General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 591 Views
  • 1 replies
  • 4 Likes

Resolved! Cannot connect to management server

Dear All:

I had meet this problem for three times ,and It comes again , I can ping

the Management port with a low delay , but can not login through the https

and can login from SSH, but without any cli , I can't typing . and always

"Oct 30 12:21:13 Erro

...

j.guo by L1 Bithead
  • 21661 Views
  • 10 replies
  • 0 Likes

Shutting down/disabling subinterfaces

I am very new to the PANOS world so I will apologize in advance if this is obvious, however my search of documentation and knowledebase did not yield anything. I have been looking for a way to administratively shut down sub interfaces. Is this possib

...

scourge by Not applicable
  • 4649 Views
  • 9 replies
  • 0 Likes

Inbound traffic to DMZ issue

We have reports of certain users not being able to access our public website but majority of users are able to. The traffic log shows that the application is incomplete. Packet capture reveals the 3-way handshake does not complete and the session tim

...

x by L1 Bithead
  • 2873 Views
  • 5 replies
  • 0 Likes

GlobalProtect and "client sleep mode"

Hello,

as described in the "GlobalProtect 1.1.6: Addressed Issues" (issue point 35361) the unnecessarily reconnection after sleep/hibernate mode should be fixed.

We are using the GlobalProtect Version 1.1.7 . The portal configuration are:"On demand" mo

...

Hithead by L4 Transporter
  • 5252 Views
  • 7 replies
  • 0 Likes

IPsec Site-to-Site VPN trouble (decap bytes 0)

Hi all.

I am trying to set up an IPsec s2s tunnel with non-Palo Alto peers. So far I have tried 3 different peers (Strongswan 5.3.2, Cisco router, Cisco SOHO router) and every time I have problems seeing incoming decrypted traffic to the PA.

"Local sit

...

AMS-IX by L1 Bithead
  • 10067 Views
  • 12 replies
  • 1 Likes

Show Hard Drive information

For an audit, I need to know the Make/Model/Serial Number of the internal HDD.

I cant seem to locate the appropriate show command on a PAN device...any ideas?

Thanks much

GlobalProtect - how to edit the download page

Is it possible to edit the GlobalProtect download page?

On the page where users are prompted to download the 32bit, 64bit, or Mac version version of GP, I would like to add some instructions for the not so savvy user on which version to select and how

...

etnerual by L1 Bithead
  • 5215 Views
  • 14 replies
  • 1 Likes

Resolved! User authentication - Global Protect

HI.

I'm pre-staging a couple of PA2020's (active/passive), and am having an issue with getting authentication via AD working for Global Protect through Active Directory.

As far as I can tell, the LDAP configuration is correct - the firewall connects to

...

darren_g by L4 Transporter
  • 13177 Views
  • 12 replies
  • 0 Likes

Resolved! GlobalProtect uninstall problem

Hi,

Our user have a problem with GlobalProtect client on a computer running Windows 8. Client was behaving very unpredictable (constantly connecting and disconnecting from the VPN), so it is uninstalled (from Control Panel\Programs\Programs and Featur

...

Avaya 9611G/4610SW VPN to PA-500

Has anyone had success connecting Avaya IP phones via VPN to PA devices?  I am able to complete IKE Phase 1 authentication, but fail Phase 2 due to local/remote proxy IDs not found:

'IKE phase-2 negotiation failed when processing proxy ID. cannot fin

...

itmanager by L1 Bithead
  • 12670 Views
  • 21 replies
  • 0 Likes

PA equivalent of ASA packet tracer?

One of the more useful features in troubleshooting on the PIX/ASA (which we used until recently) is the packet tracer, which allows us to enter source/destination IP/port, etc and check to see if a given connection is allowed or blocked, and by which

...

OSPF Adjacency Issues

We've got a Cisco 7301 routers that forms OSPF adjacencies with an HA pair of 5020 firewalls.  Recently I swapped this router out with a different router with the same IPs but different configs to test a new WAN connection.  OSPF forms up just fine w

...

aglej by Not applicable
  • 7434 Views
  • 14 replies
  • 0 Likes

Resolved! GlobalProtect BSOD Windows 8.1

Installed the latest round of Windows (and driver) updates.  1-3 seconds after GlobalProtect connects, I get a BSOD and reboot. I've read through various memory dumps and it's always one of two issues.

pangps.exe -

IRQL_NOT_LESS_OR_EQUAL (a)

An attemp

...

Resolved! Welcome Page - Iframe

Hello,

we want to include a (external or internal) website via iframe in the welcome page. My test HTML site:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> 
<HTML>
<HEAD>
<TITLE>Pal

...

Hithead by L4 Transporter
  • 2812 Views
  • 13 replies
  • 0 Likes

Resolved! Is it possible to write a rule matching any IP ending in .xx

Hi all,

I have a question, is it possible to write a rule that matches only a part of the IP address? For example match any IP ending in .51? Using wildcards this would be  *.*.*.51


Put another way, i would like to match all IP's that are x.x.x.51 wher

...

Saqib by Not applicable
  • 2428 Views
  • 8 replies
  • 0 Likes