General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Discussions

Resolved! GlobalProtect Portal HTTP redirect

Dear all,

We're currently testing the GP VPN solution before we roll it out to our notebooks. We noticed that we can only access the portal homepage if we explicitly enter "https://<portal-url>". It doesn't work with just "<portal-url>" there HTTP wou

...

oschuler by L4 Transporter
  • 10743 Views
  • 6 replies
  • 1 Likes

Resize GlobalProtect Notification window

Hey,

I have a customised login page for when users connect to the GlobalProtect VPN and it frustratingly doesnt fit on the screen. I would like to know whether the Notification window can be resized and grow to a larger size than the default.

mwhite by Not applicable
  • 3130 Views
  • 3 replies
  • 0 Likes

PAN-Agent and Mac OS X Clients

Has anyone had sucess in the PAN-Agent capturing logins for Mac OS X clients joined to Active Directory?

We have about 100 iMacs running Mac OS 10.6.5, and I always get a "_unknown_" username when looking at their IP address in the PAN-Agent. We have

...

mharding by L4 Transporter
  • 5851 Views
  • 11 replies
  • 0 Likes

Resolved! IPSEC Tunnel to ASA - PeerID issues

I am setting up an IPSec tunnel to an ASA. I am getting an error message about the PEERID type only allowing IP but received FQDN. Per the other KB article, I changed the PAN Exchange mode to Aggressive.

Now the PAN received a FQDN of the ASA side an

...

SDorsey by L4 Transporter
  • 5594 Views
  • 5 replies
  • 1 Likes

GlobalProtect client behind a proxy, configuration help

I am trying to establish an ssl vpn connection using the globalprotect client, but the client is behind a proxy using a configuration script.  I have tried calling paloalto support but they said their client is not proxy aware.  Does anyone know of s

...

bigtone by L1 Bithead
  • 15852 Views
  • 6 replies
  • 0 Likes

Resolved! IPSEC aggressive exhange mode and enable passive mode

I woulld like to understand the advanced IPSEC gateway configuration.

between to ike gateway on  with a static ip address and the other with a dynamic ip allocated.

to established the phase 1, i need to set the aggressive mode on both firewall or only

...

Gregoux by L4 Transporter
  • 12825 Views
  • 5 replies
  • 0 Likes

Resolved! GlobalProtect Local LAN Printing

I have GlobalProtect running for machines when they are off the network.  Is there anything that I need to setup that would allow them to be able to print to their local LANs even though the agent is connected back to the FW?  I am currently testing

...

ccaruso by Not applicable
  • 9452 Views
  • 2 replies
  • 0 Likes

Resolved! Global Protect for Linux

Is there support for the Global Protect client for Linux? It's not a download option when logging into the portal via https. If not, is there a way to connect using Java? Would NetConnect work?_

Resolved! Aggregate Ethernet Interface with Subinterfaces

Hi there,

I'd like to set up a PA-5060 with an aggregate Layer 3 ethernet interface with no address:

Aggregate Interface

Name: ae1

Type: Layer 3

Address: (none)

Virtual Router: (none)

Tag: (none)

Security Zone: (none)

and then add subinterfaces to it, each of

...

Resolved! about session offload

Hello

the purpose is to minimze the cpu consomption but in wich way ?

how the offload work exactly?

thank's

Gregoux by L4 Transporter
  • 16467 Views
  • 7 replies
  • 0 Likes

Resolved! How can I filter disabled rules in the 'policies'-tab

Hi,

I am quite new with Palo Alto and I try to filter disabled rules, so that I only see the enabled rules. I know that a lot of syntax can be found in the monitoring tab, but since enabled/disabled rules are not in it, I cannot find. It is on the Pal

...

How to shun/block an IP address for a period of time

I've worked with several traditional IPS in the past and there is always a way to create rules that shun or block a source IP address for some period before automatically resetting.  It is especially useful for stopping automated bots that are just p

...

njoyzrd by L1 Bithead
  • 6871 Views
  • 4 replies
  • 1 Likes

GlobalProtect and "client sleep mode"

Hello,

as described in the "GlobalProtect 1.1.6: Addressed Issues" (issue point 35361) the unnecessarily reconnection after sleep/hibernate mode should be fixed.

We are using the GlobalProtect Version 1.1.7 . The portal configuration are:"On demand" mo

...

Hithead by L4 Transporter
  • 9957 Views
  • 7 replies
  • 0 Likes

Resolved! Globalprotect Portal same IP w/ management interface

Hello,

Before setting up globalprotect portal, I could access the management interface using the public IP externally. Once I configured globalprotect portal for VPN, the IP now directs you to globalprotect welcome login page. Which is normal, cause I

...

icap by Not applicable
  • 7481 Views
  • 5 replies
  • 0 Likes
Labels