General Topics

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

Enabled multiple virtual systems and now the ssl-vpn ang global protect stopped workign

Hi!Does anybody have any ideas why SSL-Vpn and Global protect stopped working when we enabled the Multiple virtual systems option in setup menu? We can go to the portal login page, but it says that: Authentication failed: Invalid username or password...

Inbound server failover between two ISP's

Hi All,I have a PA-2050 setup with two IPS's. One is primary, and if that goes down, the secondary takes over. This has been tested and it works great.There are three servers that recieve incoming traffic. They have been setup to use the primary ISP ...

VPN with fqdn denying ike 500

Hello,I'm trying to setup a ipsec vpn with a fortigate which has dynamic ip as gateway.I have a security policy which allows all packets from the dynamic ip (fqdn) but if i type the command 'show log traffic src in x.x.x.x' i can see that i have an i...

how to make my own "application" - ssl on port 5061

HiI am trying to grant access to Microsoft Messanger, and it is using ssl on port 5061, but I am not sure how to add the port so that it is not just the port but also signatured as SSL.Thanks

Resolved! Regular Expression Fail

I keep getting the following error "is invalid. pattern must be at least 7 bytes"Example match: 378282246310005How I would normally match via regex: .*[3][47][0-9]{13}How I am interpreting Palo Alto wants me to write it: .*(3)[47].*([0-9][0-9][0-9][0...

Resolved! Interface 'configured but down' after delete

I started setting up an additional interface, decided it wasn't necessary and deleted it (it's configuration, anyway).After (more than one) commit action, it still shows up in red with the status 'configured but down'I'm not aware of any problems res...

Resolved! Denying Internet Connection Sharing

Hi, I've recently discovered that if a user shares their network connection by setting up an AP on their machine (think Mac 'Sharing') then whatever device is then connected can get online (the deny and allow policies still apply as expected). For ex...

Resolved! Captive Portal with LDAP

Hi,I've read all the guides and on the forums and still can't figure out why my configuration won't work.I want users to enter AD username/password to get access to the internet.The following has been configured:Device > User Identification > Group M...

Multi Gateway

Hello,I need to install a PA200 for a internet breakout. Since i can't change the IP Subnet, I tough to change the default gw to the PA and use the PA as a router for traffic to the WAN (same subnet). But my problem is now that traffic comming from t...

Resolved! Custom App don´t appear in Custom Reports

Hi,I make some custom applications, those app works fine and appears in ACC and logs. But when I make new custom report and filter for application, no my custom app appear. Any idea?Regards

Resolved! Panorama NAS...

We are looking to add a new Vdisk to the Panorama and were wondering what others had experienced... We have already filled up the 10 GB default space.The document states that if the Vdisk is removed it will revert back to the internal 10GB.. What's t...

Cisco IPSEC VPN client connecting to PAN 4.1

Hi folks,there were no way to establish a ipsec connection between a Cisco VPN client and PAN. I was "inspired" by the globalprotect guide but wasn't enought.At the cisco vpn client side, I had configured just the ip address, the group and pwd, and n...

Resolved! Traffic on the outbound

Hello everyone,Forgive my bluntness as I am little new handling the PA. I will like to know if there is a way to view the OUTBOUND ANY traffic passing through the PA. I am conducting a research in order to put in place a more strict company rule and ...

Resolved! User-ID Version 4.1.1 rev B and MS Exchange integration

HiI'm testing last PAN-Agent integration with MS Exchange.Release notes state:"The new User-ID Agent can be configured to monitor logon events on Microsoft Exchange Server associated with Microsoft Exchange compatible client applications."Do you know...

Resolved! HA active/passive with single HA port ?

hi,i have two PA500 appliances am looking to configure them on HA mode , with my current setup i have utilized all 7 ports so one port left for me , as per the documents for HA ( A/A , A/P ) you need 3 or 2 ports to achieve the configuration... so is...

Forum Posts

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

Enabled multiple virtual systems and now the ssl-vpn ang global protect stopped workign

Inbound server failover between two ISP's

VPN with fqdn denying ike 500