to PC in my company but not successThis is my connection diagram I wanna remote to PC 10.126.123.132 (belong to VLAN 123, I use several VLANs in Core switch) but not success, NAT seems not to work, there's no traffic logsThis is my config..Virtual router config. Security rules NAT rule I can re...

Untitled Diagram (1).jpg
Capture.PNG
2.JPG
3.JPG
Hongson by L2 Linker
  • 20352 Views
  • 32 replies
  • 0 Likes

GlobalProtect HIP not identifying products.

Hi. I have two different HA-pairs with GP VPN configured on them. I'm trying to get HIP to work on the client, but I'm running into issues. First issue is there are a number of applications we're checking for including Dell Kace and Comodo AV Suite and GP isn't seeing it on most of our clients. When it does see it, it only appears to recognize o...

Group Mapping

Included Groups under Group Include list showing full LDAP distinguished name. Would someone be able to advise how to configure a firewall to display "DomainName\GroupName" instead? Thank youMarek

FQDN object refreshes attempted even after objects deleted

I have pair of 2000 series firewall running on PAN-OS version 7.1.7. we have deleted the below FQDN objects from the PA(objects and policies), but still its refreshing and querying the DNS server through the managment interface. i cannot find any known issue with PA2020 and 7.1.7 as well. Please suggest adnetadmin@fw-elab-01(active)> request ...

Resolved! Upgrade to PAN-OS 8.0.1

Hi everyone,I Iam about to take the plunge and update from 7.1.7 to 8.1I have read a few of the guides out there such as :8.0 upgrade/downgrade considerationsPAN‐OS® 8.0 Release Notes My questions I have are 1. Do I need to upgrade the global protect client , which is currently version 3.1.5 ?2. Do I need to update the User-Id agent running on m...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks