This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Global Protect Setup

I have attached pictures of my current Global Protect setup. Now we have had a request to allow IPAD's, and Android tablets on to the VPN. Can I have multiple profiles? One for our Domain laptops and one for tablets? I see from the documentation that

...

Resolved! Selective cut-paste of the config

Hi,

I have to deploy 9 PA boxes. I would like to create all objects on one box and copy that section to all the boxes. How do I achieve that? The config seems to be in XML format and section cut-paste is not working on command line. So far only way I

...

smunzani by Not applicable
  • 4680 Views
  • 5 replies
  • 0 Likes

Number of supported Global Protect clients per box ?

In all the specifications sheets there is a different number listed for the concurrent SSLVPN and IPSECVPN supported clients.

eg. on a 5020

  • 2,000 IPSec VPN tunnels/tunnel interfaces
  • 5,000 SSL VPN Users

I find these number very confusing :

Globalprotect

...

Resolved! Threat Prevention Throughput

Hi,

Just want to know if there is a way to see how much threat prevention throughput is consuming? The command I use to check for the current throughput is show systems statistics sessions but I believe this is for the firewall throughput. Please corr

...

Blocking jar and class files. What about *.pack.gz?

To mitigate the threat of the non stop java exploits Ive started to block jar file and class files. Now in the data filter logs i spot *.jar.pack.gz files. Im wondering about a few things

  1. Is blocking jar and class files a good mitigation against brows
...

choff123 by L3 Networker
  • 3013 Views
  • 3 replies
  • 0 Likes

Resolved! flow_inter_cpu_nat_mismatch

Hi All,

   Noticed this Global Counter incrementing on our 5060 platforms ( running 4.1.x code ). When messing with the command "set session processing-cpu" and pointing all new sessions to a single CPU the counter stop incrementing (makes sense, no i

...

dpenhall by L2 Linker
  • 1585 Views
  • 1 replies
  • 0 Likes

Shared Application Groups in Panorama Version 5

In Panorama Version 5 it can be configured that address and service objects are only applied to firewalls which actually need these objects because they are used in the policy. Unused objects are not pushed to the firewall. However we found out this

...

Anon1 by L4 Transporter
  • 1546 Views
  • 1 replies
  • 0 Likes

GlobalProtect Vsys issue

Hello

I want to configure GlobalProtect Remote Access to limit the connection to a Vsys from external administration users to just the ones that uses VPN.

I have tried on a PA-200 and works but There's an error when I configure the same settings on PA-

...

Resolved! Routing Daemon

Hi All. Could you please let me know the routing daemon used in Palo Alto firewalls.

Thanks in advance.

Hari.R

Resolved! DHCP - Getting info on allocated IPs

We have our PA-500 setup on our company's public network.  This network is used by employee's personal machines and clients machines when they come into our office.

We have run into a few situations that we can see someone is most likely infected as t

...

smithp by L0 Member
  • 1727 Views
  • 1 replies
  • 0 Likes

Need another BGP instance on Virtual Router

So I need another BGP instance on a virtual router of mine... but ive read that its not possible


Admin Guide

The firewall provides a complete BGP implementation that includes the following features:

Specification of one BGP routing instance per virtual

...

choff123 by L3 Networker
  • 2858 Views
  • 2 replies
  • 0 Likes

Resolved! PanOS 5.0 on-device User-ID agent

Hi,

I have installed a PA200 with PanOS 5.0.2 and on-device User-ID agent. I have connected my device on a network with a DC Windows 2008R2 and I have configured User Mapping and Group Mapping Settings as explained in the Getting_Started_Guide_PanOS 5

...

lauro7 by L0 Member
  • 2203 Views
  • 2 replies
  • 0 Likes

Resolved! Problem with interzone U turn NAT

Hello,

I followed the instructions in the paloalto "understanding NAT-4.1RevC" pdf for implementing U turn NAT.

It works when I try to access a server in the DMZ from the trusted zone via it's public untrusted IP.

I have now a web server which somehow t

...

Resolved! Physical connectivity validation on passive device

Hello,

We use vsys on our PaloAlto cluster. During a new vsys deployment, I would like to validate that the passive device's physical connectivity to a switch is working.

But I don't wish to launch a failover just for this, because it could impact the

...

Duplem by L2 Linker
  • 3312 Views
  • 2 replies
  • 0 Likes
  • 24197 Posts
  • 100 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks