General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 43 replies

dns-signature cloud service connection refused.

Greetings:I am seeing in the System Log the following message "dns-signature cloud service connection refused" Checking the traffic logs the management IP address is not being blocked. Where do I look to resolve this error message? Thank you.

Self-Signed Certificate expiry warning

Our GlobalProtect VPN was using a self-signed certificate which got expired caused end users not being able to connect to the VPN.This raises the question that what are the ways to get alerted for these sort of incidents. Is there any in-build mechan...

Certificate based Site to Site VPN (IKEv2)

Hello Folks, I am trying to build a site to site vpn between a Palo Alto firewall running 8.1.7 and a Checkpoint firewall. Settings are configured to use IKEv2 only with certificate based authentication. While the logs below are from lab setup, but t...

Udupi by L1 Bithead
  • 8 replies

PaloAlto FW RDP Across multiple AD domains

I'm part of a cloud team that does not manage the FW but am not getting clear answers from them.My operations counterparts have the following issue: Support person logs into IP address x.x.x.x into production domain. As part of their function, they m...

Resolved! Panorama Template/Template-Stack Variables Override

Is it best practice to override template variable settings at the template-stack or at the device level? It looks like template stack would be sufficient unless you have multiple firewalls and only a select number with different settings.

Firewall Palo can advertise aggregate route...

Hello, In our lab, we made a set up about peering BGP between Palo and a third part device.According to this kb from Palo : "The Palo Alto Networks firewall does not advertise an aggregated route to its peer when it receives a prefix falling within t...

Palo Dual Action on Same Malicious Domain

We have found in the logs, Malicious DNS queries are being blocked but few of them are in Alert State. however the Domain is marked as a malicious in DNS signature at Threat Vault.Can you please elaborate why paloalto having dual action on same malic...


Global protect split tunnel setup

Hi I have 8.1.5 on the pa and 4.1.11-9 client I have setup the gateway for video traffic exclusion, and selected youtube-streaming netflix-streaming But a simple test shows utube still come over the tunnel address I want to allow MS Teams to by pass ...

Alex_Samad by L4 Transporter
  • 43 replies

Resolved! Layer 3 Subinterfaces VM-Series Firewalls VLAN 4095

When it comes to vm series firewalls, Layer 3 subinterfaces, trunks and port groups, are there any downsides/catches/cautions to setting the ESXI port group to use vlan 4095 (trunk), and then simply utilize layer 3 subinterfaces on the vmseries firew...

Sec101 by L3 Networker
  • 2 replies
Top Solution Authors
Top Liked Authors