General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2950 Views
  • 2 replies
  • 14 Likes

MFA no longer active/available at all

Hello,

i read the info from april 14th, that mfa is mandatory in the future.

Before, i had mfa enabled with the authenticator app, which worked fine.

Since the information, no mfa at all is active/available on the account.

Access to PA-200 Web GUI is Denied.

When I open up a https://if_of_pa-200

I get access denied message with You dont have authorization to view this page.

I have logged into this firewall many times before but have not for several months now.

I can use putty to get into the console.  I fou

...

Omni918 by L1 Bithead
  • 3762 Views
  • 10 replies
  • 0 Likes

Resolved! VPN proxy ID limitation Error

Is this still an issue and or what models pertain to this?   I see the Pan os version is old on this article, but does anyone know if the limit here still applies?   If it's been increased, what has it been increased to per model?  Appears that aritc

...

Sec101 by L4 Transporter
  • 1886 Views
  • 1 replies
  • 0 Likes

Daul ISP and specific ISP routing

Good Afternoon All

 

I have read the various methods for Dual ISP configuration and they make sense. I could not find one last detail and I was hoping someone here could help.

 

Desired Configuration:

 

ISP 1 = Active for outbound traffic during normal ope

...

Mort2k by L0 Member
  • 1371 Views
  • 1 replies
  • 0 Likes

Resolved! Passing a Circuit Prefix Through Palo Firewall

I'll do my best to put this question into words.

My company owns a /24 Public IP range. I have an engineering department that needs a /29 IP space off of that block for their Lab Environment
I have a Juniper MX104 Router and a Palo 5220 Firewall.

I'm

...

Resolved! how to Revert configuration by cli - pa 200 v 9.0.14

Hi Guys,

 

we have a problem on a HA pair, the secondary firewall is no longer accessible via either GUI or CLI.
We can only connect via console, to restore one of the saved and working configurations, is it necessary to do only these commands?

 

> config

...

Resolved! TLS version for WEB UI

Hi All,

I am trying to check what all TLS version is allowed for firewall web UI .

Is there way we can validate this. ?

 

Thanks .

 

 

S2S VPN 2 VRs not working

Hello,

 

I have an external IP /30 network. I also have another external IP /28.

I have created 2 VRs (with their ZONES).

VR1 is the main router with the /30 IP used for Internet connection.

VR2 is the second router (the one I just created)

I assigned one

...

Pantelis by L1 Bithead
  • 1331 Views
  • 2 replies
  • 0 Likes

Resolved! rename a subinterface

Hello,

I need to know if it's possible to rename a subinterface, I see that is not available this field to be changed, then I need to know how should be the process to do that. thanks!!!!

Agentless user id issue

i am facing user id issue  it's show connected but some time is not show not connected. when i check the USER-ID log i find this error. please suggest.

 

Error: pan_user_id_win_log_query(pan_user_id_win.c:1364): log query for <Server-IP > failed: NTSTA

...

Captive Portal HTTP only landing page?

Hi,

I have set up the CP successfully. 

I see the CP is running on PA redirect IP:6082 with HTTPS.

Is there any way that we can use HTTP only on the CP landing page?

like http://PA_redirect_IP:6082

not https://PA_redirect_IP:6082

We are not using credentia

...

natwong by L0 Member
  • 1473 Views
  • 2 replies
  • 0 Likes

GeoBlock bypass for specific users

Hi All,

We are using GlobalProtect for VPN connection to our internal network along with an on-prem PA Firewall. We want to be able to block traffic from regions we wouldn't normally do business in, but occasionally have the ability to make a USER-BAS

...

jleever by L0 Member
  • 3900 Views
  • 3 replies
  • 0 Likes

Post 10.1.3-h1 issues - source-hip unexpected here

  •  Validation Error:
  • rulebase -> security -> rules -> *** -> source-hip unexpected here
  • rulebase -> security -> rules is invalid
  • Commit failed

 Do any of you have come across this error post upgrade of Panorama 10.1.3-h1? Not having issues on other

...

SKS7 by L1 Bithead
  • 7804 Views
  • 6 replies
  • 2 Likes
  • 24033 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors