This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4250 Views
  • 0 replies
  • 0 Likes

Resolved! Best practice for committing changes in active-passive HA?

When making policy changes in an active-passive HA pair, do you usually edit and commit the policy using the active device, or the passive? I have always made my changes on the active device, but lately I've been thinking that because the management CPU usage on the passive device is much lower, it might be faster running the commit there. I c...

IPS \ Application Signature

Hi allI need to write ips / application signature to recognize sender and recipient in SMTPfor example:If smtp sender A send mail to recipent B - Allow.If smtp sender A send mail to recipent C - BlockI will be happy if anyone know how to do it.Alon

along by Not applicable
  • 2469 Views
  • 2 replies
  • 0 Likes

GP VPN dual factor auth, and contractor access.

I have two questions regarding the Global Protect Gateway / Portal (SAN the GP Licensing)- I am wanting to setup two factor authentication for users to authenticate to Global Protect Gateway/Portal with a (common) client certificate installed on their machine that our IT department installs. I currently have just AD authentication integrated but...

cmateam by L3 Networker
  • 4199 Views
  • 1 replies
  • 0 Likes

Chrome Updater not working if EXE is blocked / application not recognized

Hi,in one customer setup we face the following problem: We disabled EXE file downloading. In order do allow services to update we use an application filter with subcategory update and allow that traffic. Works like a charm for google-update, ms-update etc. However today I noticed tons of blocks from xxxxxx_Chrome_updater.exe (xxxxx being date, v...

Resolved! Commit issue - Error updating NAT IP pools

After updating Policy and Nat Rules, I got the follow commit errors:- Error: Error: Error updating NAT IP pools- Error: response from cfgpush.s1.dp1.comm.cfg-dp: Error updating NAT IP poolsThis error still occurs if i disable (or even delete) the newly added rules. Since i did a commit ~10min before, i am sure, i didn't changed anything else.So,...

User_333 by L2 Linker
  • 2701 Views
  • 1 replies
  • 0 Likes

Resolved! Globalprotect iexplorer 9 Proxy

Hi All,i've a globalprotect vpn to connect to office, when i'm at customer site. I use a macbook pro and vpn works well, on the other pc, a Dell with windows 7, the vpn works fine if i connect in thetering from my mobile phone, but if i try to connect over customer proxy i see up and down continuosly and the vpn doesn't work. i've also checked t...

fcellini by Not applicable
  • 2746 Views
  • 1 replies
  • 0 Likes

GlobalProtect behind proxy

GlobalProtect is using SSL and IPSec. Is GlobalProtect proxy aware? Ie. if GlobalProtect client is located on a network that dictates the use of a http/https proxy to get internet access?BR,Nicolai

snaft by Not applicable
  • 4681 Views
  • 4 replies
  • 0 Likes

L2 Networking - some help needed

HiI just started with PA and try to get my head around the "slightly" different concept of how my PA50 does things.I have currently the following "playground":my PA500 sits between the two switches.There is a Router running on the VMWare Machine which has one interface in VLAN1 (untagged) and one in VLAN2 (tagged). This router is the default gat...

u13550 by L3 Networker
  • 3649 Views
  • 4 replies
  • 0 Likes

Combine two methods for the authentication GlobalProtect Client

Hello,I want to know if it's possible to use two factor for a succeed authentication with GlobalProtect Client. I explain it.In the configuration of GlobalProtect Client, you can define two method for the authentication of the clients (portals and gateways are the same configuration):- Authentication Profile: you can define LDAP, Radius, local d...

arnaud_b by Not applicable
  • 3573 Views
  • 2 replies
  • 0 Likes

Resolved! IP - User mapping has stopped working

Hi all,I'm having a IP-user mapping problem with my PA-500 unit running software version 3.1.8.This unit is due to be upgraded shortly, but it would really be appreciated if anybody knew a way of resolving my issue without rebooting the unit please. Downtime is difficult.User Identification Agent is installed on a Windows machine and is able to...

DavePalo by L4 Transporter
  • 4852 Views
  • 4 replies
  • 0 Likes

TS-Agent problem

Hi,we ve got a problem with the TS Agent on out terminalserver. After some time the TS Agent doesnt submit new users to the PA Device or the users submitted have a form error. Nomally the syntax is domain\username, but when the error occurs all submitted users have the syntax domain\domain (look at the logs below). Prior to this we can see some ...

Resolved! Selective Access to Facebook and Twitter

What's the best way to configure selective access to Facebook and Twitter (where some users have full access, while everyone else has no access). The sources will be identified by IP address for right now (usernames later when I get to that).So far, all my attempts using combinations of App-ID and URL Filtering Profiles have failed. I think th...

PSC_IT by L1 Bithead
  • 14048 Views
  • 12 replies
  • 1 Likes

Resolved! Management CPU ends up stuck on 100% after several commits

Hi,we are on a 2050 4.1.2 and are seeing consistenly that the management CPU heads towards and gets stuck on 100% after a series of commits, re-boot is only way to fix.Is there a way to deal with this without a re-boot as this drops all sessions for 8 minutes whilst it does it?ThanksKind regardsHoward

  • 24360 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks