This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

Resolved! Global Protect CLient "Startup Before Login"

Is there a way to have the Global Protect client interface show up before a user logs into Windows? For example, They want to manually connect to VPN before they login to their Windows machine. Thanks

eputnam by L1 Bithead
  • 3875 Views
  • 4 replies
  • 0 Likes

NAT inside VPN Tunnel

I have to create a VPN Tunnel to an untrusted network (business partner).I found out I will have to advertise all of our subnets to the parner, server nets, user nets, all of them...I will make some firewall rules to restrict traffic but also ...Is there a way I can setup the VPN but then NAT INSIDE the VPN so the remote side does not have to se...

choff123 by L3 Networker
  • 2337 Views
  • 2 replies
  • 0 Likes

Global Protect - how to do it?

HelloI havent licence for GP but I have a problem to solve ...I have 3 types (groups) of clients:(1) must have internet access with av/antyspyware/etc profiles.(2) must have internet access like (1) plus RDP to some host in local zones. Every client must have their own policy thats tell with server will be available to this person by RDP session...

_slv_ by L4 Transporter
  • 3213 Views
  • 3 replies
  • 0 Likes

Hit-Statistics per Security/NAT Policy

Hi,I would really like to see how often a security policy is hit. We came from Sonicwall to Palo alto, and this is one of the things i miss the most.Maybe there's a CLI command for it ? I didn't find it so far.Hope you can help me out.Kind regards,René Posthumus

APT Attacks

APT attack is one of the things the security industry is focusing on these days, and something that we should be aware of as well. In case a RAT (Remote Access Tool) gets installed on the user’s PC, an attacker can access and download all files within the victim’s PC. By having encryption on the documents, it eliminates the threat of allowing th...

Resolved! Testing IPv6 using test-ipv6.com

I'm unable to successfully complete test-ipv6.com (10 out of 10) without doing either 'Any' application or adding unknown-tcp as an application.When I do just web-browsing, I get denies on 'unknown-tcp'.Is there something different I can do without allowing wide open browsing for IPv6? Is this a deficiency in the Applications list or the way w...

Isolate and NAT a segment for BYOD

I've tried setting up a subnet on our local network for wireless BYOD purposes and our aim is to have phones/pads connect only on this subnet (10.84.0.0/16). An ACL on our layer 3 core switch prevents this subnet from communicating with other 10.x.x.x segments directly, where our other users and servers are set up.We want to apply our filtering ...

sspivey by L1 Bithead
  • 2942 Views
  • 1 replies
  • 0 Likes

Resolved! ignore_user_list.txt/filter groups list

Question, when we were using the User Identification Agent Version 3.1.2 we could filter out accounts by editing the “ignore_user_list.txt” in the pan agents folder (typically c:\Program Files\Palo Alto Networks\PanAgent). Now we have upgraded to the User-ID Agent Version 4.1.1-7, is there a way to filter out accounts in a txt file and in filte...

Resolved! Another download is in progress

When attempting a download of a PAN OS software image, I get the error "Another download is in progress. Please try again later" in the download dialog. How can I find out what download is in progress and potentially stop that so I can get the software image downloaded?

Report like in CheckPoint - possible?

repoHiRecently I was on Next Generation SECURITY Conference 2012 in Poland. I got sample report from CheckPoint 3D security. You can get it from http://downloads.checkpoint.com/dc/download.htm?ID=13521Is it possible to get similar report from PAN (without PANORAMA)? Im interested in content from 1 -15 page of this report.I need to get the same i...

_slv_ by L4 Transporter
  • 3508 Views
  • 3 replies
  • 0 Likes

Resolved! HA Down Time

Dear Support:I want to know how long will the Standby PA become active ?According to the HA best practice , Running @ PA2020 & 4.1.8the HA statue is normal , all things are matchand the link monitor had setup , interface monitor set to shutdownI ping 8.8.8.8 -t at the internal networkI unplugin one of data interface , and the standby PA bec...

j.guo by L1 Bithead
  • 5639 Views
  • 4 replies
  • 0 Likes

Resolved! Export Object Addresses list

I see there is a way to export policies, is there a similar way to export my objects/addresses? I'm trying to do a little cleanup on my PA4020's and I'd like to send object lists to the people who requested their creation, to see if they are still valid. By the way, it would be VERY helpful if I could add a comment to an object, so I know who ...

bhelman by L2 Linker
  • 4282 Views
  • 3 replies
  • 0 Likes

Resolved! HA Lite Configuration A/P not working...

Hi All,Trying to configure a pair of PA-200's as an active-passive cluster using "HA lite". Right now both devices are showing active, so it seems the nodes do not see each other as cluster members. I have defined one HA link on both firewalls, ethernet1/2...they are connected together via a cross-over cable and both interfaces are showing UP....

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks