This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4129 Views
  • 0 replies
  • 0 Likes

"Client cert is invalid to the gateway" error

Hi, I am trying to setup machine cert authentication, but it appears I am missing something. Local user auth works fine without certificates. Gateway and Portal are on a single 3020 with 7.1. I created a local-CA and generated a cert for all windows 7 machines.I imported this cert into the Local Computer personal stores on the windows 7 compute...

BBartik by L2 Linker
  • 4177 Views
  • 2 replies
  • 0 Likes

Changing Global Protect Portal Using plist without Restarting Mac

Here are the steps I've tried in chaning the portal Global Protect.app without restarting the Mac: Packaged up /Library/Preferences/com. paloaltonetworks.GlobalProtect.settings.plist and ~/Library/Preferences/com. paloaltonetworks.GlobalProtect.settings.plist with the new <portal>Deployed package to both paths listed above (Mac does not ta...

ShawnP by L1 Bithead
  • 5235 Views
  • 4 replies
  • 0 Likes

NAT Between VR's

Hello.Despite my best efforts I am unable to get this concept working. We have 1 x Palo Alto 3020.It has 2 Virtual routers configured. Both use 192.168.*.* networks. I'd like to access a machine in the neighbour VR, from the opposite VR. As the networks overlap, I presumed this would be a case of using NAT. I can't get the configuration to w...

PCortes by L0 Member
  • 2758 Views
  • 1 replies
  • 0 Likes

Palo Alto and Polycom Relpresence Issue

Hi All, Having issue using Polycom mobile. On our side: No video and audioOn Dialed no: Video and Audio is working we translate trust network to a specific public address and allow Policy:trust network -> untrust to any destination and service.Untrust (public address of peer) -> Trust any destination and service. Palo Alto ALGs - Disabled ...

Hostname in user id and terminal server agents issue

We are using dns name for user id and terminal server agents in firewall configurtaion like below However intermittelnly we are seeing red light on firewall and while checking directly on terminal server agent software, the firewall connection is vanished.We tried restaring services from server side. but no help. We suspect if something changes ...

fqdn.png

globalprotect fails to connect on windows 10

GlobalProtect doesn't connect on my new windows 10 laptop (64 bit). I tried reinstall/reboot several times, but it didn't help. The PanGP Service log shows : 21:49:49:463 Debug(1241): Session 1, domain name XXXXX.(T4740) 05/12/16 21:49:49:463 Info (1276): Enumerate session: user xxxxx\xxxx logs in on session 1(T4740) 05/12/16 21:49:49:463 Debug...

ravindra by L0 Member
  • 7761 Views
  • 6 replies
  • 0 Likes

GlobalProtect 3.1.4-7 + N600 Wireless Dual Band Gigabit Router (TL-WDR3600) problems

Regards, have GlobalProtect 3.1.4-7 + N600 Wireless Dual Band Gigabit Router (TL-WDR3600).When using wifi everything is OK.When using LAN (UTP cable) VPN connection trough GP is interupcted periodicaly for couple of pings and then restored back. Im losing my nerves with this one.If connected trough LAN without Router (direct to the modem) everyt...

Kris555 by L1 Bithead
  • 4294 Views
  • 4 replies
  • 0 Likes

Upgrade to latest 7.0.x or 7.1.x?

Hi, we are planning to upgrade our 3020 A/P Cluster to latest PANOS (7.0.x or 7.1.x). Currently we are runing 6.1.13. We want to do more SSL Decryption (Inbound & Forward Proxy). What are you thinking is the best and stable release for 3020 A/P Clusters and SSL Decryption? Is there a official site where we can check the palo alto recommended...

iweltag by L2 Linker
  • 4926 Views
  • 7 replies
  • 0 Likes

Thinking about blocking executable file downloads - Gotchas?

In our environment, we have eliminated the scourge of people being local administrators on computers, with the exception of administrative accounts assigned to some of the IT personnel. I'm thinking about blocking the DLL, DMG, EXE, MSI, and PE file types for everyone but IT personnel. Are there any caveats or big gotchas related to doing so? ...

Resolved! Source Based Custom URL Lists

All, Does anyone know a way to setup source-based Custom URL Lists containing domains as an alternative to using source-based IP addresses and address groups? I don't think it's possible in any of the current versions of PAN-OS but i am looking at options. For example, if i want to limit inbound SMTP to our edge Exchange server from the Microso...

Switch from Static to Dynamic Address Object Groups

Hello all, we are running into an issue where we are unable to change static address object groups to dynamic address object groupsWe have an M500 and several PA7050 and the objects are managed under the "shared" device group for all the PA7050's. We have added tags etc. to the address objects and on the panorama they show up with their dynamic...

GlobalProtect VPN usage reports?

I'd like to generate a scheduled report of all the GlobalProtect VPN users connected in the last 24 hours. Is this possible to create in Pan OS 7.1?

Maxstr by L3 Networker
  • 4941 Views
  • 4 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks