General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Disable Local Account when NAC is reachable

Is there a way to disable the local account when an external authentication method is reachable? Only being able to log into the local account if it cant reach the external authentication server?

Claw4609 by L5 Sessionator
  • 2571 Views
  • 1 replies
  • 0 Likes

I'm having a problem with PXE Boot.

We are having issues with our new Palo Alto 2050. We are using a DHCP server in 2050 with a PXE to iSCSI system. Use another firewall/router with the built-in DHCP server - the system works fine.

Premium Support client but password reset links don’t work and can’t open a case

Tried calling TAC and they refuse to open a case. I can’t access support portal as the admin for my accounts so I reset my password. Links I receive by email to reset password don’t work. Other person in my org has same problem with their account. I set up this account to access live community from my phone but using Chrome on Win 10 I can’...

rburke1 by L0 Member
  • 2443 Views
  • 2 replies
  • 0 Likes

HA2 Question

If HA1 is going through switches, can HSCI still be used or should HA2 be used? The firewalls are racked next to each other.

AWS S2S VPNs not re-establishing?

Having issues with a fair amount of AWS VPN tunnels that will go down due to path or ISP issues but they don't come back up unless I manually bounce them on the PAN side. Configuration is standard with DPD set to 10/2 and using PBF monitoring the far ends of the tunnels. So I will see the tunnels go down and they show down in AWS but they DO ...

drewdown by L4 Transporter
  • 3205 Views
  • 1 replies
  • 0 Likes

Resolved! Dual PA220 Active-Active with Active-Active Service Provider Links and GP Autofailover

Hello Family, I have a pair of PA220 in Active/Standby mode, I know datasheet of PA220 is as below: Firewall throughput (HTTP/appmix)* 545/535 Mbps Threat Prevention throughput (HTTP/appmix)† 265/320 Mbps IPsec VPN throughput‡ 550 Mbps Max sessions 64,000 New sessions per second§ 4,200 I already have a 250Mbps service provider internet lin...

Resolved! NATing down an IPsec tunnel

I've got a PA-850 with fairly typical many-to-one NAT outbound to the internet, and some IPsec tunnels. Due to one partner that I'm connecting to with IPsec using 10.0.0.0/8 on their network (don't ask), I need to NAT my 10.28.1.0/24 subnet to 172.28.1.0/24 going to/from their end. I've got a working tunnel for two other subnets (a 172.19.x.x an...

Resolved! UserID agents tab in version 10

Hi, I was checking the useridagents in the typical site (DEVICE-USERID->AGENTS) in version 10 and i can not find this tab. how to configure a new userid agents in version 10 and later?

BigPalo by L4 Transporter
  • 2669 Views
  • 1 replies
  • 0 Likes

Resolved! Access errors while adding firewall to panorama

Hi everyone, When we add our firewall to panorama, we faced with some issues. Access problems occurred due to LDAP profile password and PSK in IPsec tunnels. We had to back to our old configuration and delete firewall from panorama. As we know there are major difference on their versions but all goes by book. I will mention the versions below. A...

Certification badges from Credly?

Hello everybody, perhaps this is a silly question, but... This morning I received a bunch of emails from "[email protected]" saying that I've earned some badges from Palo Alto Networks. Inside the messages I can find links to "accept" my PCNSE, PCNSA, PSE, etc. badges. The strange thing here is that I got my PCNSE and PCNSA certifications ear...

grenzi by L3 Networker
  • 4543 Views
  • 1 replies
  • 0 Likes

User Group limits on firewall

Hello, Recently I got error below on PA 850 device(8.1.13)-User Group count of 1098 exceeds threshold of 1000 The log is straight forward, number of group is exceeding the limit, but I have some question. 1. I have one more device,PA-3220, which look same LDAP for group mapping(same configuration).I found article about this and it says FW has li...

yhlee1 by L2 Linker
  • 9640 Views
  • 2 replies
  • 0 Likes

GlobalProtect Split-Tunnel - Some Clients get Invalid Address Errors to Excluded Domains

We've published GlobalProtect 5.0.5 I added some Exclude Domains and Applications to our Gateway's Split-Tunnel configuration over the weekend. Afterwards, about 5-10% of our VPN clients can not access these domains at all while on VPN. The domains work fine when disconnected. We've had reports of problems with Mac and Windows, but all of my ...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels