General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

Happening in June: The Complete Zero Trust Network Security Event

Greetings everyone, Don't miss Palo Alto Networks' Complete Zero Trust Network Security event coming up in June. This event will cover the following points related to the newly unveiled Zero Trust Network Security: Secure access to the right applicat...

jdelio by Community Team Member
  • 1 replies

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 41 replies

Browser not prompting/selecting client cert for GP portal

Does anyone know exactly what is needed for browser to either select or prompt for client certificae when connecting to GP portal?I know you need a client sert in personal user store and certificate profile on GP portal. But still i find the behaviou...

santonic by L5 Sessionator
  • 2 replies

Resolved! how to whitelist an URL with a wildcard in the name ?

I'v got a question about whilesiting URL's I want to whitlist the following URL, github-production-user-asset-*, it's only possible to use a wildcard to replace full hostname spaces of the URL ( like * ) how do I...

DaxVC by L2 Linker
  • 1 replies

Log forwarding to Panorama

Hi, I have some problems with log forwarding from firewall to Panorama because it is consuming a lot of bandwidth. I have configured the firewall to buffer the logs before foward them to Panorama. I would like to know the following:* When log forward...

Agentless vs Agent based User-ID

Hello, We have 500 users on site and currently using Agentless User-ID with PANOS 7.1.7 We are thinking of scaling up to Agent based. Can someone please guide me to a link/article that discusses the Pros and Cons of both? What are the common issues o...

Farzana by L4 Transporter
  • 5 replies

How security policy - intrazone works?

Trying to use a Security policy with type intrazone and action is Deny (any application & service).Target is to block all communication within the same zone (subnet). Such as ping, file share (smb), ftp, etc.The layer3 interface and the computers wer...

jeremylo by L2 Linker
  • 5 replies

Issue Static Source NAT

Hi Expert , I have some issue about Static NAT due to I have secondary public ip on the same interface such as on ethernet 1/3 have and and config nat bi-direction such as source trust > to untrust and Sour...

Firewall rules - strange suggesttion

Hi I gave a rule that allows snmp-trap messages to my SNMPD server. for some reason PA complains that SNMP-TRAP needs SNMP-BASE. Now if I add in SNMP-BASE this is going to open up port 161 where as trap uses 162. So why do i need SNMP-BASE

HA Active/Active and VPN

Hello, We have a scenario where a customer wants to deploy two PA3250s in two different locations which will be an Active/Active cluster. There will be a layer 2 link between the two sites and also customer wants a VPN as a backup if the layer 2 link...

sajidsil by L0 Member
  • 3 replies

LDAP interval

Hi,I have a question in reference to the LDAP interval time. Specifically what my goal is I want to be able to let the firewall know about my AD group membership changes quicker. For example if I have a specific AD group that is configured on the fw ...

Captive Portal Redirect Page

Hello all, I am having a bit of an issue with getting captive portal to work the way I need it to. I have it setup and my Macbook was able to redirect to the correct page, I was able to successfully login, and then browse the web without issues. The ...

Resolved! Meaning of different Interface states

I have scourred everywhere...... What are the differences between the interface states? I can't find anything anywhere!! ukn/ukn/down(power-down)disabled/downforced/uknforced/down If there are others I have missed, I'd love to be enlightened.

Resolved! URL Category and URL Profile in same Rule

We have a default URL Filtering Profile that we use for general use. The default URL Filtering Profile has a couple dozen URL Categories which are set to alert. I need to allow EXEs from only five of the URL categories. If I add the five URL Categori...