This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4117 Views
  • 0 replies
  • 0 Likes

Secondary interface on same subnet creates overlapping subnet commit failure

Hello all, I currently have a case open with support on this issue. But I am looking for some customer feedback. We presently have *two routes* and two separate firewalls. 10.0.44.1/22 on my Palo Alto, and 10.0.45.1/22 on a legacy Cisco L3 router. The Cisco has been stripped down and only really serves as a default route to a end of life firew...

Inter Vsys Routing

Can someone give me some advice please. In the attached diagram is a scenario I have where I need to get traffic logs from Virtual Firewall B across to Virtual Firewall A an up to the SIEM at the x.x.x.x address. I have made the virtual systems visible to each and added a route to x.x.x.x on virtual router B to go via virtual router A to get to ...

Global Protect certificate auth user/device information

Currently we have a GP vpn setup for our mobile devices. We have are doing certificate based authentication, certificate is pushed out through an MDM. Basically if your device has this cert, your device connects. Is there a way to capture or pass through connected user information, for example username, email, etc.? Right now when looking at...

Doubt with Subordinate-CA Cert in PA firewall

Doubt with Subordinate-CA Cert in PA firewall Good evening, for issues related to for example decrypt as we need a certificate type CA, we can generate a certificate Subordinate-Ca from for example our CA server enterprise windows, import in our Palo Alto Firewall and as customers trust it, it would be transparent for issues such as the use of...

Metgatz by L4 Transporter
  • 3207 Views
  • 1 replies
  • 0 Likes

twistlock.sh onebox failure

The following warnings are reported when executing "twistlock.sh -s onebox" WARNING: You're not using the default seccomp profileWARNING: IPv4 forwarding is disabledWARNING: bridge-nf-call-iptables is disabledWARNING: bridge-nf-call-ip6tables is disabledInitializing Twistlock environment.Installing Twistlock Console (localhost).WARNING: You're n...

IP Geolocation with Anycast IP addresses

Hi there, I am wondering how geolocation is working with IP addresses where anycast is used. Anycast addresses are shared by multiple server, typically with different locations. How is such an address assigned to a particular country/region in the Geolocation DB? Does anybody know? Thanks, Sylvia

Sylvia2 by L2 Linker
  • 3963 Views
  • 2 replies
  • 0 Likes

Proxy IDs, NAT and IPSec VPNs

Hello, When using IPSec Tunnels with Proxy IDs with NAT to hide source traffic, should the Proxy IDs be set to the Hide NAT IPs and destinations or the original source and destinations? Thanks & regards

How to find IP address of user connecting to GlobalProtect VPN

Hi, can someone tell me how to find the home IP address of a user who has connected to GlobalProtect? I want to be able to audit GlobalProtect connections to ensure that they are coming from the actual home network of the user rather than from the IP address of an attacker. Thanks

FelixO by L0 Member
  • 16012 Views
  • 1 replies
  • 0 Likes

Can't log into Panorama after changing to Panorama Mode

Our Panorama VM was operating in legacy mode due to under provisioning when it was deployed. I recently had its resources increased to the Panorama Mode minimums and activated Panorama mode using "request system system-mode panorama". Everything seemed fine and Panorama rebooted.' It came back up after 10-15 minutes, but I have not been able t...

After fresh install 10.1.6 dns wont work Panorama

Hi guys,did anybody get the same issue like me. After a fresh install of Panorama 10.1.6, dns wont work. I troubleshoot this for a while and find out that panorama not even yet request the dns. I read the Adressed/Known issue couple times but never found related to this issue? how it can be prefered ? If something that basic is not working ?Kind...

API query from panorama to get IPsec tunnel data

API query from panorama to get IPsec tunnel datatried the following queries:http(s)://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=<generated-key>https://IP//restapi/v10.0/Network/IPSecTunnelshttps://IP/api/?type=o...

DNS Resolution stops after ~10s after connecting with GlobalProtect

Hello...Many of my end users are now reporting that after approximately 10 minutes of logging to VPN using the GlobalProtect client they lose DHS resolution to internal and external resources. For example, when this happens. Users cannot access or even ping a server, by either its FQDN or by IP number. In addition, users also report they cannot ...

aimsnss by L1 Bithead
  • 15409 Views
  • 11 replies
  • 4 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks