This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4229 Views
  • 0 replies
  • 0 Likes

Resolved! How do I block all URL traffic but a select few?

This question has been asked in a couple of different ways without a definitive answer that I can find.My challenge is that we have an external engagement space where designers (internal and external) collaborate on projects. Users thin client into the environment and do their work with data and information going into the secure environment wher...

dmcgee by L0 Member
  • 17635 Views
  • 5 replies
  • 1 Likes

Resolved! Display 'Last logged in' info on user's logon screen

Hi,Is it possible to display the timestamp of the last login on the logon screen (both in captive portal and at the globalconnect remote client)?I think this is a nice assurance for the user to actually check that noone has used his account since his own last login.It is probably technically challinging, but I want to discuss the possibility and...

HA Primary

Why is it when I have a HA pair with an identical link failure on both devices (same monitors configured), the device with the higher 'device priority' value (least preferred) becomes the Primary device?When a pair of devices has the same failure the device with the lowest priority (most preferred) should be the primary.It seems to end up on the...

Palo Alto start up queries

Hi everyone,Just have some queries on Palo Alto firewalls posting some questions. Help on these is much appreciated. what does the following command do > show neighbour all Does this function like Cisco discovery protocol to identify the peer CISCO devices or for OSPF neighbour or some other purpose?2. how to see interface physical and adm...

srikanth by Not applicable
  • 3702 Views
  • 1 replies
  • 0 Likes

Resolved! Syslog - What IP is Sourced in Syslog?

PA500 and syslog? What IP (or interface) is sourced from the PA to a syslog server? Is it a management interface? If you have multiple assigned management interfaces, which one?Thanks.

dudesdad by Not applicable
  • 6202 Views
  • 4 replies
  • 0 Likes

Resolved! SSO Requirements

As with most things GlobalProtect I am having issues with a customer and am finding it difficult to find out why.I guess the first question is do you need to use client certificates in order to use SSO with global protect?The issue the customer has is although he has checked single sign on in the portal config he still has to enter his username ...

Resolved! unauthenticated users

Is there a simple way to prevent unauthenticated users from accessing the internet from the inside?It is my understanding that you cannot negate AD Groups? True?I was hoping to create a policy like this that would deny any unauthenticated users from accessing the internet.Zone Address User ...

Does anyone know "flow_fwd_zonechange" and "Packet routed to different zone"???

Hello All.I use PA-5050 , PANOS-4.0.9 , 10G InterfacesDMZ zone has FTP Server. It work for file download service to Internet.FTP data traffics are very slow (about 50KByte/s).But the device is working "commit" that FTP data traffics are fast(about 10MB/s)And FTP data traffic are slow again after commit 10 minute.I had checked Interface count on...

Resolved! User-ID functionality for 5.0+

I am playing around with a new PA200 we recently purchased. I am interested in learning more about he new User-ID functionality that is built into firmware version 5.0+. Is there any documentation, white papers, etc. that I could use to try and get this setup? Everything I have found seems to be fairly dated. Any help would be appreciated.Thanks!

AD Tools and Lync do not work over our SSL-VPN

I connect to the VPN (NetConnect). I get all my ipconfig correctly. I can ping anywhere in the network.If I bring up an MMC I can add an RDP snap-in and RDP to machines.However, the AD, DNS, DHCP snap-ins cannot connect to our servers.Checked the firewalls on the servers.The tunnel terminates into the same zone as the servers.Mysterious....

Resolved! Apple or Mac viruii scanning

GroupI have a student in one of my classes who asked what scanning techniques do we have, surrounding the AV security profiles that we apply.Apple File Protocol is not one of the 6 precanned decoders that we apply in our AV scanner.How does/would Palo Alto scan for viruses that could be transmitted using AFP (Apple Filing Protocol)Thank you.Steve

scantwell by L4 Transporter
  • 2600 Views
  • 1 replies
  • 0 Likes

Resolved! HOW to disable DHCP Lease start in system log

Hello,DHCP server is enabled on PA for some customers.It works fine BUT it creates a lot of entry in the sytem logs.( receive_time leq '2013/02/06 11:49:27' ) and ( subtype eq dhcp ) and ( severity eq informational ) and ( eventid eq lease-start ) and ( description contains 'DHCP lease started ip 192.168.99.13 --> mac 68:96:7b:36:2d:8d, inter...

licenselu by L4 Transporter
  • 4282 Views
  • 3 replies
  • 0 Likes

Resolved! Global Protect Setup

I have attached pictures of my current Global Protect setup. Now we have had a request to allow IPAD's, and Android tablets on to the VPN. Can I have multiple profiles? One for our Domain laptops and one for tablets? I see from the documentation that the tablets will need a Root Certificate from the PAN. If I create a Root Certificate for the ta...

Resolved! Selective cut-paste of the config

Hi,I have to deploy 9 PA boxes. I would like to create all objects on one box and copy that section to all the boxes. How do I achieve that? The config seems to be in XML format and section cut-paste is not working on command line. So far only way I could see it working is export the config from GUI to xml format, edit whole file in notepad and ...

smunzani by Not applicable
  • 7165 Views
  • 5 replies
  • 0 Likes

Number of supported Global Protect clients per box ?

In all the specifications sheets there is a different number listed for the concurrent SSLVPN and IPSECVPN supported clients. eg. on a 5020 2,000 IPSec VPN tunnels/tunnel interfaces5,000 SSL VPN UsersI find these number very confusing :Globalprotect uses both IPSEC and SSL ( IPSEC is preferred I was told).So my question, how many globalprotect c...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks