General Articles
LIVEcommunity's General Articles area is home to how-to resources, technical documentation, and discussions with Accepted Solutions that turn into articles related to all Palo Alto Networks products.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
About General Articles
LIVEcommunity's General Articles area is home to how-to resources, technical documentation, and discussions with Accepted Solutions that turn into articles related to all Palo Alto Networks products.
This Nominated Discussion Article is based on the post "Given Tunnel Interface IP is wrong but still tunnel is up".
View full article
This Nominated Discussion Article is based on the post "Bring Down IPsec Tunnel Manually" by @j.nepomuceno and responded to by @TomYoung and @Raido_Rattameister . Read on to see the discussion and solution!     I am troubleshooting an issue where I need to bring down the IPsec tunnel manually, what is the best way to do this in GUI or CLI? Thanks   Depending on whether you want to bounce the tunnel or actually disable it, you have different options.   The following CLI commands will tear down the VPN tunnel (phase1 & phase2 respectively): Phase 1 > clear vpn ike-sa gateway <gw-name>​ Phase 2 > clear vpn ipsec-sa tunnel <tunnel-name>​   Follow these steps to clear (bounce) a tunnel using the GUI: Phase 1 Goto Network > IPsec tunnels and select your tunnel Click IKE-Info At the bottom, click the action you want (Refresh or Restart)   Phase 2 Goto Network > IPsec tunnels and select your tunnel Click Tunnel-Info At the bottom, click the action you want (Refresh or Restart)   Instead of bouncing, you can also choose to disable/enable IKE gateways or IPsec tunnels.   Enable/Disable an IKE Gateway Go to Network  > Network Profiles > IKE Gateways and select the gateway in question.   Click Enable/Disable at the bottom of the screen   Enable/Disable an IPsec tunnel Go to Network  > IPSec Tunnels and select the tunnel in question Click Enable/Disable at the bottom of the screen   For more information: Refresh or Restart an IKE Gateway or IPSec Tunnel How to check Status, Clear, Restore, and Monitor an IPSEC VPN Tunnel Enable or Disable an IKE Gateway or IPSec Tunnel How to Troubleshoot IPSec VPN connectivity issues
View full article
This article is based on a discussion, What does No Direct access to Local Network actually do and when do we use it??, posted by @Schneur_Feldman and answered by @BPry and @OtakarKlier. Read on to see the discussion and solution!   Can anyone please explain SIMPLY to me what the "No Direct access to Local Network" under Global Protect actually does and mostly when are we supposed to use it?   Basically what does it block and when should we enable it? Full tunnel? Split tunnel? Only split tunnel domain? It restricts outgoing traffic on the local connected subnet. Instead of that traffic exiting through the local physical adapter like you would expect, the traffic is sent through the tunnel and (usually) dropped by the firewall. There's some behavioral considerations when it comes to existing traffic since macOS won't terminate the existing sessions like Windows does.   When you enable this feature really depends on your own configuration/environment requirements. I'd personally recommend enabling it across the board, but I know some environments don't go that far because it breaks local network functions like network printing to someone's home printer.   This feature is to satisfy compliance requirements around 'No Split Tunneling'. It prevents a user from being on VPN and, at the same time, connecting to their local systems on their home network (as an example).   For example: If your home subnet is 192.168.1.0 and your GP subnet is 10.0.0.0. By enabling "No Direct access to Local Network," you won't be able to access for example a printer on the local 192.168.1.0 network while being connected to the VPN.   Essentially you'll be cutting off Local LAN access.
View full article
  • 180 Posts
  • 252 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Labels
Top Contributors
Top Liked Posts in LIVEcommunity Article
Top Liked Authors