This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4121 Views
  • 0 replies
  • 0 Likes

Global Protect 2-factor Auth & User-ID Mapping

Hi All,I'm migrating from ASA to Palo Alto including user VPN access (AnyConnect). The setup will be 2 factor authentication with LDAP/Kerberos (not sure which yet) for the portal and OTP via RADIUS for the gateway.The current setup allows access lists to be applied via the vpn policy to each authenticated user group limiting their access to in...

Resolved! Deepnet 2-factor Authentication

Hi Everyone,I have a client that is migrating to Palo Alto firewalls. I'll be implementing Global Protect SSL VPN replacing the existing Cisco Anyconnect.The client utilizes DeepNet 2-factor authentication for SSL VPN. I was wondering if anyone had any experience implementing RADIUS authentication with DeepNet?Do VSAs need to be setup on the D...

Resolved! Creating application groups

Is there a way to create an application group that will dynamically add applications as they are updated?For example, I want to create a P2P application group that gets denied. Can I create a filter that says any application that is classified as P2P with a risk of 4 or 5 should be automatically added to the group? And as updates are made to the...

RFalconer by L3 Networker
  • 2900 Views
  • 2 replies
  • 0 Likes

Eval question

Given a flow and properly written policy to allow Facebook and its myriad apps/widgets on port 80/443, other than the admin management overhead (i.e., having to open ports 80 and 443), how is what Palo Alto does different from what Checkpoint does?This question addresses the quote below (found on the link shown).http://researchcenter.paloaltonet...

derasa by L0 Member
  • 2174 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect on Mobile Devices

GP v2.0.1. Successful authentication is based on a particular AD user group. If the user is not part of the group, he/she would be able to connect. We want to implement this solution for smart devices.. however, how can we control who connects and who doesn't? we don't want a user with a personal device to be able to connect to the portal/ga...

rrau by L3 Networker
  • 6602 Views
  • 10 replies
  • 0 Likes

Management server restart

HelloToday I observed that when I try to logon to my PA200 I got error "Connecting to Management Server failed", when I try to logon by SSH "System initializing; please wait...."After few minuts a was able to logon by browser and putty.In system logs :PA200 wasn't much loaded, after this self-acting restart there was some high load:Restart on 04...

_slv_ by L4 Transporter
  • 11797 Views
  • 5 replies
  • 0 Likes

Guest VLAN issues with externel services that we offer

Here's what we need to accomplish:We have subnets on our networks that need to use our external DNS server (they are Guest VLANs for our WiFi networks). This traffic is visible by our paloalto firewall with layer 3 adresses (10.XXX.30.0/23). When we access internet with these clients we have no issue at all but when these clients try to access o...

Inline PA vwire on inside interface of Cisco ASA HA/pair inline

I am currently running a pair of Cisco ASA 5520 in HA. I want to protect the traffic going inside with an inline wire on the inside interface of Cisco ASA HA/pair as it travels to the LAN. A pair PA-2020 are configured in Active/Standby with the wire trust/untrust pairs running inline after the ASA HA pair. Untrust zone going to the ASA and ...

mpitogo by Not applicable
  • 2973 Views
  • 1 replies
  • 0 Likes

Global Nat

How can you determnine what the global nat address is on a firewall?

infotech by L4 Transporter
  • 2768 Views
  • 4 replies
  • 0 Likes

Resolved! How to setup multiple vpn?

Hi,In our enviroment we have since a month a PA500. We setup VPN with pre-logon with certificate for our internal users, which is very handy!But for our external users I want, they use there AD credentials. Is it possible to setup multiple VPN's? One for our internal users and one for our external users?And if so, how to configure this?Thanks in...

ZEBIT by L3 Networker
  • 7291 Views
  • 10 replies
  • 1 Likes

Wire shark

I am trying to troubleshoot why I am having issues with a certain VPN router device through the PA 3020 firewall, This is the message on the packet captureISAKMP Identity protection (main mode).I am new to firewall and if there are any other troubleshooting methods I can use I would appreciate the advice. commands, gui anything

infotech by L4 Transporter
  • 3910 Views
  • 5 replies
  • 0 Likes

Ping

Can you send ping test from the PA and if so how is that done?

infotech by L4 Transporter
  • 2579 Views
  • 2 replies
  • 1 Likes

Stability Issues with 6.01

Hello,since our pa 3050 (HA Active/Passive) is running 6.01 i discovered some issues: The device server sometimes hangs, there is no other option than restarting it (debug software restart device-server) This happens approximately once a day. In this state, SNMP requests to the PA take several seconds to complete, a commit will hang. I wonder, ...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks