This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

Resolved! I'm unable to use Remote desktop from internet to PC in Trust zone

Hello all,I wanna Remote desktop from my PC in home to PC in my company but not successThis is my connection diagram I wanna remote to PC 10.126.123.132 (belong to VLAN 123, I use several VLANs in Core switch) but not success, NAT seems not to work, there's no traffic logsThis is my config..Virtual router config. Security rules NAT rule I can re...

Untitled Diagram (1).jpg
Capture.PNG
2.JPG
3.JPG
Hongson by L2 Linker
  • 20658 Views
  • 32 replies
  • 0 Likes

GlobalProtect HIP not identifying products.

Hi. I have two different HA-pairs with GP VPN configured on them. I'm trying to get HIP to work on the client, but I'm running into issues. First issue is there are a number of applications we're checking for including Dell Kace and Comodo AV Suite and GP isn't seeing it on most of our clients. When it does see it, it only appears to recognize o...

Group Mapping

Included Groups under Group Include list showing full LDAP distinguished name. Would someone be able to advise how to configure a firewall to display "DomainName\GroupName" instead? Thank youMarek

FQDN object refreshes attempted even after objects deleted

I have pair of 2000 series firewall running on PAN-OS version 7.1.7. we have deleted the below FQDN objects from the PA(objects and policies), but still its refreshing and querying the DNS server through the managment interface. i cannot find any known issue with PA2020 and 7.1.7 as well. Please suggest adnetadmin@fw-elab-01(active)> request ...

Resolved! Upgrade to PAN-OS 8.0.1

Hi everyone,I Iam about to take the plunge and update from 7.1.7 to 8.1I have read a few of the guides out there such as :8.0 upgrade/downgrade considerationsPAN‐OS® 8.0 Release Notes My questions I have are 1. Do I need to upgrade the global protect client , which is currently version 3.1.5 ?2. Do I need to update the User-Id agent running on m...

Resolved! Experience with "email-link" file type for Wildfire and "one time" links

Does anybody have real world experience with the "email-link" file type for Wildfire and "one time" links? We have concerns when we enable it, that emails which contain links to e.g. registration pages, password reset pages, etc. make problems when the Wildfire cloud already visited that page before the actual user clicks on the link in the email.

Anon1 by L4 Transporter
  • 5108 Views
  • 4 replies
  • 0 Likes

Resolved! Authentication seems to be the most difficult task....

No matter how many articles I read or follow I can never get the authentication to work for LDAP. I create the LDAP server profile, create the Auth Profile, then the Auth Seq, add the user account to admins and assign the profile to that user and it never works. I also get this error when "testing": admin@PA500-01> test authentication authent...

AD group.PNG
Auth_Profile.PNG
seq.PNG

Resolved! Panos 8 inbound ssl inspection

Hi I have tried to turn this on and well... My server site has server cert and 1 intermediary cert.With decryption on it strips the int-ca from the reply ? I find that rather strange why it would do that.So this makes any request to that site fail

Palo Alto Networks - Training Resources Available

I have put together a list of resourcers that are available online to learn and improve your skills on the Palo Alto Networks platform. Palo Alto Networks – Learning Centerhttps://paloaltonetworks.csod.com/LMS/catalog/Welcome.aspx?tab_page_id=-67&tab_id=20000157 Palo Alto Networks – FREE ACE Accreditation training and examhttps://www.paloalt...

Syslog-ng issue

I have a Kiwi Syslog-ng server reachable from Palo Alto Firewall MGMT interfaces. I generated a Self-signed Cert on PA Firewall and imported that into Windows' store for use in Secure TCP (SSL) communication in kiwi Syslog Server....but the firewall is reppetedly giving error... Syslog connection failed to server[\'AF_INET.x.x.x.x:6514.\']' More...

Activate logging

Hi,I can't view in my Kiwi Syslog the traffic from my outside interface.In my PA-500 I've enabled SNMP in Device -> Management ->Management Interface Settings -> Permitted SNMP Service.In Operations -> SNMP Setup -> activeted Use Event-Specific Trap Definitions with Version V2c and SNMP community string.Under Device -> Server P...

s_quasar by L3 Networker
  • 3836 Views
  • 7 replies
  • 0 Likes

Resolved! Question about Virtual Router and Policy Based Routing

Hi All, We are currently doing the migration from ASA 5550 to PA5020. We have totals of 4 interface in our environment. In ASA the routing is handle by Static route and pretty straight forward. As for Palo Alto, should I combine all the static route into one virtual router? Or use PBR instead? We also planned to implement the Dual ISP redudancy....

PaloAltoRouting.PNG

Microsoft glitch

anyone aware of Minemeld downloading a blank FQDN file then passing it to Palo Alto? for ofcie365, for whatever reason Minemeld is unaware that Microsoft has a glitch and the FQDN file is blank. Would either Minemeld or the Palo Alto’s have a way to detect that the Microsoft site has a glitch and a blank file could be avoided? any idea ho...

PA-VM Cannot ping eth1/2 internal interface

Hi Guys, I am running a PA VM with a VM-100 license on vmware workstation 12.5. I have the mgmt interface bridged to my network and can access the PA GUI, CLI and the internet. For my internal interface i have setup eth 1/2 to vmnet3 and unchecked the "connect as host only adapter". Also on the vmnet3 i have setup a DSL(**bleep** small linux) ...

vmnetcfg_2017-10-22_09-54-29.png
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks