This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4455 Views
  • 0 replies
  • 0 Likes

Resolved! SSL for GlobalProtect / Captive Portal

Hi All,I'm attempting to install a wildcard certificate on the firewall for Global Protect and Captive Portal without much luck.Basically I'm trying to use the existing wildcard certificate, the organization has. Steps I've taken:1) Export the certificate and the private key as *.pfx out of IIS. 2) Convert these to PEM files with openssl.3) Down...

BTS_MS by L2 Linker
  • 4874 Views
  • 2 replies
  • 0 Likes

VoIP over NAT issues: Ring but no audio; disconnects

I have our VoIP PBX set up with an IP on our external side via NAT. The policy is a simple static NAT from the internal IP to the external. I also have the correct security policies in place to allow SIP/RTP traffic to pass freely to and from the external IP address. The PBX server can be accessed via HTTP from outside our network, and my cell p...

Resolved! PA-2000 HA Timers

Currently if I hard power down my primary firewall it takes about 6 Seconds for the secondary to take over, a bit slow really.Changed most of the HA timers to their minimum, just checking to see if there is any other configuration that can be changed to make this a bit quicker?

http forward to proxy

Hi,I try to forward my WiFi mobile users http communications to my proxy.WiFi mobile users and proxy are in two different VLAN plug on Palo Alto (default gateway of mobile users and proxy is Palo Alto Firewall).Is it possible with Palo Alto?The problem is that I need to forward all HTTP (80) from mobile users to the proxy on a different port (80...

mlop by Not applicable
  • 13681 Views
  • 13 replies
  • 0 Likes

Resolved! Using ISA for OWA

Hi AllI'm looking to replace our Fortigate 110c with a new PA-500 and I've managed to write the security and NAT policies which when tested seemed to work well apart from OWA.We have an ISA 2006 server which publishes OWA and OMA on a public IP and have configured the NAT rule and security rule as I did for all the other sites (like Citrix etc) ...

TDC by L1 Bithead
  • 3716 Views
  • 3 replies
  • 0 Likes

Resolved! Session timeout

Hi All,i want to ask about session timeout setting in palo alto.if we create policy to allow traffic from trust to untrust with service http (custom http port 80)1. what is default session timeout for http traffic?from my testing it will hit web-browsing application event though i create the policy use service instead of application.2. is it a c...

el by Not applicable
  • 4887 Views
  • 2 replies
  • 0 Likes

Palo Alto in Cisco network with VRF lite

BRosenba asked this question last year. "We've recently purchased an HA pair of PA 5050s. We are planning to utilize the devices in cooperation with some Cisco core switching hardware and VRF lite to segment/secure internal traffic as well as traffic to the Internet." Is there a layer 3 solution with the Palo Alto? The Cisco core switch has tw...

oshcomp by Not applicable
  • 5448 Views
  • 1 replies
  • 1 Likes

Resolved! Control OWA

Hi I want to stop our users from accessing company email from their home (non company supplied) PCs using OWA. I still want to allow access to our email systems through webmail/httpsCan this be achieved by app filters (MAPI, Active sync) OR do I need to adopt a more granular policy via data filtering and look to block OWA via specific HTTP get r...

djrodb by L3 Networker
  • 5317 Views
  • 4 replies
  • 0 Likes

New Pan Agent.

We recently installed the new PAN agent 4.1.4.3.Since we installed this we don't seem to be able to get at our LDAP group against which we have many security rules.i have been told that an option exist with userid agent option in the Device tab to define the groups. Having done this the groups are still ignored during rule processing.To compou...

Resolved! CERT_DATE ERROR SSL-VPN Global Protect PanOS 4.1

Hello,I configured the VPN-SSL on PANOS 4.1 using the "Configure Global Protect tech notes" document and the migration from Netconnect to Global Protect. Following these manuals I got this error.(T5448) 01/19/12 12:21:10:825 Debug( 392): CPanHTTPSession::PostRequest: WinHttpSendRequest...(T5448) 01/19/12 12:21:10:887 Error(4909): CPanMSService::...

Resolved! Seperate policy for IPSec VPN and SSL VPN?

So I would like to have different policies based upon what device a user comes in from. If they use Globalprotect with HIP checking, they are given a less restrictive policy. Where as if they come from an iphone with ipsec, they are given a more restrictive policy. Both ipsec and SSL are hitting the same GP gateway. I see no way to differentiate...

Possible false positives - ASP.Net Information Leak Vulnerability

Starting on September 4th we've been seeing multiple "ASP.Net Information Leak Vulnerability" warnings in our logs. They are showing as originating from multiple sources within our internal network. Malware scans come up with nothing on these workstations and we haven't made any changes to anything. Is anyone else seeing these?

Resolved! Mac GlobalProtect = Detected another instance

I just setup SSL-VPN access on our PAN-2020s and downloaded the latest Global Protect Bundle that was released on June 20th, 2012 - v. 1.1.5. I logged into the portal in my mac and installed the version for Mac running OS X 10.7.4 (64bit) and once the application was done installing I get a popup that says "An old GlobalProtect instance exists,...

cmateam by L3 Networker
  • 25303 Views
  • 12 replies
  • 0 Likes

Resolved! Captive Portal - identify user with certificate

Hello everybody.I have a question regarding captive portal user identification.As everybody know user like Mac, iPhone, Android are difficult to identify and manage without insert credential in captive portal.For wireless policy in all my company device I've installed a user certificate who grant wireless access. i would like to use it for user ...

  • 24376 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks