General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

GlobalProtect icon disappears from taskbar in Windows 10?

We're having a problem with GP 4.0.6 and 4.1.1 clients on Windows 10 where the icon dissapears from the task bar. It doesn't happen all the time, but when it does it causes a fair amount of user frustration. With the 4.0.6 client, I could search for global protect and bring up the connect window. With 4.1.1, I have to kill the the GlobalProtect ...

uvdes by L2 Linker
  • 23035 Views
  • 6 replies
  • 0 Likes

Resolved! How to determine if high dataplane is an issue

Our Data plane CPU usage is constantly on or above 90%. We have a PA PA-3020. PANOS 9.1.6 It is usually High only during business hours and after hours it is back to normal.It has not affected the firewall performance and any traffic yet.However we are worried what could be causing it and how can we optimize it.We have followed this KB article...

Resolved! API or cli Request App-id in which App Group?

Is there a way to see which application is in which app group using the API or CLI? I can do a config-output-format set and then show the entire config- but that isn't efficient. Without using the GUI, is there a good way to see what app-ids are in a group if you know the name of the group?

Sec101 by L4 Transporter
  • 5946 Views
  • 5 replies
  • 0 Likes

Management interface routing

I'm working on isolating the management interface onto its own network. The firewall will be the router for this traffic and the network switch it connects to will be L2 only. If my management IP is 10.10.20.10/24 and the gateway is 10.10.20.1 where do I configure the gateway address 10.10.20.1 on the firewall? Is this created as part of the man...

Phase 2 tunnel status

Please excuse me as I am still learning and am relatively inexperienced. I assume the phase 2 status can be red for following reasons (assuming IKE phase 1 is all correct and working) Authentication, Encryption, DH settings being incorrect/mismatched or lifetime expiring. Are there any other reasons it would be red perhaps to do with remote or l...

ipsec tunnel status.jpg

FW in Palo IP changed

Hello -I have an HA pair of palo's that were added to Panorama. The management IP for each of those palo's has changed and are now showing in a disconnected state. How can I correct this? Thanks in advance.

require admin users being member of LDAP groups

HelloWe are using LDAP for authentication of the admin users (for Panorama as well as the firewall nodes).Is it possible to adjust this, enforcing the user being a member of a specific AD group?Last info found was regarding PAN-OS 8.1 (https://live.paloaltonetworks.com/t5/general-topics/add-ldap-group-as-administrator/td-p/260754). Here the outc...

Setup VPN Global Protect DynDNS

Setup VPN Global Protect DynDNS Dear community:Good afternoon, is it feasible to be able to configure VPN access with Global Protect, on a Palo Alto with the following scenario:Palo Alto with:-Public IP Dynamically ( DHCP )-Firewall configured with the DynDNS service.-FQDN provided by DynDNS ( vpnaccessgprotect.dynalias.net ) Please confirm if t...

Metgatz by L4 Transporter
  • 4820 Views
  • 4 replies
  • 0 Likes

wildcard fqdn for destination in security policy. FQDN for  abc*.def.com

Team , I have a question about something that I guess is not possible to configure but will like to confirm if possible . My client want to allow Internal NW 10.0.0.0/8 to FQDN abc1.def.com port HTTPS , this is normal and I have a few of this rules already implemented. Now the question is , is possible to create a FQDN for abc*.def.com?, a wil...

Resolved! Captive Portal w/2FA in Azure

Hi All -Hopefully I make this clear. What I'm looking to do is set up Captive Portal with a push notification in Azure AD. I can't seem to find any documentation around this, can someone give me the general steps or point me to existing documentation? Thanks in advance.

Specific Action change on Individual Signature

Hi Experts,We've configured a Vulnerability profile with the Action of Default. For the Windows Print night mare vulnerability (Version ID: 8424, signature ID:91333) and the CVE ID: CVE-2021-1675 I see the default action is marked as 'Alert' which will allow the traffic.I am trying to change the action of an specific Vulnerability signature from...

URL filtering

I have one query it is necessary to add a URL Category to add in URL Filtering Profile or I can add a separate URL category in the Security policy without adding any URL filtering Profile.for example, I Create a URL Category name test which having some testing site then after I create a Policy to LAN (INSIDE) to WAN (OUTSIDE) add some users and ...

Web Activity Monitoring for BYOD School

Hello All... We are looking for a solution for a medium sized private school (k -12) to track users web activity. We'd want to be able to go back a week or so..nothing crazy. But would love to be able to get a report on a site\url and see what user visited that site and when. And of course, vice versa-- seek out a particular user and see what ...

Bind 2 separate IPSEC tunnels to separate ISPs

I am trying to setup a separate IPSEC tunnel to a new ISP while keeping the rest on the old ISP. I am doing this as a test. My issue is lack of connection. The message I get from the logs is that it try's the connection then I get another saying its deleting possible stale. Is there something I am missing? Both the IKE and Crypto are setup...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels