This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4131 Views
  • 0 replies
  • 0 Likes

GlobalProtect 1.2.4 issue with Mac pre-OSX 10.8

We are having a strange issue with GlobalProtect and all Mac OSX that predate 10.8. Clients can connect just fine, but when they try to connect to our NAS, the client's connection to the NAS locks up and then gets terminated, but the GlobalProtect client is still connected. I've asked our server team to look into the NAS logs, but it seems str...

mcw015 by Not applicable
  • 2362 Views
  • 1 replies
  • 0 Likes

Redundant Site-to-Site VPNs?

I am looking to put in redundant or active/active VPNs.2 of our sites both have 2 ISPs.Currently the VPN works from 1 ISP on each side.Questions:1. Can I have redundant VPNs?2. Can I load share over those?3. Any tips or docs to configure?Other related questions:1. Is there a feature of redundant routing (automatic) so I can easily set up a mesh ...

Resolved! HA configuration & License Expired

Hi,Given a scenario when both HA configured firewalls' license have expired, will my active firewall still fails over to passive firewall in the event of primary firewall failure?thanks,cwong.

cl_wong by Not applicable
  • 4463 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect Client Startup

After installing the Global Protect Client on our Windows 7 laptops, every time our users start their machines once they login to our network on the LAN the Global Protect Client pops up and wants to connect. Is there a way to supress that popup when the computer starts?

Resolved! VPN SSL traffic

We have a SSL VPN setup through the Global Protect Gateway. The SSL-VPN tunnel is in its own zone and I have an any - any rule for this zone to my trusted zone. I am able to pass traffic to one interface in a trusted zone but I am not able to pass traffic to another interface in the trusted zone. What am I missing?

God by Not applicable
  • 5492 Views
  • 9 replies
  • 0 Likes

SSL Inbound decryption woes

Hi there,we just configured our first SSL Inbound decryption, but we have some trouble and need help troubleshooting it. Very simple setup:Webserver in DMZ zoneFirewall policy: from:untrust to:dmz; src:any; dst:webserver; app:ssl,web-browsing; service:service-http(s); action:allowDecryption policy: from:untrust to:dmz; src:any; dst:webserver; ac...

Loss of connectivity when trasfering log to syslog server

Hello Everybody!Our PAN firewallls send their log to a central syslog server; in case there is a gap in the connectivity (e.g. satellite link down) what happens to the corresponding log entries?Shall the remote firewall store them till the connection is available again and then send them to the central server?Thanks and Regards

Bucche by L2 Linker
  • 5682 Views
  • 7 replies
  • 0 Likes

Resolved! Vulnerability Protection Threat level

I have been trying to figure out if there is away to adjust the Threat level of an event under the Vulnerability Protect.For Example I have set certain vulnerabilities to drop packages but I want to change the threat of it so its no longer a high threat. Does anyone know a way to do this or is that field something you cant edit? Thanks for you t...

murphyj by L2 Linker
  • 3315 Views
  • 3 replies
  • 0 Likes

LDAP 389 Group Mapping

I am attempting to configure Global Protect to authenticate with our LDAP server. We are an all Linux shop and we are using LDAP 389, which is very similar to OpenLDAP (this is what I was told anyway, I am not much a server guy and don't manage this server). We would like just one specific group and the users assigned to that group to be allowed...

Resolved! session table

Hi,is it possible to use a PAloalto firewall not to keep sessions and works like a non stateful Access Control device.Thanks.

Resolved! Multi AD groups for Global Protect access

Hi All,I have a Global Protect access question for group. I have given access rights to a VPN user group and assigned the AD membership that almost all of our staff is a member of to it and its been working well. Now I need to add a second AD security group for our development contractors. I added the group they are all members of to the User/Us...

Resolved! non-syn vsys

Hi,is there an option to Set the vsys (not Firewall or zone) to Reject non-Syn First Packet?

Multiple NAT and Private IP Addressing - Help Needed

Hi,I'm relatively new to PA firewalls, so please forgive me if this is not explained well.I have a PA-500 with PANOS 5.0.0. Im using three interfaces at present - e1/1 - internal network, e1/2 - Internet untrust, e1/3 internet untrust (private ip 169.254.0.1/32)At present I have my rules configured and my NAT commands for my internet connection ...

logged in user are sent to captive portal

heywe have a situation the loggen in users are sent to the captive portal. event a few minutes or an hour after they have logged in to the conuter.1) when this is happaning then the ip-user mapping shows no user for the IP2) we cant simulate this behaviour3) we played arround with the ip-port mapping timeouts4) client probing is turned on and we...

minow by L4 Transporter
  • 5757 Views
  • 11 replies
  • 0 Likes

Resolved! commit is failing

unable to commit please help in troubleshootingPA version: 5.0.3thanksadmin@PA# commit force..........................Management server failed to send phase 1 to client authdCommit failed[edit]admin@PA# run tail mp-log authd.logJul 11 17:33:53 pan_authd_generate_system_log(pan_authd.c:914): CC Enabled=FalseJul 11 17:33:53 pan_get_system_cmd_outp...

minow by L4 Transporter
  • 6801 Views
  • 5 replies
  • 0 Likes
  • 24337 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks