This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4228 Views
  • 0 replies
  • 0 Likes

link aggregation in a switched LAN environment.

Dear paloatonetwork live community I have the following question related the above topic what are the operation of link aggregation in a switched LAN environment. what are the Ether Channel technology will be used to create link aggregation. what are the Verification and troubleshoot commands to be used link aggregation switched LAN environment...

thought by L0 Member
  • 2161 Views
  • 1 replies
  • 0 Likes

Resolved! can I have multiple Def gateway IPs on single L3 interface?

I have a Layer3 interface on the firewall that is connected to a zone that hosts multiple subnets spread across the remote sites. I would like the firewall to block the intra-zone traffic in this. To do this, I will need to give the Firewall IP as the Def gateway. For e.g. Site A has 192.168.2.0/24 & site B has 192.168.4.0/24 , can I assign ...

Log Forwarding - are changes disruptive to PAN firewalls?

Hi Gang, We need to update our log forwarding to now include Syslog. Previously they were only uploading to Panorama. It was also previously shared but we will need to make it device group specific now as we have local syslog servers for local sites. I can't seem to see it on any documentation or simply overlooked it, apologies if so but... do c...

Ransomware Prevention / Detection / Response Resources

There are many articles, guides, and resources available across various Palo Alto Networks properties to guide users on how to best protect their organizations from ransomware. After spending some time to find many of them, I thought I would share with everyone. High level from what I could find there were a few high level recommendations from r...

KPawlak by L1 Bithead
  • 7341 Views
  • 2 replies
  • 2 Likes

Resolved! IPSec VPN with overlapping networks

To begin with I know the document Configuring IPSec VPN between overlapping networks.Due to my lack of experience still I am not able to understand how I should create the NAT rules.My objective is to configure the IPSec tunnel only on "my" side - one that will be accessed and should allow access to some servers in the 192.168.2.0/24 network. B...

SAML Captive Portal

Hi All,i'm trying to configure a SAML authentication for captive portal but when i'm trying to export metadata and selecting captivel portal i'm not able to export, it shows no option:if I try to type an address and click ok the file generated contains this:show -> sp-metadata -> authentication-portal unexpected hereshow -> sp-metadata ...

HygorPeixoto_0-1607522196574.png

Resolved! dhcp client class-id setting

Dear all,a potential FTTH provider requires a special option for the dhcp client in order to work.CISCO setting like:ip dhcp client class-id 100008,0001,Cisco,e02f.6d21.xxxx,15.3(1)T,FCZXXXXXXXXIs there any change to set the dhcp class-id for the dhcp client? I couldn't find anything in the manual.Regards,Andreas

Resolved! want to know options to disable GP connection

Temporary we want to disable test GP setup. Found below options :* Create deny rule for GP public ip.or* remove fqdn/ip of external gateway from GP Portal > AgentorDisable Tunnel mode , GP gateway > Agent > Tunnel Settings > Tunnel Mode Is there any other option to disallow GP connection ? what is the suitable ?

Deepak25 by L3 Networker
  • 3644 Views
  • 3 replies
  • 0 Likes

Resolved! Recommended Pan-OS version

I have a 5220 that I am using as core L3 segmentation router for my 500 user environment. Currently running 9.1.3 Pan-OS and What version of PAN-OS is recommended for this scenario. Is it generally advised to install the latest version posted on device-software check?

PaloAlto TAC support has gone missing

Opened a S2 (high) ticket at 11am ET this morning about panorama in High Availability in suspended mode after upgrading from 9.1.9 to 9.1.10. No response from TAC support after two hours. I called in and have been waiting for over an hour with no one from PAN support responding. This is outright bad. A lot of cases that I've opened with TAC s...

dtran by L4 Transporter
  • 6666 Views
  • 9 replies
  • 0 Likes

Java Cert error due to decryption?

My organization is in the process of moving from one VPN solution to GlobalProtect. We are seeing several applications being unable to run certain features, or run successfully at all, and the error logs appear similar to this (I say similar because this specific message is from one application, others may vary, but all are similar): sun.securit...

Resolved! Configure Session Timeouts particular source or destination ip in Palo Alto

Can we specify session, session timeout i.e. Keepalive timer for particular source or destination ip in Palo Alto? In the WebGUI, we will find these settings at Device > Setup > Session, But this settings will be applicable for global setting. I found that, we can specify it for the application. If we can do the same for ip address. Kind...

How to allow policy destination by URL

Hello, I need know how to allow create policy in PA firewall 3020 and add destination as URL name as (microsoft office 365) instead of adding all IP ranges. Appreciate your help Thanks

mmarie by L1 Bithead
  • 12274 Views
  • 3 replies
  • 0 Likes

global protect vpn with DUAL ISP

Hi Team, we have two isp link with ecmp load-balancing enabled. we only have one virtual router setup. we have configured GP vpn portal with one isp interface and how can i configure the GP vpn with second isp link as well. we would like to have two external Gateway.But global protect portal only showing to choose one outgoing interface.any help?

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks