This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4104 Views
  • 0 replies
  • 0 Likes

Resolved! Code Recommendations

I am currently running two 1420 HA pairs at 2 different sites. Current SW version is 11.0.4 h1. I see newer versions of code out there such as 11.0.5 and 11.1.3-h1. Questions: * Do I need an upgrade * What code should I go to * If 11.1.3-h1 is recommended, can I upgrade straight to it or do I need to first upgrade to earlier versions of 11...

BRasicot by L0 Member
  • 1868 Views
  • 2 replies
  • 0 Likes

IPSEC phase 2 rekey

We are having problems with a site to site IPSEC VPN between a PA-500 and a Cisco ASA. The PA is always the initiator and the tunnel comes up and passes traffic just fine. The problem comes when the tunnel needs to rekey, basically it seems that the PA does not bother to renegotiate until between 30 and 120 seconds of the lifetime remains. Now t...

Sigma by L0 Member
  • 15811 Views
  • 6 replies
  • 0 Likes

Resolved! activated global protect portal page although only gateway was configured

Hi, I observed that our PaloAltos in our branches host the website shown in the screenshot, although only a gateway and NO portal was configured on this PaloAltos. The website looks very strange, especially with the login dialog hanging at the top of the page. We use only one global protect portal at our main location and the portal website has ...

Can't get NAT/Security rule to work with multiple ports

PA220 on PANOS 10.1.10-h5 Have an NVR that needs 6x ports accessible from the outside - 3 TCP and 3 UDP. I set up 6x new services and then put them into a service group called NVR Services. Created a security rule 'Allow incoming to NVR' from untrust zone, any address, any user, any source device to the 'Camera' security zone, destination addres...

Resolved! Global protect VPN server certificate error

Hi All, I am new to this community I am here to get some help on a issue I am experiencing with my organization vpn network gp vpn server certificate is not trusted. Here is the error screenshot. Any help to troubleshoot this issue would be greatly appreciated 👍 Regards Sanjib

image.png

GlobalProtect 6.0.8 disabling adapter issue

Hello all! I am having an issue with my GP VPN. Every few minutes, it drops my connection for about 20-30 seconds before establishing it again. Looking through the logs, it appears that something is disabling the PANGP virtual adapter and then reenabling it. Has anyone experienced this before? I've even tried going into the settings on the virtu...

Active/Passive HA L3 only using Bowtie connectivity between PA3410 and Cisco ISR4431

I have a request from my customer to implement the following HA setup where the PA 3410s are Active Passive to their partner that has 2 MPLS connections from different telcos where one side is generally the active side we'll call it Sprint and the failover side is Ma Bell. There is an image of diagram floating out there that shows bowtie looking...

br8523 by L1 Bithead
  • 2114 Views
  • 3 replies
  • 0 Likes

GlobalProtect multiple authentication profiles? External contractors, ldap users with certs

Hi 🙂 Im looking for solution. I need to configure global protect to: Login LDAP users. For ldap users it has to check if client has machine certificate on it Login external contractors. They have accounts created on palo device and there is no need to check for certificate And im stuck to be honest. Im coming from cisco networking where i can...

typovy_0-1719334094268.png
typovy_1-1719334313928.png
typovy by L0 Member
  • 1921 Views
  • 2 replies
  • 0 Likes

Resolved! Two WAN Ports on one Switch. Split of physical VPN and Internet port.

Hello, I hope theres someone here who´s more capeable than me for my problem 🙂I searched the forum and the documentations for quite a while but i cant figure it out.Current Situation: All incoming traffic gets sourced through port eth1/7 with the zone 'Untrust' and all other IPs ( XXX/29) provided from our ISP are handled via loopbacks also si...

User-ID exclude OU

Can usernames within a specific OU be excluded from user-id mappings? We'd like to avoid mapping user's administrator account names to their workstation IP addresses which happens from time to time due to logging into shares with admin credentials or a similar activity. Is there a way to exclude the OU or usernames from mappings?

Import Panorama Configuration Into Expedition and export Device Specific configuration

Hi Experts, I am quiet new to Expedition, currently i am involved in a mass project where i have to migrate exiting Palo Alto Firewall into new. The existing firewall is managed by panorama which have tons of Network addresses and security policies which also uses shared object and polices from panorama. Now my objective is to import that pa...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks