This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4235 Views
  • 0 replies
  • 0 Likes

cluster question

Hi,Device1 ActiveDevice2 PassiveWhen a failover happens...it takes about 7-8 timeouts(45 second) : device1 passive device2 activeWhen a failover happens again it takes about 1 timeout(good time): device1 active device2 passiveAny ideas ?Thanks.

SYSTEM ALERT: Version 5.0.5

Hi All,After upgrading to version 5.0.5 i have a strange thing....---severity: highopaque: HA Group 1: Peer version of 5.0.5 not compatible with the HA2 keep-alive setting; disabling HA2 keep-alive---severity: criticalopaque: HA Group 1: All HA1 connections down----Am I missing something?Regards,Alex

Oleksandr by L3 Networker
  • 4380 Views
  • 9 replies
  • 0 Likes

Resolved! M-100 Panorama Mode Collectors in HA

Probably an obvious question but the documentation doesn't seem to reference this directly...If I have 2 x M-100s in HA, by default they are in a state where the primary is listed within the "Managed Collectors". From what I understand the logs are not sync'd between the primary and secondary - only the configuration aspect of Panorama. With t...

dmeier2 by Not applicable
  • 3404 Views
  • 2 replies
  • 0 Likes

Resolved! Global Protect with Active Directory Accounts

Hello all,I have what might be a simple question. I want to authenticate to Global Protect SSL-VPN using my current Active Directory users. Do I need to have the User ID software installed on a domain server to do this? If thats needed for LDAP can one of the other server types do what I'm looking for with out the software on a server?I have a P...

jnunham by Not applicable
  • 4020 Views
  • 5 replies
  • 0 Likes

Resolved! Bi-directional NAT is still requiring a /32 static route

I have two VPN tunnels established with a vendor. 1 is in San Digeo and 1 is in Las Vegas. The subnet in SD uses 10.220.1.0/24 and LV uses 10.220.2.0/24. With both tunnels they want me to NAT my IP of 172.16.1.235 to 10.200.249.30. I have a NAT statement configured that says to NAT all traffic coming from zone Inside to zone VPN Tunnels comi...

nthen by L3 Networker
  • 5225 Views
  • 4 replies
  • 0 Likes

Run NetConnect and Global Protect concurrently on 4.0.12

I would like to run Global Protect and NetConnect on a 4.0.12 firewall.I have domain users and vendors that I would like to address separately pushing the GP.msi through Group Policy to the domain users and then hand holding the vendors.Then I could upgrade to 4.12.I want to run both GP and NC at the same time on 4.0.12.I see there is a trial li...

Resolved! HA PORT CONFIGURATION IN 4.1.12?

Hello world,I have done an upgrade of PA2050 cluster in 4.0.9 to 4.1.12. In 4.0.9 the link speed and duplex for HA PORT was forced.after the uprade in 4.1.12 I lost a lot of packet and when I tried to do a commit I had an error message. Commit failed because the HA PORT LINK IS NOT AUTO. I have changed the link port to auto and the issue was fix...

alle by L3 Networker
  • 3434 Views
  • 2 replies
  • 0 Likes

Communication within different Trust Zones

Hi,I am working with PAN-500 3.0.9.I have configured 2 trust zones and 2 untrusted zones.l3-trust IP 192.168.0.254/22; l3-untrust 200.78.x.xl3-trust2 IP 192.168.10.254/24; l3-untrust 201.161.x.xI need that users from l3-trust get access to servers located at l3-trust2.I have this policy:From l3-trust2 to l3-trust source address 192.168.10.0/24 d...

Resolved! Block but don't log

Is there a way to block some vulnerabilities or spyware without logging them? For instance I would like to block all the Microsoft SQL Server Stack Overflow Vulnerability but I am tired of them skewing some of our charts and stats. it looks like I can alert (allow and log), block (drop and log), of allow (allow, no log) but nothing for block/no ...

jmayne by Not applicable
  • 3237 Views
  • 3 replies
  • 0 Likes

Resolved! LDAP - Group Mapping with Child Domain users

Hi all,We'd like to use an Active Directory group in our root domain (e.g. "company.com") to control GlobalProtect authentications. Let's name this AD group "VPN Access" (it's a "Universal" Security Group). It contains user objects from the root domain itself but also from other subordinate domains like "branch1.example.com". Unfortunately, our ...

oschuler by L4 Transporter
  • 6133 Views
  • 2 replies
  • 0 Likes

NAT rule for IPSEC VPN using NAT-T

I'm running PANOS 4.0.13 and I've enabled NAT-T via the command line. I'm having trouble getting traffic to pass and I assume it must be my NAT policy.1. I set a destination NAT as the vendor will be the initiator. The NAT is defined like this:srczone: Vendor-VPNdstzone: Untrust dstaddr: NAT IP (172.1.1.1.) dst translation addr: Real IP (10.1...

iguarino by L0 Member
  • 3284 Views
  • 2 replies
  • 0 Likes

Resolved! PAN-OS 5.0.5 :Commit failed

Hello,I have upgrade my firewall from 5.0.1 to 5.0.5 successfully.But when I am trying to commit. It is giving below error.Operation CommitResult Failed Details vsys -> vsys1 -> global-protect -> global-protect-portal -> portal-tunnel -> client-config -> configs -> default-user-config -> gateways -> external -> list...

u22443 by Not applicable
  • 3154 Views
  • 3 replies
  • 0 Likes

Resolved! Question Regarding Reporting

Hi All!I'm responsible for Security Analysis at a Telecommunications company up in New England. We've recently deployed Palo Alto firewalls to all sites, and I am currently going through PDF Reports manually while we get Splunk installed.One thing that confuses me is that occasionally, when doing a custom report, we get a traffic action I'm not ...

Resolved! FQDN vs NetBIOS Domain Name

Hi,I have a PA-3020 running agentless user-id. When I examine the traffic log, some user id's are displayed as netbios_domainname\userid and others displayed as FQDN\userid.ie:domain\billwvs.domain.somewhere.com\billwAny ideas as to why this happens?ThanksM

charger by L2 Linker
  • 11563 Views
  • 5 replies
  • 1 Likes

DHCP Server ip adress give so slow

hello,we are try palto 5060 fw. Palto os 4.0 not yet update 4.1. Before we was using juniper and we write all rules same as juniper after all our network ip address relase or renew so slow.We have 3 zone. Trust, untrust and dmz. Our dhcp server is located dmz zone. As palto not as juniper not giving ip. it is slow.I want to learn what am i do f...

aupalto by L0 Member
  • 5187 Views
  • 3 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks