This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4122 Views
  • 0 replies
  • 0 Likes

Device block on MAC without Global Protect

Hi, Would anybody know if there is a way to block devices on a LAN (without Global Protect)? I know reservations and static IP's can be assigned but asking the question to see if it's a possibility. Many thanks Will

CDS_Will by L0 Member
  • 2126 Views
  • 2 replies
  • 0 Likes

Traffic Flow in SSL VPN

Hi All, Please can someone explain me the traffic flow in SSL VPN as am a bit confuse about it. I might come up with more questions once this discussion starts. Thanks

mahmoodm by L3 Networker
  • 3058 Views
  • 3 replies
  • 0 Likes

What priviledge need user-id agent user to work with WMI?

Hello,We need to know the priviledge minimum to the user-id user to work with the WMI probes and it can't look the security log of DC.The problem is that on the security log appears one user of application siteadvisor that is installed on every PC of domain.Then, when we execute the Get All on User-Id Agent, the 90% of IP addresses are assigned ...

jvmartin by Not applicable
  • 4698 Views
  • 5 replies
  • 0 Likes

port 443 for Minemeld not opened. Cannot log into Web Console

I am brand new into Minemeld. I followed the link https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-VMWare-desktop/ta-p/72038 for installation and followed steps. All seemed to work fine. There was a note that to access Minemeld, it would be using 443. Great. I opened my browser up and attempt to reach the DHCP...

scantwell by L4 Transporter
  • 8167 Views
  • 4 replies
  • 0 Likes

Error when trying to renew certificate "Failed to write issuer certificate to disk"

Hello, When trying to renew some certificates (already expired and signed by a internal windows server) we receive the error message below: "Failed to write issuer certificate to disk" This is a VM-100 modelWe have other boxes (PA200 and 3020) with the same scenario (certificates signed by windows server and uploaded to PA box) that can be rene...

2017-02-06.png

Resolved! Global Protect some questions

Hi I have PA-3050 Cluster and will configure SSL-VPN for remote users "without licenses installed", so I have a couple of questions on Global Protect; 1- How many users can connect through SSL-VPN on this device? 2- Can we connect SSL-VPN over mobile phones using the same configuration required for remote users (gateways and portal), or there is...

myasin by L2 Linker
  • 3571 Views
  • 4 replies
  • 0 Likes

Generate an e-mail alert from a DENY policy

HiJust a quick question, one of my policies on my PA5020 is a "Deny_Any" policy whereby if no application matches the policy base then it gets denied. The only time I see this is when I view the monitor | logs | traffic. Is there any way I could get an email sent to me when the DENY policy is matched? Thanks in advance Julian

JulianH by L1 Bithead
  • 3352 Views
  • 3 replies
  • 0 Likes

LDAPS inexplicably working on 2 DCs, not on 3rd

Please suggest a better title, this issue has sent me through the ringer. We have a site with an MPLS connection down. The PAs use the domain controller in our datacenter for authentication for both admin, and GP users, which is over the MPLS. LDAP requests of coures.. fail. We also have a DC in Azure, which the PA has an IPSEC tunnel attache...

Resolved! Netflow not working

Hello, In the Traffic monitor logs, nothing is showing up for netflow.Using PAN-OS 7.0.4.Tried using port 2055 and 9996.Tried to use default and MGT interface of Netflow and SNMP Trap under Device>Setup>Services>Service Route Configuration. We have setup Netflow as per below:Device>Server profiles>Netflow:Packets: 50; Minutes: 1; ...

Farzana by L4 Transporter
  • 5234 Views
  • 1 replies
  • 0 Likes

How to SSL Bypass based on application

Hello, I wanted to share a solution I have implemented recntly. Bypassing SSL Decryption based on applications was a request I had from many customers.I know there is an FR for that. but until then, with PAN-OS 8, it is possible to achieve differently. I had a specific scenario where one of my customers had to connect to his customer's Pulse Sec...

tag.png
dynamic address group.png
bypass rule.png
log forwarding.png
Ozamir by L2 Linker
  • 8854 Views
  • 2 replies
  • 8 Likes

ERR_SSL_PROTOCOL_ERROR GlobalProtect

Hi All, When I try to open the URL of our portal I get the following error in Chrome: Chrome: ERR_SSL_PROTOCOL_ERRORFirefox: SSL_ERROR_HANDSHAKE_FAILURE_ALERT I also imported the wildcard certificate to 'Personal' and 'Trusted Root CA.' Logs: PanGP Service: (T9576) 09/14/17 13:13:24:014 Debug(4266): NetworkConnectionMonitorThread: m_state = 0, ...

DocEmre by L0 Member
  • 8045 Views
  • 4 replies
  • 0 Likes

Single Pass Parallel Processing SP3

Hi All, Please can someone explain me the concept of SP3 in simple terms as i dont find any good resource to understand this.I understand that passing the traffic through different devices will impact throughput and add latency,but how does PA works to overcome that. Thanks

mahmoodm by L3 Networker
  • 19721 Views
  • 11 replies
  • 0 Likes

Panoram and Clusters

HI Sort of asked this before, but with a couple more months of experienace, I am back again So I have a cluster I want to manage with panorama Object and polices work great... templates not so good. So I have a cluster setup for Global protect, but I have to duplicate my certificates, interfaces and zones between 2 templates. because things are...

Resolved! Suggestions for Splunk Search/Report

We have the Palo Alto app for Splunk logging everything correctly, I'm basically looking for suggestions on solid search reports to eliminate most of the noise. I've been combing through some of the Splunk forum posts but nothing jumping out at me so far. Thanks in advance.

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks