This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4113 Views
  • 0 replies
  • 0 Likes

Assigning VPN User a Static IP

We have a customer who is running a specific thick application that requires the user to have the same IP address every time they attempt to authenticate to their servers. In the office this is not an issue since we can assign them a static IP and then do NAT based on that IP address. However, they need these users be able to VPN in and use the ...

jmahoney by L1 Bithead
  • 4193 Views
  • 2 replies
  • 0 Likes

How to block upload dropbox with upstream proxy

Hi to all,I have to implement a block dropbox upload.The architecture that I have to provide the user network, the internal firewall Palo Alto, an external proxy, an external firewall, Internet.I configured the various points to implement the block and everything works if the client directly without going through the proxy, on the contrary inste...

SOCMAECI by L0 Member
  • 2231 Views
  • 1 replies
  • 0 Likes

PanOS 4.1 - GlobalProtect portal client configuration failed

I am having a problem with my GlobalConnect configuration. Everything works fine when I have it set to On Demand. However, I have a set of users I want to effectively have the VPN always on, so for them I've created a second configuration but when a user in this group connects I get the following error in my System Log:GlobalProtect portal cli...

kkolk by L0 Member
  • 4491 Views
  • 3 replies
  • 1 Likes

Resolved! Allow domain services through PAN 2050

I am trying to allow windows active directory services (2008 domain) through the firewall, in between zones. I have created my policy to allow the following applications:active-directoryms-ds-smbmsrpcnetbios-ssdnsms-win-dnsms-winsnetbios-dgms-netlogonI have created rules for bi-directional access. I am unable to join a server to the domain howe...

UncleRico by Not applicable
  • 4598 Views
  • 2 replies
  • 0 Likes

L3 vlans and devices/systems that don't support vlanning issue.

Hello all,I've recently setup our PAN-2020's with L3 sub-interfaces presenting VLANS to our core switches (per this discussion: ). However, I've run into a problem that I can't manage or connect to devices, like our SAN, KVM, and even the PAN Firewall (management port) because they are on the same switch and use the default vlan of the switch. ...

cmateam by L3 Networker
  • 3755 Views
  • 2 replies
  • 0 Likes

Resolved! VPN for IPAD

Does somebody how to configure an IPAD in order I can use the VPN. I have it working for windows laptops, but not for an Ipad, I look the manual but honestly I need somebody else to explain step by step. Can someone help me?Regards,

Resolved! LDAP not working

I am trying to get my PA to talk to an LDAP server. I set up the LDAP server as described in the documentation User Identification Tech Note - PANOS 4.1.pdf) but it never is able to connect. I get this error:ldap cfg mydomain failed to connect to server (10.10.10.10:389), source 10.10.252.4.Now 10.10.252.4 is configured as my Management interf...

kjh by Not applicable
  • 4469 Views
  • 4 replies
  • 0 Likes

GlobalProtect Portal has a problem with DHCP Ext interface

I'm hoping that someone from PAN Support or Development can answer this question. I have been fighting with this for weeks now and have narrow the problem down to the GP Portal service.ScenarioI have a PA-200 in my lab with two Layer3 interfaces defined. The Internal L3 interface has a Static IP for the local network, while the other L3 interf...

jwolach by L4 Transporter
  • 3589 Views
  • 5 replies
  • 0 Likes

Best way to block private ip's but make exception for 1 network.

I just upgraded from 4.0.7 to 4.1.6. Since this upgrade our monitoring server in the LAN 10.x.x.x/24 can not browse to our web servers in the DMZ 192.168.X.X/24. It shows up as, action blocked-url, with Category of private-ip-addresses. I have private-ip-addresses blocked in the URL filtering but I have a custom URL category defined that allows...

Need help with Enterasys NAC/NMS and PaloAlto UserID

I am trying to make the Enterasys/PaloAlto integration from this doc work:Running 4.1.6 code on the PA-4020 and the associated UserID agent on a single server. I followed the directions exactly but see no evidence info is making it to the UserID agent.Is this compatible with the latest UserID agent? Support directed me back to the community/de...

keklund by L1 Bithead
  • 2363 Views
  • 1 replies
  • 0 Likes

ARP Cache Limit on PA-500

Hi PAN,When is that the PA-500 will have an ARP cache limit of 1000? I was promised during the launch of version 4.1 that the ARP cache limit had been increased to 1000 from 500 just to realise that it never happened. I am desperately waiting for something on this as clients are not at all happy with this and having a work around just to avoid...

Resolved! Renaming a VSYS

Should I expect any issues if I rename a VSYS? I assume it should rename all VSYS names in the config where applicable?

jambulo by L4 Transporter
  • 5736 Views
  • 4 replies
  • 0 Likes

Traffic log database exceeds alarm threshold

Hello,This is not very clear on Palo box, since months we have issue that everyweek we have alarm indicating that the log was exceeded 80 of the quota, infact we want to log all traffics and don’t want to disable logging on somerules, I monitored during the week the logdb-quota and Palo don’t clear/purgeor delete older log at 80%, we opened a ca...

BSadozai by L2 Linker
  • 10028 Views
  • 6 replies
  • 0 Likes
  • 24333 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks