This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4231 Views
  • 0 replies
  • 0 Likes

Resolved! Panorama or Firewall PAN-OS? What to upgrade first?

Hi Guys, We currently have 12 Palo Alto firewall appliances and 1 Panorama management server. Panorama version is currently 5.1.9 and the firewalls are all on version 5.0.14.We are looking at upgrading the entire estate to version 7.0.8 and it’s a matter of how best to achieve this. The question is what to upgrade first to the 7.0.8? Panorama o...

Help with inter-subnet routing

Looking for input on a subnet routing, issue I am having. So I have let’s say for argument I have two zones, Trust and Untrust. Interfaces Int 1/1 - Untrust Internet 192.168.0.1 Int 1/2 - Trust 10.8.1.20 Int 1/3 - Trust 10.26.96.1 I have a virtual router (default) Default Destination 0.0.0.0/0 Int 1/1 Net Hop Value 69.168.XX.XX This ...

ckluck by L0 Member
  • 5253 Views
  • 5 replies
  • 0 Likes

Help with network design

So my network consists of a PA200, a Juniper SRX, 2 servers, a VOIP phone, and a WAP. I recently configured the PA-200 with 3 subinterfaces for the 172.16.2.1/24, 172.16.3.1/24, and 172.16.4.1/24 networks. The Juniper port was configured with as a trunk and allowed all these vlans across. The interfaces on the SRX were configured for the approp...

Zolson1 by L0 Member
  • 2678 Views
  • 2 replies
  • 0 Likes

PBFand Default route

In our orginazation, we have dual ISP and PAN firewalls. We have configured PBF with ISP 1 and default route for ISP 2 Both ISP interfaces on Pan firewall is same zone called untrust example : ethernet 1/11 ethernet 1/11.200 ----- 192.168.1.1/30 - untrust ethernet 1/11.250 ------172.16.10.1/30 - untrust...

How PA can replace a Proxy

Hi, i search a easy way to see who is surfing on witch web site. where is it and how can i automatically write it to our file server oder any where else to?So my dream is to put our proxy out of order.the PA is connected to LDAP i can see a user but no way for easy seeing with site will be connected to.

Resolved! How to bound an ACL to GP VPN client

Helloi have a need to provide a contractor with VPN access to certain resource on internal network (let’s call them 10.20.1.0/24)I have a working VPN GP/Portal and contractor can connect to VPN with no issue. But contractor is allowed to access all internal resources not just 10.20.1.0/24I have setup a GP policy (allow access from VPN zone to in...

Routing via a new internet connection

We currently route all internet traffic out through an internet connection connected to Ethernet1/4 on out firewall. I have another Internet connection that I'm going to connect to Ethernet1/6, and I want fraffic from one of my VLANs on site to route out through that connection. I currently have a static default route of 0.0.0.0/0 on Ethernet1/4...

GC66 by L1 Bithead
  • 2462 Views
  • 1 replies
  • 0 Likes

Resolved! 7.01 and certs

I am looking for the article that says that you cannot upgrade directly to anything past 7.01 without breaking certs.

jdprovine by L4 Transporter
  • 2320 Views
  • 1 replies
  • 0 Likes

Resolved! Application: Incomplete

Hi, Does anyone have a suggestion on how to create a rule to catch Application incomplete? Now that traffic hits the first policy that allows traffic on that service (port). And it clogs the logs when looking at that rule and what has passes through it. My idea is to create a policy for an application that doesnt exist and add port 80 andd 443 a...

mgusta by L2 Linker
  • 12731 Views
  • 7 replies
  • 0 Likes

Pan FWs running in AWS, auto scaling, load balancing etc.

I am looking at spinning up a set of PAN infra in AWS and I want to know if there are any landmines out there regarding the design and how it functions. Specifically, I want to use these instances as GP gateways and I want to be able to load balance clients coming into this infra and then auto-scale the instances as needed. Anyone done this?

danecott by L1 Bithead
  • 2013 Views
  • 1 replies
  • 0 Likes

Resolved! Globalprotect Client 3.0.2 popup notifications disconnected every 20 sec

We updated our GlobalProtect Client to version 3.0.2. Since we updated the client and the people are internal in HQ (so ne vpn needed) they get a popup message every 20 sec "Disconnected". They don't have this problem when they are outside HQ and the VPN tunnel has been setup. When they disable the notification and the computer gets restarted th...

ZEBIT by L3 Networker
  • 7061 Views
  • 3 replies
  • 0 Likes

Global Protect Portal Feature Request

Am I posting this in the right place? I would like the ability to display available VPN gateways for my users based on AD group membership. E.G. I have 4 available gateways: gw1 - no AD group requirementsgw2 - no AD group requirementsgw3 - no AD group requirementsgw4 - Only visible to those that are the memberOf VPN_gw4

Disble GlobalProtect Agent on internal - corporte lan

Hi, is it possible to disable the globalprotect agent autoconnect on the corporate lan ? scenario:-outside the corporate lan the vpn connection must be autoconnecting to the globalprotect portal to enforce webfiltering etc..- inside the corporate lan, the vpn connection should be disabled. is there any option / advice ? thanks

edv by L0 Member
  • 2090 Views
  • 2 replies
  • 0 Likes

"Facebook-apps" And "Facebook Chat" block

Hi all, Appreciate if you can guide me to block facebook-apps and facebook-chat in Palo Alto but allow other facebook features. I already implemented it in Application layer but failed, is there something i am missed? I am using PA-3020 and 7.0.3 version. Application Version : 591-3403 (06/25/16)

Service route destination option

What is the purpose of adding destination in service route?We have a default gateway in management interface config and we also have specific route in vr so why we need it?

hrsingh by L0 Member
  • 3730 Views
  • 5 replies
  • 0 Likes
  • 24357 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks