This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! IPSec Authentication with IOS 5.0 or Shrew Soft VPN (XAuth)

I can complete phase 1 but then the tunnel terminates without a message witch would help me to find the problem.2011-11-09 13:20:51 [PROTO_NOTIFY]: ====> PHASE-1 NEGOTIATION STARTED AS RESPONDER, AGGRESSIVE MODE <========> Initiated SA: 77.73.243.180[500]-178.83.248.50[55010] cookie:f170f45f0119ad13:b32d0b9e1e6e49e7 <====2011-11-09 1...

cmet by L0 Member
  • 13705 Views
  • 19 replies
  • 0 Likes

Resolved! GlobalProtect Agent, PostRequest failed with error code 12007

Hi, my customer can't access vpn, the agent log show that there's an error "PostRequest failed with error code 12007"It happens with some users, but my PC and VMware can access it so this should not be configuration error on firewall device.then I go Wireshark on the client seeing no traffic destine for the IP of SSL VPN Portal and Gateway. so i...

PA 200 Device

I am trying to create L3 subinterfaces on a PA200. I get through the whole process (create subinterfaces (untagged), create zones, policies, etc, etc)I can ping new L3 interface from devices on the new L3 subnet, but that is it. Is this a PA200 device limitation?

snormoyle by Not applicable
  • 2039 Views
  • 1 replies
  • 0 Likes

IPv6 to IPv4

Hi,Can we do IPv6 to IPv4 mapping in Palo Alto? Let's say I have a public IPv6 and I want to map it to my IPv4 internal servers for NAT purposes.Thanks,Rex

DNS Proxy Functionality does not work

Hi all,i want to use the dns-proxy functionality of the palo alto to do the following:Software Versiob 4.0./ here.1. Proxy dns request for guests2. Reply to 2 speciel reverse lookups with names which i configure on the palo altoWhat i did already:-> Enabled DNS Proxy-> Entered the primary and secondary DNS Server in the proxy dns seetup-&g...

cfpa by L1 Bithead
  • 2185 Views
  • 1 replies
  • 0 Likes

custom report - vpn users activity

HelloIm looking for solution how to create custom report that shows activity of VPN users (authenticated in local database). In this report I need time of connection/disconnection IP login name and status (success or false) of connection.I spend a lot of time trying to create my own report but without success.Help me pleaseWith regardsSLawek

_slv_ by L4 Transporter
  • 2885 Views
  • 2 replies
  • 0 Likes

Wildfire Malware Domain & Palo-Alto Malware Domain Do Not Agree

Has anyone who has been using Wildfire encountered a case where a piece of Malware identified via the WF assessment has had the following in the summary:"Malware came from a malware domain"where the applicable URL category returned by Palo (Brightcloud online URL lookup) does not recognise it as a malware hosting domain?I assume that the differe...

apackard by L4 Transporter
  • 1874 Views
  • 1 replies
  • 0 Likes

Vwire NAT

I am trying to setup NAT with vwire. According to Palo Alto this is possible with PAN OS 4.1 and I am on PAN OS 4.1.6. I have setup NAT with L3 on the PAN devices so I have an idea on how to do this setup. When I setup NAT policy on the PAN device with vwire I see the traffic in the monitoring tab getting NATT'ed but I still cannot browse the...

snormoyle by Not applicable
  • 2966 Views
  • 3 replies
  • 0 Likes

Using Purchased Certificate for SSL-VPN Portal/Gateway

We have our GP portal/gateway externally facing. We’ve designated a host name for people to access the portal so they don’t have to remember the IP address - from both Untrust and Trust Networks. Currently the portal throws a certificate warning in it's setup. I purchased a certificate from a public CA for that host name, and uploaded the cert, ...

cmateam by L3 Networker
  • 3520 Views
  • 2 replies
  • 0 Likes

Active-Active or Active-Passive

Currently, we have two PA 2050s each hooked into a Brocade FCX switch, which are stacked together. We cando a heartbeat connection over our datacenter's switch, so if one of our drops fails, it will failover. However, reading through the configuration guide it seems like the 2050 does not support link aggregation, and I had planned on using it s...

lorr by Not applicable
  • 5602 Views
  • 1 replies
  • 1 Likes

Hide Public IPs

I've been getting a lot of traffic from 'unfriendly' countries trying to gain access to a service we provide via one of our NAT'ed public ip address. I know for a fact they have no business connecting to that service. Is there a setting on the Palo Alto to hide my Public ip addresses? In that same vain, can I also hide what ports/protocols I hav...

mark1ped by Not applicable
  • 3303 Views
  • 1 replies
  • 0 Likes

Resolved! IPSec VPN tunnel no longer working

Hello guysWe have a few VPN tunnels between our PA-2050 (in HA cluster) and some WatchGuard firewalls (different models). We migrated these tunnels to the PA-2050 a few weeks ago and they ran stable. Now suddenly two of 10 tunnels are down and we don't get them back up. Here's what we tried so far:- Rebooting the WatchGuard firewalls- Suspending...

oschuler by L4 Transporter
  • 20489 Views
  • 18 replies
  • 0 Likes

Resolved! Internal route problem

Had a question about internal routing.We have eth port assigned to a trust network which is a 192.168 network. We also have a Avaya VoIP PBX that is vLan'd on this network and the routing is managed on an internal core switch to access this network. In our single virtual router I have a route for the 192.168.0.00/16 with next hop to the Gatewa...

cmateam by L3 Networker
  • 5051 Views
  • 3 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks