General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics


New Product mention feature

Hey everyone, We just enabled a feature on the LIVEcommunity that allows for products to be linked inside of discussions or articles.. this helps cross link information throughout the site, especially useful if you are looking for specific informatio...

jdelio by Community Team Member
  • 2 replies

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 43 replies

Security Policy Application

Hello everyone,I'm hoping someone can help me understand why a security policy is not applying the way I thought it should. Here's what I have: I have each of our schools configured on different DHCP scopes. I then created an Address Object using sla...

GCSS-RT by L2 Linker
  • 10 replies

Resolved! policy-deny website problem

Hey all,PA-3020 8.0.7I would like to access and I get "Secured connection failed"The traffic log allows those packets, but session end reason says "policy-deny".I have never seen this before.Can someone tell ...

MPI-AE by L4 Transporter
  • 4 replies

Destination nat not working.

I have security policy untrust -trust(webserver publicip) and nat policy - untrust -untrust.Wheni try to access web server public ip it is not hitting the security policy and is considering the destination in untrust zoneand denies the traffic.Pa200 ...

Resolved! High Availability Commit Failure on PA-5220

I am having trouble trying to get a PA-5220 to commit, when attempting to configure HA1, not on the ha1-a default interface, but rather on aux-1. The same applies when configuring HA1-Backup to use aux-2. I can commit with this config, under high-ava...

Resolved! Enabling OCSP in mgmt profile also allows http management

PA-220, 9.0.0, AV2899-3409, Content 8127- 5316 I've enabled HTTP OCSP on the management profile attached to a loopback interface. HTTP and HTTPS are NOT enabled under Administrative Management Services (in fact, none are checked). Nonetheless, the ad...

bperez1 by L0 Member
  • 2 replies

Default Application ID change in 8.0?

We are migrating from some 200's running 7.1.x code to 220's running 8.0.x code. We had a rule that was working fine, allowing any traffic from a server to another server. We didn't define any apps or tcp ports. We have that rule in the new firewall,...

Split DNS

Hello We would really like to see a "split DNS" configuration for Global Protect, where you can specify certain domains that are sent to the internal DNS Server (or DNS Proxy), and all other domains get handled by the user's normal DNS servers. Thank...

MichelZ by L1 Bithead
  • 1 replies

Issue with WLC Radius request to NPS Server

Hi all,I have an issue with the radius request through the firewall,The radius request come from an cisco 1852-ME WLC and goes to an Windows 2016 NPS Server, both in different zones.An simular setup with an firewall works fine.The NPS Server does not...

Resolved! Running config not synchronized problem

Hey all!there are two pa 3020 with 8.0.7 in HA active passive.Three days ago, I switched the passive fw to active.Yesterday I switched back. I stated that the running config isn't synchronized, but I switched nevertheless.So I think I should "sync to...

MPI-AE by L4 Transporter
  • 4 replies

Resolved! Proxy Configuration

Hello, Before switching to Palo FW from Cisco one of our customers could use proxy (http://10.x.x.x/optusproxy.pac). Can you please confirm how can we set this proxy setting in Palo because couldn't find any option on GP to put proxy? I tried using i...


Hi community, Does anybody clarify my following doubts about preferred path in ECMP. I am able to see * mark in one of ECMP route ?. what is that means?.I have balanced round robin, so that each new sessions should take one path alternatively right ?...

Resolved! show deviceconfig setting url - dynamic url filtering

When i run below command show deviceconfig setting url[edit] i see no output.I read that if above output is blank then we are not doing the dynamic url filtering on the PA? Need to know should i enable this and how it can effect the performance on th...

MP18 by Cyber Elite
  • 4 replies

Resolved! Merlin board mode?

Hello, everybody, I have come across a Palo Alto firewall that cannot normally boot up and remains in "Merlin board mode". I cannot find much information on the internet regarding this. Can someone clarify what this "Merlin board mode" is? And what i...

Top Liked Authors