This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! Disabling Direct Access To Local Networks - GP VPN

Hi, I was wondering whether someone can provide me clarification on this feature. Palo states "You can now disable direct access to local networks so that users cannot send traffic to proxies or local resources while connected to a GlobalProtect VPN. For example, if a user establishes a GlobalProtect VPN tunnel while connected to a public h...

indysogi by L2 Linker
  • 4100 Views
  • 2 replies
  • 0 Likes

Resolved! Authentication user (UserID agent) problems

Hi, user registered sometime in UserID-Agent and sometime they dont, randomly...We have installe another UserID agent but the result its the same. we run show user ip-user-mapping all and we dont see any user, but if we run show user ip-user-mapping-mp all we see all the user. where the users should appear, in dataplane or management plane??? ...

Issue creating IPSec VPN using loopback

Hey guys, Looking for some assistance on getting a strange issue resolved. I've got a site-to-site VPN set up for a connection to AWS for one of our customers. I've created two loopbacks, loopback.5 and loopback.6, on the outside zone that fall in the same subnet as our regular ethernet interface, which is a /29. I've verified that our peers I...

Resolved! Have you guys ever set RAID Auto Setup (Ignore Non-Matching Models)?

Hello~ The PA-5020 are using one disk. [size 120GB] My customer want to add one disk and RAID configuration and has another SSD [size 240GB] also model is different. I guess that PA-5000 Series support Raid as different model including I have never tried to test about that. Are there any who tried to do about that? I don't know how to proc...

John_Lee by L2 Linker
  • 2351 Views
  • 1 replies
  • 0 Likes

Resolved! Egress/Ingress difference for QoS

Hi Everyone, My internal network (trust zone) operates at 1Gb speeds and the connectivity with ISP (untrust) is at 100Mb. I am in the process of setting up SIP QoS but am a little confused as to how I should manage the inconsistences between the ISP and internal network speeds and the "Maximum Egress" field for the "QoS Profile" section. Shoul...

Resolved! Are there any applications that web-browsing, ping are not offload?

Hello I am considering of turning off offload at PA due to packet capture. I read one of documents about session in comunnity site. web-browsing, ping are not offload.. so I don't need to do command line [offload no] If I want to do pcap to inspect detail logs about that Could you give me who has non offload applications lists? Thank you

John_Lee by L2 Linker
  • 2954 Views
  • 1 replies
  • 0 Likes

max session count in a month

Hi All, I want to find maxmimum session count reached in the past month. Now the PA device is not live, so i cannot find the current/live session count from the dashboard. Under monitor > App Scope > network monitor i can get the traffice detail for the session count but it is showing number session for the whole day. I have at...

session count for 30days.jpg
Gururaj by L4 Transporter
  • 10141 Views
  • 4 replies
  • 1 Likes

Resolved! PBR/NAT mechanics

Good morning everyone, I have a weird issue that I think is related to how PBR or NAT works and/or something we need to program differently on our Palo Alto. I’ll try to explain our setup and the issue that occurred. We have our main circuit that is utilized for VPN tunnels, NAT forwarding rules to our servers and pretty much anything that i...

ClintL by L2 Linker
  • 4162 Views
  • 2 replies
  • 0 Likes

Resolved! SSL Decryption

With SSL Decryption it is recomended that Financial services & Medical category is not decrypted. My question is how do you ensure that sites that should not be decrypted are not i.e. JP Morgan is clearly a Financial services and will not get decrypted. But if a user were to access a very obsecure Financial Website it may be classified inco...

RC-BHF by L2 Linker
  • 3264 Views
  • 2 replies
  • 0 Likes

UserID and user(s) logged in to multiple devices or multiple user(s) logged in to the same device?

Today there are various options to achieve UserID using PaloAlto Networks devices: - Install agent on AD-servers to tail the local security log to pick up which userid uses which ip. - Install agent on remote servers that will tail the security log of one (or more) AD-servers (variant of the above - will bring you more network traffic but at t...

mikand by L6 Presenter
  • 6965 Views
  • 5 replies
  • 0 Likes

idle traffic sessions

I know that you set timeout for global protecte sessions that go idle but can you set other idle traffic to time out?

jdprovine by L4 Transporter
  • 5131 Views
  • 7 replies
  • 0 Likes

Resolved! Block ms-update for GlobalProtect sessions?

Hi all -- Lately, with the Win10 release, I'm finding many of my VPN users are downloading gigs of updates over my meager 10mbps company internet cxn. I'm wondering if there is any way to block specific services/applications (ie.- ms-update) over a GlobalProtect connection.. I can't find anywhere to specify a URL filtering profile in the Ga...

thatguy by L2 Linker
  • 3551 Views
  • 3 replies
  • 0 Likes

Resolved! Pull Info on Specific GlobalProtect User

Is there a way to pull information on a specific user connected on globalprotect throught the CLI? I know the command: show global-protect-gateway current-user pulls all the users in... but what about just for a single user? Thanks.

mmclimans by L3 Networker
  • 2854 Views
  • 1 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks