General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

JayGolf_0-1691518400714.jpeg
JayGolf by Community Team Member
  • 2954 Views
  • 2 replies
  • 14 Likes

Resolved! Global Protect DHCP Pool utilisation

Hiho,

 

I´d like to know how to see how much ipv4 adresses of the pool are in use or free so I need to know when to enlarge the pool.

That dhcp redirect doesn´t work I unfortunately recognized while searching the forum regarding dhcp and gp.

We are using

...

Read-Only Superuser by Security Zone

Hello, I hope everyone is staying healthy.

 

I work at a company that provides ISP services to public schools, each school district is divided in to separate security zones on our Palo and I am trying to see if a read-only user can be created that is a

...

Resolved! IPSec VPN restarts very often

Hallo,

I have defined a IPSec VPN connection with following params:

ike: 3des/sha1/dh5 Lifetime: 8 hours

ipsec: ESP/3des/sha1/dh5 Lifetime: 30 minutes (life size not set, shows 0MB)

ike gateway: main mode, DP enabled

The connection is established but in s

...

Access Denied on doc links within Live Community

Maybe it's because I'm new here. BUT, every doc link I click on via a post in the Live Community gives me an 'Access Denied. You do not have sufficient privileges for this resource or its parent to perform this action. Click your browser's Back butto

...

DCas by L0 Member
  • 2766 Views
  • 2 replies
  • 0 Likes

Detect ipsec vpn tunnel down with remote palo alto peer

 

 PA5020/PAN-OS 7.1.10

 

 I am trying to develop a NAGIOS check to get an alert , when a vpn tunnel between PA's at different locations

is down. So far I have been looking at the ifup-status of the corresponding tunnel interface at the local firewall. I

...

Unable to connect to pool.ntp.org

Hi

I have a problem with the NTP sync. When i make a "show ntp"

 

NTP state:
NTP not synched, using local clock
NTP server: asia.pool.ntp.org
status: rejected
reachable: no
authentication-type: none
NTP server: pool.ntp.org
status: rejected
reachable: no
authent

...

shared folder in clientless VPN

Dears,

 

Is it possible to configure the shared folder in clientless VPN?

Example:- I have one file server and i want to give access to users via clientless VPN. please share any documents for configuration.

Minemeld client cert error

I am trying to use Minemeld for indicator sharing and am receiving and error that says "client cert required and not set, polling closed". Where and how do I upload the cert? Do I have to insert it somewhere in the config? Any help would be appreciat

...

Resolved! Active Active BGP AS Number

Have a Active/Active spit data center solution and question has been brought up if it is possible to use different AS numbers on each of the Palo's. My thinking is why have Active/Active, just use each Palo as a separate individual firewall at each D

...

syslog-ng 3.5.4.1 failure on boot

Hi, We have integrated syslog-ng 3.5.4.1 on a client machine which sends logs to server which is running syslog-ng 3.16.1, some times, I see below error at the boot up of our target

syslog-ng[1762]: Error opening control socket, bind() failed; socket=

...

User100 by L0 Member
  • 1847 Views
  • 1 replies
  • 0 Likes

Resolved! SSL Decrypt does NOT work with TLS 1.1 or TLS 1.2

Hello,

I'm running a cluster of PA (4.0.8) with SSL Decryption configured.

SSL Decryption is not able to decrypt SSL traffic if the HTTPS session is using TLS 1.1 or TLS 1.2.

Test with www.gmail.com   

Chrome : OK (see gmail application in the traffic l

...

licenselu by L4 Transporter
  • 13778 Views
  • 21 replies
  • 0 Likes
  • 24035 Posts
  • 99 Subscriptions
Top Solution Authors
Top Liked Authors