This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

Error: failed to handle CUSTOM_UPDATE

HEllo, I am using 5220 series firewall in 2 different DC. versions 9.0.9 and 9.1.6. When I commit on both firewalls, I get a custom_update error. After check now the dynamic updates, I commit again and the problem goes away.Any suggestion,Thank you Kindly,

Resolved! Using HA without a virtual mac possible?

Hello, as the title says: I want to implement an HA active-passive setup on a virtualization platform that doesn't support MAC address changes on the VM side. Therefore, a newly generated virtual MAC is unfortunately not an option. So, is there a way to disable virtual MAC for HA? Thanks Tim

User-ID with OpenLDAP

Hi,I'm looking for a guide or guidelines on how to set-up User Identification with OpenLDAP. I've already set-up User-ID with Active Directory for an other customer but I fail to see how this is doable on a non-Windows machine (no PAN agent).Any help appreciated.Regards,Raphaël

Resolved! Palo Alto 2FA integration with OKTA not showing domain in username

Hello everyone, We have successfully deployed the 2FA authentication for GP Portal and GP Gateway with OKTA SAML. In Okta we have the active directory integration for the user-mapping at the okta instance. The login and 2FA is working fine but when the users log's in, they are displayed at the monitor sometimes with the domain (domain\usern...

Resolved! Internet and internal network sepration via virtual router

Hello, I am new to Palo Alto. I have basic question. Traditional setup I worked on my last project was as below, VRF on cisco router for - Internet -0 bgp - Production - bgp - DMZ - bgp FW connects to all 3 VRF. Route between VRF is via FW. FW harden the access. New project with PA and L2 switch for the same setup. My idea is ...

gondolf by L1 Bithead
  • 3924 Views
  • 4 replies
  • 0 Likes

cluster PA-5020 migrating to PA-1410

Hi Experts, We are migrating from Cluster PA-5020 to PA-1410, I have some queries below if you guys can help me out please. 1. For platform migration(PA-5020 to PA-1410), we can just upload configuration files on the new PA-1410, just recheck physical ports configuration and it will work please confirm. 2. Expedition tools are not necessary in P...

SNMP response on two interfaces? Possible?

I'm configuring NetFlow on our PA-5200. I'm collecting the data in What's Up Gold. WUG has a limitations (it appears) that the NetFlow IP that I use for the IP address also has to be respond via SNMP on the same address. However, the PA-5200 cannot send NetFlow traffic out its MGMT interface so I'm using our inside trusted interface to send Ne...

Resolved! rx-bytes, tx-bytes mean

Hello everyone, I wonder if the meaning of rx-bytes and tx-bytes in the "show system state browser" command represents bps or byte. 'rx-bytes':xxxxxxL, xxxx/s 'tx-bytes':xxxxxxL, xxxx/s Thank you in advance.

Resolved! cannot find matching phase-2 tunnel for received proxy ID

Hello, We have a site to site VPN setup between our PALO ALTO and a firewall of our customer that was allowing one IP. On the ipsec tunnel sec proxy-id allow local (172.18.23.61/32) and remote (172.21.88.191/32) . When we made this the VPN is enabled, but we are seeing the following error from the external site trying to access these IP's. Err...

a.mboukam by L1 Bithead
  • 13602 Views
  • 13 replies
  • 0 Likes

Resolved! GlobalProtect Gateway Behind Nginx Issue

Hello everyone! My environment only has one public IPv4 so I'm trying to make the most of it. We already run a number of web services on port 80/443 behind an Nginx reverse proxy. I'm trying to add GlobalProtect to the mix. I have my portal and gateway running on the same IP. When I forward the ports (80, 443, 4501) the portal seems to work corr...

MeCJay12 by L2 Linker
  • 3945 Views
  • 3 replies
  • 0 Likes

DHCP options and PXE boot

Hi, we have just recently made a change in where we moved clients from one segment to a new one. We are using WDS for PXE boot and the WDS server (MDT 2013) is on a different segment than the clients. The Palo is our DHCP server for clients and we have defined some options in our DHCP scope (option 66 pointing to the WDS server and option 67 poi...

tlea by L2 Linker
  • 45749 Views
  • 40 replies
  • 0 Likes

Global Protect

I have defined a closed VLAN that has no internet access, and it can only communicate over the LAN. In the same LAN, there is a Global Protect portal configured. The clients can ping and access the portal's web page, but the Global Protect application is very slow in connecting to the configured portal and performing user authentication. However...

ODUBIDB by L0 Member
  • 1952 Views
  • 2 replies
  • 0 Likes

static routes for 2 wan links with DHCP dynamic IPs

Hi everyone, I would like to ask for some assistance in my configuration, the palo alto firewall has been so far a pretty frustrating experience, I guess due to my lack of knowledge of Pas i have 2 wan dhcp dynamic ips links I would like to implement some redundancy if 1 link goes down - the second link activates and when the primary goes ...

nevolex by L3 Networker
  • 3280 Views
  • 2 replies
  • 0 Likes

Resolved! What privileges required by service account used by palo alto firewall in LDAP server profile to fetch group information from LDAP server

What privileges required by service account used by palo alto firewall in LDAP server profile to fetch group information from LDAP server for group mapping?Do we need admin privilege ? oris it enough that we need service account only to be a member of the following groupsEvent Log Reader Distributed COM Users Server Operators

perumalj by L2 Linker
  • 12687 Views
  • 3 replies
  • 1 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks