This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4227 Views
  • 0 replies
  • 0 Likes

Resolved! Multicast issue

AE1.1 is the static RP(10.1.1.1/24) and ae1.1 has 10.1.1.1/24 assigned to it. All the 10.0.0.0/8 routes are served by this sub interface and RP configured on switch is 10.1.1.1AE1.2 hosts the mcast server and AE1.2 has gateway of 172.16.0.1/24.Multicast clients in 10.5.0.0/24 are able to join MCAST streamed on 172.16.0.20 AE1.3 connects to a sep...

multicast.png
raji_toor by L4 Transporter
  • 3530 Views
  • 1 replies
  • 0 Likes

Resolved! Static Bi-Directional NAT translation

Hi, Is it possible to have 2 static bi-directional NAT rules configured for the same public IP address e.g. mapping one public IP address to 2 internal servers using the below linked config? https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/configure-nat/enable-bi-directional-address-translation-for-your-public-facing-serv...

Ben-Price by L4 Transporter
  • 3494 Views
  • 2 replies
  • 0 Likes

Internal host detection not Working

I have an external Gateway and I wish to setup always-on except when on local LAN. As a test i am doing this on my own username but it seems to always want to connect to external GW regardless of my settings. I have turned on Internal Host detection and this is returning "0" in the PanGPS logs so i would assume then it would realise i was intern...

welly_59 by L3 Networker
  • 12249 Views
  • 11 replies
  • 0 Likes

LDAP authentication does not work for Global Protect Clients

Hello, We have got a working LDAP server profile. We have made sure user 'test' is listed on the group mapping. Steps: a) Setup group-mapping under Device->User Identification->Group Mapping Settings. Under 'Group Include List' pick a specific cn.b) Device->Authentication Profile. Add a new profile and add the same cn under allowed list...

Farzana by L4 Transporter
  • 11370 Views
  • 9 replies
  • 0 Likes

User-Mapping Server Monitoring

Hi All, Wanted to know the Best Practice for the User-Mapping with Server Monitoring, we have a few Firewall Sites which utilize the server monitoring feature whereas the vast majority others do not and use only windows User-ID agents for probing and mapping. Need to know if enabling server monitoring is the best practice to gather all the IP-us...

Dear Palo Alto Networks:

Your firewalls are generally okay.But, the fact that you cannot get an interface bandwidth graph without configuring some QoS hack to only show an ingress interface traffic graph is stupid.Every firewall vendor in the world has this feature. Except you.Please fix this idiocy.

Path monitored static route not removed from BGP RIB out table when path monitor dest. IP unreachable.

Hi, I have an issue where a Static route that is being path monitored and redistributed into BGP, is not removed from the BGP RIB out table when the monitored path is unreachable. The static route is still populated in the Palo Alto BGP rib out table and is also populated in the BGP peer route table. Any ideas as to what may cause such an issue?

Ben-Price by L4 Transporter
  • 5401 Views
  • 5 replies
  • 0 Likes

getting traffic after the interface is down

Hey guys hope you doing well I got a question I get a challenge one of my user getting traffic logs of NetBIOS by source Pvt IP from LAN to WAN the device from the source side is down the 2 Pvt IP still hitting the cleanup rule. The Policy is denied by the firewall but why do the traffic logs show the two source IP which is down from that side. ...

Resolved! global protect remote vpn unable to reach internal network?

im having big problem , after my remote vpn connects i cannot reach my internal network even though my core switch is directly connected to palo alto , i checked i set the access range for the vpn for 0.0.0.0/0 and i set a security rule from vpn zone to inside zone , also i can ping the inside interface on the firewall itself but not the directl...

chuckles by L2 Linker
  • 24952 Views
  • 5 replies
  • 0 Likes

Disable new apps in content update

Hi Experts, We've a pair of firewalls (9.1.6) managed by the Panorama (9.1.6). We've Threat prevention license in place and client would like to install just the threats and not the apps by selecting disable the new apps in content update.As recommended by the TAC, we've downloaded the latest version and when installing the new version, we selec...

TAC support has gone missing, again :-(

Opened a S2 TAC case @7pm ET 07/21/2021. The SLA response time is 2 hours. TAC didn't get back to me until 5:43am ET 07/22/2021. The response from TAC is very vanilla, not helpful at all. Call back to TAC this morning has been waiting for an hour and had to give up. Awful....

dtran by L4 Transporter
  • 3835 Views
  • 4 replies
  • 0 Likes

Resolved! Destination NAT Error

Hello All, Doing an destination Nat but getting below Error. Could anyone please help me. Also pls find below my nat rule Please note : Ethernet 1/1 is my Outside Interface

vishal_07_2-1627031851196.png
vishal_07_3-1627032032760.png
vishal_07_4-1627032054212.png

Exception Handling in Palo Alto Support Page 7/22/2021

Hello Palo Alto Team, I would like to bring this up with you. I noticed that your support page went down today 7/22/2021 and that is fine. What worries me is the way your system handles exception. I think you are exposing to much that end user like myself has no business reading. 1. No connection could be made because the target machine actively...

NAT SDWAN

Hello,My Name is Dwi. I have case with SD-WAN configuration.I have 2 ISP DIA provider, and i want to combine 2 ISP provider in to single logical SD-WAN for Load Balancing Internet Traffic.the Palo Alto device is under NAT, please help me to configure NAT in SD-WAN ? thanks very much.

dwinur by L0 Member
  • 4684 Views
  • 3 replies
  • 0 Likes

Using GlobalProtect , ExpressVPN and Remote desktop

Dear All, I am pondering following scenarios: 1- I connect to Server "S" using GlobalProtect on my Computer "A". Now Assume i do not have access to computer "A" physically because i have moved to another city. I want to access computer "A" from another computer "B" using remote desktop sharing. My question is the connection between "A" and "B" g...

shaukafa by L0 Member
  • 4473 Views
  • 1 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks