This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Resolved! LDAP - Group Mapping with Child Domain users

Hi all,We'd like to use an Active Directory group in our root domain (e.g. "company.com") to control GlobalProtect authentications. Let's name this AD group "VPN Access" (it's a "Universal" Security Group). It contains user objects from the root domain itself but also from other subordinate domains like "branch1.example.com". Unfortunately, our ...

oschuler by L4 Transporter
  • 6034 Views
  • 2 replies
  • 0 Likes

NAT rule for IPSEC VPN using NAT-T

I'm running PANOS 4.0.13 and I've enabled NAT-T via the command line. I'm having trouble getting traffic to pass and I assume it must be my NAT policy.1. I set a destination NAT as the vendor will be the initiator. The NAT is defined like this:srczone: Vendor-VPNdstzone: Untrust dstaddr: NAT IP (172.1.1.1.) dst translation addr: Real IP (10.1...

iguarino by L0 Member
  • 3222 Views
  • 2 replies
  • 0 Likes

Resolved! PAN-OS 5.0.5 :Commit failed

Hello,I have upgrade my firewall from 5.0.1 to 5.0.5 successfully.But when I am trying to commit. It is giving below error.Operation CommitResult Failed Details vsys -> vsys1 -> global-protect -> global-protect-portal -> portal-tunnel -> client-config -> configs -> default-user-config -> gateways -> external -> list...

u22443 by Not applicable
  • 3100 Views
  • 3 replies
  • 0 Likes

Resolved! Question Regarding Reporting

Hi All!I'm responsible for Security Analysis at a Telecommunications company up in New England. We've recently deployed Palo Alto firewalls to all sites, and I am currently going through PDF Reports manually while we get Splunk installed.One thing that confuses me is that occasionally, when doing a custom report, we get a traffic action I'm not ...

Resolved! FQDN vs NetBIOS Domain Name

Hi,I have a PA-3020 running agentless user-id. When I examine the traffic log, some user id's are displayed as netbios_domainname\userid and others displayed as FQDN\userid.ie:domain\billwvs.domain.somewhere.com\billwAny ideas as to why this happens?ThanksM

charger by L2 Linker
  • 11390 Views
  • 5 replies
  • 1 Likes

DHCP Server ip adress give so slow

hello,we are try palto 5060 fw. Palto os 4.0 not yet update 4.1. Before we was using juniper and we write all rules same as juniper after all our network ip address relase or renew so slow.We have 3 zone. Trust, untrust and dmz. Our dhcp server is located dmz zone. As palto not as juniper not giving ip. it is slow.I want to learn what am i do f...

aupalto by L0 Member
  • 5142 Views
  • 3 replies
  • 0 Likes

Resolved! what is wrong with blocking firefox

Hello all together,there something misterious for me becauseto block firefox i used this document https://live.paloaltonetworks.com/docs/DOC-5028 but with this config it hasn't been working so far.Is there a hand? My Config is:i tried it with enabled and disbled "data patterns"i appreciate any idea. ThxCheers Klaus

kdd by L4 Transporter
  • 5813 Views
  • 4 replies
  • 0 Likes

Linux VPN clients

Does anyone have suggestions for Linux based VPN client software to users into a Palo Alto Managed environment. The dynamics (frequent upgrades of various distributions) is causing issues with our current 3rd party commercial VPN solution. Any suggestions would be greatly appreciated. Clients are Ubuntu based laptops.Phil

HITSSEC by L4 Transporter
  • 4412 Views
  • 5 replies
  • 0 Likes

Resolved! GP - second gateway creation problem

HiI have PA200 with 5.0.5 with ateway and portal licence.On untrust interface I have /26 networkTo set up another gateway I added second IP to my untrust interface. X.X.X.141 with /32 mas - is it correct?after commit I add new gateway profile and try to add client configuration.But I cant pick a checkbuttonwhat I do wrong?I need second getway be...

_slv_ by L4 Transporter
  • 4008 Views
  • 5 replies
  • 0 Likes

Resolved! Forward DNS requests

Hi,We are looking for a way to forward All dns requests to internal DNS ip.Either client changes its ip address to public dns addresses it should be forwarded to internal.Can we do that ?We don't want to write a deny rule for public Dns requests.We don't want to enforce client's dns.

Palo Alto blocking Wii game

Hi All -Just got my Palo Alto installed last week! So far so good. Hope this is the right place to be posting...I just got a message from a student that since the firewall install, a game on his Wii U, Monster Hunter, has stopped working. He claims this game works via P2P -- I haven't not looked in to this yet. We do not block P2P, but we u...

Resolved! GP with Host detetion and auto-connect

Hi,PA 500 in 5.0.4 and GP client 1.2.3Would like to be sure, I need GP auto connexion from outside of my network and no GP in my network.Then configure my external gateway, my internal host detection. It works well.But short question do I need the GP license for that ? Normally no, just one gateway, no HIP then no license ....During my test, it ...

VinceM by L5 Sessionator
  • 5816 Views
  • 5 replies
  • 0 Likes

Loopback addresses and ARP

I'd like to terminate VPN's on lookback addresses from my public range.If my public interface is 1.1.1.1/24 and I want to terminate VPN's on .2 and .3 I create two loopback interfaces (place them in the Internet Zone) with the IP addresses of 1.1.1.2 and 1.1.1.3.Should their subnets be /24 or /32? (I've see examples here that show it configured ...

Resolved! Can firewall act as VPN client?

Wondering if we can configure a lab PA-200 to connect to a VPN concentrator on the internet using IPsec, as though it were a VPN client not a site-to-site tunnel. Not connecting to the firewall using GP, but using the firewall itself as the VPN client...and then use routing or tunnel interface to receive interesting traffic sent to firewall tha...

Nick1 by Not applicable
  • 5036 Views
  • 6 replies
  • 0 Likes

How to QOS Cisco Phones?

Architecture:Hub and Spoke, Site to Site Ipsec VPN tunnelHQ Site:ASA5520Call ManagerCisco IP PhonesRemote:PA5020No Call ManagerCisco IP PhonesRemote users connect to HQ via VPN tunnel between ASA and PAQOS Policysrc.zone Inside dst.zone Inside to match traffic over the tunnelappsrtcp, rtp and sccpThis is working pretty well. Any further advice ...

PANoJAM by Not applicable
  • 4122 Views
  • 3 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks