This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Resolved! TLS/SSL profile for PORTAL + GATEWAY (GlobalProtect); must have valid cert for GATEWAY ?

I posted a question here in a config article.https://live.paloaltonetworks.com/t5/Configuration-Articles/Certificate-config-for-GlobalProtect-SSL-TLS-Client-cert/tac-p/158713#M2099 PORTAL just lets me hit 'accept' anyway. (of course.. as it's all self-signed..)But GATEWAY won't let me continue ? Server certificate validation failed (again... ma...

mpgioia by L3 Networker
  • 3944 Views
  • 2 replies
  • 0 Likes

Missing config after panorama upgrade

Hi, we had a problem upgrading our panorama long time ago, after upgrade to 7.0 x we lost some config (URL filtering profiles, Custom url category, application filters), so we had to add all these config by hand Yesterday we upgrade again the PA from 7.0.x to 7.1.10 and the problem happened again, we have lost some part of configs (one prerule, ...

Forcing TLS/SSL decryption to cipher suite PAN can decrypt?

We're on 7.1.x and use SSL decryption on traffic coming in to sites we host. Is there a way to force the SSL traffic to a (strong) cipher suite(s) that the PAN can decrypt please? I found this KB but I'm not entirely clear if this lets you mandate only cipher suites that can be decrypted? https://live.paloaltonetworks.com/t5/Configuration-Articl...

Site 2 Site VPN

We have a S2S VPN set up with a Juniper SRX at a partner site.The P1 key life time is 8hr and P2 life time is 1hr We are seeing that the VPN drops quite frequiently. After they have had a look at the logs they are saying that during the re-key phase our end is timeing out. I am not sure how to get debug logs , we run PAN OS 7.1.7 The have provi...

RC-BHF by L2 Linker
  • 4561 Views
  • 6 replies
  • 0 Likes

Resolved! Different source user in Monitor tab

Hello, Can you please advise why sometimes 1 user can show up with a different credentials in the Monitor tab? Please direct me to a KB/Article to rectify the issue.For example:Source user:abcd\joeabcd.com.au\joeThis causes some applications are being denied because of the false user information is not in a appropriate security group. Thanks in ...

Farzana by L4 Transporter
  • 3411 Views
  • 4 replies
  • 0 Likes

Question to disabled applications

Hey guys! I spotted some error messages in the system log of a PA-3020: Disabled applications in vsys1. After some research I found out that new apps in content updates will be disabled. My question is: What am I supposed to do now? Can I enable all disabled apps? Will that have any impact? Can I enable new apps in content update? Thanks!

MPI-AE by L4 Transporter
  • 6603 Views
  • 7 replies
  • 0 Likes

Resolved! Untrust certificate issue

Hello, Our guest users are seeing untrusted certificate errors on every response pages.An internal CA certificate (issued from enterprise CA server) is used but we can’t push the certificate to the guest users as trusted CA as they are not internal users. Please suggest a way to resolve this issue. Thanks in advance.

Error.png
Farzana by L4 Transporter
  • 2441 Views
  • 1 replies
  • 0 Likes

Resolved! How to add "/ (slash)" at the end of URL

Is it possible to make a topic for the under URL of xml ? https://support.content.office.net/en-us/static/O365IPAddresses.xml Currently, existing custom URL categories have a trailing "/", so I want to make it the same. Regards, Naoya

Resolved! SSL application undefined in monitor

Hi,I'm changing server but I assign it the same IP addresses of the other server with the same name because this is a Vmware P2V.After migration there strange effect on this. Some sites go on other are down. If I view in monitor section "session browser" in those IPs I can view "undefined" and not "ssl". What have I to do to start alla websites ...

s_quasar by L3 Networker
  • 6484 Views
  • 7 replies
  • 0 Likes

Resolved! How do I controle session time out ?

HelloI use PAN-OS 7.1 I want to controle session time out in only any policys. In this case, use custom application setting?First time I will use it. Already, set meny policys and use same port.One case, I want to use factory default session time out.Other one case, I want to set sesstion time out to 4000 seconds. ------------------------Examp...

awawa100 by L2 Linker
  • 2627 Views
  • 1 replies
  • 0 Likes

How to block a Specific `https` Site(internal DMZ) with URL Filtering

Im new Paloalto FW and welcome any advice. I`ve applied url block a Specific web site(internal DMZ serverfarm) From Untrust access /w Paloalto pa3020/os 6. Exist system was `https ssl` decrypted. So, when I get into the site with `http`Its blocked with FireWall But when I get into the site with `https' Its not blocked. My question is How can I ...

JoDW78 by L0 Member
  • 2573 Views
  • 1 replies
  • 0 Likes

Resolved! Email Scheduler with Thrid Party

Hi everyone Someone have problem when trying send test email using smtp.office365.com or smtp.gmail.com in Email Server Profile? Because when i try, this error appear I suppose that need authentication, but i didn't found where i could set the credentials in the PA Maybe the solution can be configure a smtp relay, but im not sure Thanks in adva...

Sin título.png

Resolved! Method Upgrade PanOS and impact upgrade

Dear All I want to know, method upgrade and impact if we are wrong away. In guide PA : Determine the upgrade path.You cannot skip installation of any major releases in the path to your target PAN-OS version. Therefore, if you intend to upgrade to a version that is more than one major release away, you must still download, install, and reboot th...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks