General Topics

DHCP Server ip adress give so slow

hello,

we are try palto 5060 fw. Palto os 4.0 not yet update 4.1. Before we was using juniper and we write all rules same as juniper after all our network ip address relase or renew so slow.

We have 3 zone. Trust, untrust and dmz. Our dhcp server is l

...

Resolved! what is wrong with blocking firefox

Hello all together,

there something misterious for me because

to block firefox i used this document https://live.paloaltonetworks.com/docs/DOC-5028 but with this config it hasn't been working so far.

Is there a hand? My Config is:

i tried it with enable

...

Linux VPN clients

Does anyone have suggestions for Linux based VPN client software to users into a Palo Alto Managed environment. The dynamics (frequent upgrades of various distributions) is causing issues with our current 3rd party commercial VPN solution. Any sugg

...

Resolved! GP - second gateway creation problem

Hi

I have PA200 with 5.0.5 with ateway and portal licence.

On untrust interface I have /26 network

To set up another gateway I added second IP to my untrust interface. X.X.X.141 with /32 mas - is it correct?

after commit I add new gateway profile and try

...

Resolved! Forward DNS requests

Hi,

We are looking for a way to forward All dns requests to internal DNS ip.

Either client changes its ip address to public dns addresses it should be forwarded to internal.

Can we do that ?

We don't want to write a deny rule for public Dns requests.

We d

...

Palo Alto blocking Wii game

Hi All -

Just got my Palo Alto installed last week! So far so good. Hope this is the right place to be posting...

I just got a message from a student that since the firewall install, a game on his Wii U, Monster Hunter, has stopped working. He claim

...

Resolved! GP with Host detetion and auto-connect

Hi,

PA 500 in 5.0.4 and GP client 1.2.3

Would like to be sure, I need GP auto connexion from outside of my network and no GP in my network.

Then configure my external gateway, my internal host detection. It works well.

But short question do I need the GP

...

Loopback addresses and ARP

I'd like to terminate VPN's on lookback addresses from my public range.

If my public interface is 1.1.1.1/24 and I want to terminate VPN's on .2 and .3 I create two loopback interfaces (place them in the Internet Zone) with the IP addresses of 1.1.1.2

...

Resolved! Can firewall act as VPN client?

Wondering if we can configure a lab PA-200 to connect to a VPN concentrator on the internet using IPsec, as though it were a VPN client not a site-to-site tunnel. Not connecting to the firewall using GP, but using the firewall itself as the VPN clie

...

How to QOS Cisco Phones?

Architecture:

Hub and Spoke, Site to Site Ipsec VPN tunnel

HQ Site:

ASA5520

Call Manager

Cisco IP Phones

Remote:

PA5020

No Call Manager

Cisco IP Phones

Remote users connect to HQ via VPN tunnel between ASA and PA

QOS Policy

src.zone Inside dst.zone Inside to mat

...

Resolved! Limiting the "admin" logging sessions

Hello everyone; some of you know if there is a way to limit the admin logging sessions. This is, if I logging in the firewall with the "admin" account from the PC A; and I try to logging to the firewall with the "admin" account from the PC B too; I s

...

User ID agents showing as red

I have 3 separate domains on my network and they are not trusted together. On my main domain where the firewall is installed the agent shows green, however when I install the agent under the remote domains (on different subnets across the country) t

...

NetConnect and GlobalProtect VPN Dual Setup in 4.0

We are still on 4.0. Is it possible to setup the GlobalProtect configuration while still in 4.0 and allowing Netconnect to continue working? This will allow us to create documentation for end users and distribute it and publish it before migrating.

T

...

Routing through virtual systems

Hello,

I have such situation that I need to make routing through virtual system. I added a network diagram below.

Maybe you guys can help me in this situation.

I want that traffic from Vsys2 can access GW_default as it can Vsys1. Also I want to control

...

Resolved! Connecting two L2 segments via PAN?

I am trying to connect two separate Layer2 segments using the same VLAN ID 569 and same IP subnet 10.10.69.0/24.

The firewall has:

ae1 (mode layer2) with members ethernet1/1 and ethernet1/2

ae2 (mode layer2) with members ethernet1/5 and ethernet1/6

VLAN

...

Discussions

DHCP Server ip adress give so slow

Resolved! what is wrong with blocking firefox

Linux VPN clients

Resolved! GP - second gateway creation problem

Resolved! Forward DNS requests

Palo Alto blocking Wii game

Resolved! GP with Host detetion and auto-connect

Loopback addresses and ARP

Resolved! Can firewall act as VPN client?

How to QOS Cisco Phones?

Resolved! Limiting the "admin" logging sessions

User ID agents showing as red

NetConnect and GlobalProtect VPN Dual Setup in 4.0

Routing through virtual systems

Resolved! Connecting two L2 segments via PAN?

What does ch mean in PA-VM-OS Software?

HA4 firewalls

B2B VPN IKEv2 Fail with Amazon Private Cloud Peer

Help understanding Asymmetric Path issue

Can't import a certificate via XML API using C#

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

CVE-2024-3400 IOC's

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Error installing dynamic update Apps

Unlock your full community experience!

Resolved! what is wrong with blocking firefox

Resolved! GP - second gateway creation problem

Resolved! Forward DNS requests

Resolved! GP with Host detetion and auto-connect

Resolved! Can firewall act as VPN client?

Resolved! Limiting the "admin" logging sessions

Resolved! Connecting two L2 segments via PAN?