This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4384 Views
  • 0 replies
  • 0 Likes

HA Widget Showing Anti-virus Mismatch

My HA widget on my Active/Passive cluster is showing that the Anti-Virus versions are mismatched but they aren't. Refreshing the widget doesn't help. The General Information widget on both 5020s is reporting correctly at version 1555-2030 (05/21/15) but hovering over the HA widget mismatch icon shows the passive firewall at at older revision (t...

epeeler by L2 Linker
  • 2966 Views
  • 1 replies
  • 0 Likes

Resolved! multiple virtual routers sharing one internet connection

I have a firewall running in layer-3 mode. I've got multiple separate virtual routers on the inside, there is no overlapping address space in any of these. I need all of these to share one outside internet connection. I'd like to do it without static routes (other than the main default to the outside).Right now I have the outside virtual rout...

Authentication profiles

I am trying to create different globalprotect access. so I want to give access by security groups. When I search for the Users group in AD to add security groups from that they do not show up and I don't know why.

jdprovine by L4 Transporter
  • 3536 Views
  • 4 replies
  • 0 Likes

Self destruct check mark for policies and schedules

A feature I would like to see in the future is a check mark to wipe a rule. Example: I have to setup rules that are good for a single time for particular users after which the rules is no longer necessary.It would be a nice option to be able to have the rule remove itself once the schedule has expired. ThanksBob

BobW by L4 Transporter
  • 3514 Views
  • 2 replies
  • 0 Likes

PAN-DB download: Failed.

Hello I get this error message from the passive Firewall in HA Mode. I verify in "Service options" that the "management interface" is in use. From CLI I can reach "s0000.urlcloud.paloaltonetworks.com"ES2PA5050FW02(passive)> ping host s0000.urlcloud.paloaltonetworks.comPING s0000.urlcloud.paloaltonetworks.com (50.18.116.114) 56(84) bytes of da...

SOC_CSG by L4 Transporter
  • 5828 Views
  • 6 replies
  • 0 Likes

Resolved! Cisco VPN Client Timeout

Hello,we are using Cisco VPN Clients to connect to our Palo Alto Network Device, it works like a charm, but the user are logged out after one hour.The timeout for Login Lifetime is set to 30 day, and the Idle Timeout is set to 8 hours.Any suggestion?Jörg

Statefull or not statefull

We recently purchase pa3020s for mainly application control reason and put them behind cisco ASAs. I set up trust-to -untrust policy which applies to outbound internet traffic. I denied unwanted apps and allowed rest using user group mapping. that is all working fine and users can access internet with no problem.. well, last week, I tried t...

awarsame by L1 Bithead
  • 11126 Views
  • 13 replies
  • 0 Likes

globalprotect client for android

I have the globalprotect client installed and working for pc's but I downloaded and installed the client on my android and it looks like it is trying to connect or is connecting then it pops up my username and password box again. I checked the traffic logs and the system logs on the PA and it says it authenticates successfully and there are no d...

jdprovine by L4 Transporter
  • 3601 Views
  • 5 replies
  • 0 Likes

Globalprotect vpn access permissions

I want to give different access permission to different group when they access the network using the globalprotect vpn client. I have it configured but its now allowing me to pick the specific group that I want the access for

jdprovine by L4 Transporter
  • 8266 Views
  • 9 replies
  • 0 Likes

URL Filter Question

Does PA not do DNS lookups on URL filtering? We have an FQDN being blocked as malware, but the site can be accessed if the IP address is used.thx//moe

packet (5) shorter than isakmp header size. - LINUX Clients

Hi,We configured remote vpn access in our PA-3020, and we are experiencing some issues with Linux clients. People who are using Global-Protect client work fine, but people who use vpnc client suffer service disruption in SSH or using GIT repositories.The logs that we have in the system shows this: 'packet (5) shorter than isakmp header size.' D...

ecardona by L1 Bithead
  • 9858 Views
  • 8 replies
  • 0 Likes

Firewall between host and gateway

Sorry if this is really basic but...I have configuration where, we've added a gateway to a subnet that we only want one host to be able to access to get offsite. The gateway is on the other side of a vwire in the same subnet space obviously but in a different zone on the firewall. We're only allowing inbound connections from a client on the oth...

epeeler by L2 Linker
  • 5331 Views
  • 6 replies
  • 1 Likes

Delay with User-ID and Captive Portal

HI,This is only theoretical for me as I don't use captive portal (yet) but I noticed a problem. I am successfully authenticating pretty much all my users, but quite often I see a few flows at the start of a user session which doesn't have a user-id. A few milliseconds later the user-id is populated, so I guess this is just down to a slight del...

djr by L4 Transporter
  • 4513 Views
  • 3 replies
  • 0 Likes

How to get PA-200 Split Tunneling Internet traffic only logs to forward to Panorama?

I have split tunneling setup on my PA-200. I have the logs being forwarded to Panorama. I would only like the logs from the Internet traffic to be forwarded to Panorama.I don't want the VPN tunnel traffic logs to be sent to Panorama.I have three security policies.Default Outbound - Policy for split tunnel Internet traffic.VPN Outbound - Outbou...

Resolved! create a any-ipv6 address object

Hey all,Is it possible to create a any-ipv6 address object?I tried with an object "::/0" (same syntax used to configure default route) but this seems to hit any-ipv4 address as well.Tried this in PanOS6.0.10, PanOS6.1.3 and PanOS7.0.0.0b23

mr.linus by L4 Transporter
  • 6295 Views
  • 4 replies
  • 0 Likes
  • 24370 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks