This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4121 Views
  • 0 replies
  • 0 Likes

Resolved! Question Regarding Rule Processing Behavour with Multiple Virtual Routers

So I have a few virtual routers on my PA 4200.I have one VR that every packet touches more or less before it gets sent on its way. Every Interface has its own zone.So,a packet comes into the main VR (VR1). A route is found, NAT rules are processed (none found) and a security rule is hit, packet is allowed through and a (firewall) session is crea...

choff123 by L3 Networker
  • 3559 Views
  • 4 replies
  • 0 Likes

New User-ID agent 5.0.1-2

In User-ID Agent Release Notes is mentioned:Addressed Issues 5.0.1The following issues have been addressed in this release:• 46473 – Not able to install the terminal services agent version 5.0.0 on a Windows Server 2003 R2 system. Support has been added for this version of Windows.But this is release for User-ID agent and not Terminal Services. ...

Resolved! Global Protect SSL VPN and 802.1x

I currently have 802.1x setup on our switches and it works very well for us in our environment. It allows our users to roam around the office and basically plug in wherever they want and they always live on the same VLAN and always have access to the same VLANs. We have many users outside of the office who need access to internal resources while...

Resolved! Subnetted traffic issue

I am running my PA-2050 on layer 2. The system runs great except for one issue. My wireless zones are subnetted. The PA can see the subnetted traffic, allows it to go out, but the packets get lost on the return back. I know there is nothing wrong with any devices in the upstream since all other content filtering systems we have ran before never ...

Global Protect fail-over in a single PA with ISP failover

Hi everyone - I have a customer who is looking to have GlobalProtect fail-over along with ISP fail-over in a single PA cluster.Currently I am using PBF and a single VR for theI SP failover and it works fine EXCEPT when it fails over there is no GP VPN.We purchased a portal license and I have added that to the cluster as well as cfg'd the secon...

dbrenipc by L3 Networker
  • 2790 Views
  • 1 replies
  • 0 Likes

Resolved! Moving from 4.0 to 4.1 (affect on NetConnect users)

I'm considering moving to the latest 4.1 release from 4.0.11, but I have a large number of SSL VPN users using the NetConnect client 1.3.2. I believe they would have to use a Global Protect client once the OS is upgraded to 4.1. What would be the best way to prepare for that? Can I push the latest Global Protect client to these existing users...

iguarino by L0 Member
  • 3803 Views
  • 3 replies
  • 0 Likes

Resolved! Internet facing interface dhcp-client inbound NAT

So,PAN 5.0.1 eth1/1 - Layer 3 / Internal network 10.0.0.1/24eth1/2 - Layer 3 / External network - DHCP assigned IP adress from ISP.Outbound NAT works. Inbound NAT i simply doesnt get to work.. Used the cli command test nat-policy-match from Untrust source 8.8.8.8 destination [assigned ip adress of eth 1/2] destination port 3389 protocol 6Got rul...

criiser by Not applicable
  • 5076 Views
  • 4 replies
  • 0 Likes

Building ISP's Network?

My ISP gave me 2 networks.My 64 IP one (main-net) and then a 2 IP one (link-net)that connects back to the ISP Box.I know I could make this with a simple router/ Layer3 switch.I have just started testing with our PS-2050.Is there a simple way to do this in box?I am thinking it would just be 1 VR between the link-net and the main-net. Then another...

Resolved! Allow traffic to specific URL - Best practices

Dears,I have 2 PA2020 implemented working as webfilter only. (virtual wire feature)I need to implement a rule which will permit any user to access the website www.adpweb.com.br anytime...What I did:Rule at first positionsource: any user, any zone, destination: any IP, any zoneURL: I created a specific URL CategoryI see that many others traffics ...

Resolved! HA Active/Passive Management Design

I am testing out and setting up two PA-2020 in a HA Active/Passive setup for eventual use in our production network. I am testing this outside of our current network infrastructure to ensure I understand the complete setup processes. I had a couple design questions regarding this setup.As of now I have two zones, WAN and LAN enabled on both fir...

cmateam by L3 Networker
  • 6689 Views
  • 6 replies
  • 0 Likes

SSH interception and server rekey

PA200 running 5.0.1-h1, SSH traffic is being intercepted to block tunneling which is working fine so far. The issue I'm seeing is the client (Putty) is dropping the session after 60 minutes with "Server's host key did not match the signature supplied", I'm guessing this is the SSHD rekey interval.Is there a trick to get the Palo Alto SSH to han...

rob72 by L1 Bithead
  • 2701 Views
  • 1 replies
  • 0 Likes

Resolved! I need configuration help In vwire mode ,....

Hi All,..Kindly refer the fallowing topology, in which VLANs (ex:10 VLANs) are created and any traffic to internet is routed to the core firewall. In between core switch and firewall i have connected PaloAlto firewall in VWire mode and also have defined the policy to allow traffic. Did i need to define any VLANs in PaloAlto? Because i am not abl...

Gururaj by L4 Transporter
  • 3443 Views
  • 2 replies
  • 0 Likes

Resolved! Dropped Sessions

I've a strange problem. My PA (5.0.1) randomly kills all sessions. This is causing me problems as all internet traffic times out during these issues. You can see from the show system statistics screen dump below that there is 0 packets and 0Kbps through put but 1191 active sessions. The second window shows the PA in normal mode a few seconds aft...

djrodb by L3 Networker
  • 3982 Views
  • 1 replies
  • 0 Likes

Resolved! Different block pages based on policy

Is there no way to have different block pages appear per policy ? We have distint needs for a few different groups of users. We need one URL block page to come up when one policy is triggered and a different block page when another policy is triggered. Is this possible ? If not, why ? Any plans to make this happen ? Any hacks that are possible ?...

jhickey by L3 Networker
  • 5260 Views
  • 3 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks