This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Self destruct check mark for policies and schedules

A feature I would like to see in the future is a check mark to wipe a rule. Example: I have to setup rules that are good for a single time for particular users after which the rules is no longer necessary.It would be a nice option to be able to have the rule remove itself once the schedule has expired. ThanksBob

BobW by L4 Transporter
  • 3521 Views
  • 2 replies
  • 0 Likes

PAN-DB download: Failed.

Hello I get this error message from the passive Firewall in HA Mode. I verify in "Service options" that the "management interface" is in use. From CLI I can reach "s0000.urlcloud.paloaltonetworks.com"ES2PA5050FW02(passive)> ping host s0000.urlcloud.paloaltonetworks.comPING s0000.urlcloud.paloaltonetworks.com (50.18.116.114) 56(84) bytes of da...

SOC_CSG by L4 Transporter
  • 5841 Views
  • 6 replies
  • 0 Likes

Resolved! Cisco VPN Client Timeout

Hello,we are using Cisco VPN Clients to connect to our Palo Alto Network Device, it works like a charm, but the user are logged out after one hour.The timeout for Login Lifetime is set to 30 day, and the Idle Timeout is set to 8 hours.Any suggestion?Jörg

Statefull or not statefull

We recently purchase pa3020s for mainly application control reason and put them behind cisco ASAs. I set up trust-to -untrust policy which applies to outbound internet traffic. I denied unwanted apps and allowed rest using user group mapping. that is all working fine and users can access internet with no problem.. well, last week, I tried t...

awarsame by L1 Bithead
  • 11238 Views
  • 13 replies
  • 0 Likes

globalprotect client for android

I have the globalprotect client installed and working for pc's but I downloaded and installed the client on my android and it looks like it is trying to connect or is connecting then it pops up my username and password box again. I checked the traffic logs and the system logs on the PA and it says it authenticates successfully and there are no d...

jdprovine by L4 Transporter
  • 3618 Views
  • 5 replies
  • 0 Likes

Globalprotect vpn access permissions

I want to give different access permission to different group when they access the network using the globalprotect vpn client. I have it configured but its now allowing me to pick the specific group that I want the access for

jdprovine by L4 Transporter
  • 8312 Views
  • 9 replies
  • 0 Likes

URL Filter Question

Does PA not do DNS lookups on URL filtering? We have an FQDN being blocked as malware, but the site can be accessed if the IP address is used.thx//moe

packet (5) shorter than isakmp header size. - LINUX Clients

Hi,We configured remote vpn access in our PA-3020, and we are experiencing some issues with Linux clients. People who are using Global-Protect client work fine, but people who use vpnc client suffer service disruption in SSH or using GIT repositories.The logs that we have in the system shows this: 'packet (5) shorter than isakmp header size.' D...

ecardona by L1 Bithead
  • 9900 Views
  • 8 replies
  • 0 Likes

Firewall between host and gateway

Sorry if this is really basic but...I have configuration where, we've added a gateway to a subnet that we only want one host to be able to access to get offsite. The gateway is on the other side of a vwire in the same subnet space obviously but in a different zone on the firewall. We're only allowing inbound connections from a client on the oth...

epeeler by L2 Linker
  • 5365 Views
  • 6 replies
  • 1 Likes

Delay with User-ID and Captive Portal

HI,This is only theoretical for me as I don't use captive portal (yet) but I noticed a problem. I am successfully authenticating pretty much all my users, but quite often I see a few flows at the start of a user session which doesn't have a user-id. A few milliseconds later the user-id is populated, so I guess this is just down to a slight del...

djr by L4 Transporter
  • 4524 Views
  • 3 replies
  • 0 Likes

How to get PA-200 Split Tunneling Internet traffic only logs to forward to Panorama?

I have split tunneling setup on my PA-200. I have the logs being forwarded to Panorama. I would only like the logs from the Internet traffic to be forwarded to Panorama.I don't want the VPN tunnel traffic logs to be sent to Panorama.I have three security policies.Default Outbound - Policy for split tunnel Internet traffic.VPN Outbound - Outbou...

Resolved! create a any-ipv6 address object

Hey all,Is it possible to create a any-ipv6 address object?I tried with an object "::/0" (same syntax used to configure default route) but this seems to hit any-ipv4 address as well.Tried this in PanOS6.0.10, PanOS6.1.3 and PanOS7.0.0.0b23

mr.linus by L4 Transporter
  • 6311 Views
  • 4 replies
  • 0 Likes

PA URL FILTERING UPDATES force to update the HA peer

Hi, i have 2 palo alto 2050 in HA (active/passive). The active HA has intenet acces in order to take the palo lato updates but the passive PA doesnt have access to internet. The problem is that the active PA has a URL version updated but the passive has a version very old. what should i do??? there is any way to send this URL updates from Pa act...

SOC_CSG by L4 Transporter
  • 15999 Views
  • 12 replies
  • 0 Likes

Resolved! Questions about internal gateway

Hello everyone,I have questions about global protect internal gateway.1. What difference are between tunnel mode and non tunnel mode on internal gateway?Encrypted? or Something?2.If customer does not use external gateway, Can I set external gateway instead of internal gateway purpose for accessing internal resources?Because my customer feel heav...

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks