General Topics

IP spoofing /source routing

Hi Friends,

I have nt enabled Zone protection for our palo alto firewalls as its connected to trusted zones. I want to know the whether IP source routing is disabled in the PA NG Firewall (Pan OS > 9.0) by default or not.  Also steps to protect again

IpSec VPN Phase1 negotiation problem

Hi All,

I have two 4G router and two ipsec vpn tunnel. Routers are exactly same.

VPN configs are exactly same (except Ips) one tunnel up and running but other one failed at Phase1

It gives me "IKE phase-1 negotiation is failed. Peer\'s ID payload 192.

SDWN and PAT

Trying to setup a LTE link as a backup link for an SDWAN deployment.  All of the LTE gateway devices do PAT as they get a single IP from the provider.  Will this work.  Don't think it will work in the hub but in the branches believe it will.  Just wa

upgrading from PAN OS 9.0 to 10 without internet connection

I need to upgrade from PAN 9.0.4 to 10 but without an internet connection where i have to upload the images manually, what im not sure about is that i read i need to make sure i meet the minimum content release for the target version which makes the

Palo Alto QOS - WRED drops

In Palo Alto firewall,  we observed WRED drops on QOS (150Mbps)  applied egress interface eth 1/11 – due to which DB sync/mirroring is randomly getting failed/dropped between DC & DR. Please let me know for any configuration changes/workarounds to av

Slow speed via Global Protect.

I have VM300 with GP without split tunnel. Between with and without GP their is a lose of around 6mb.

Is it acceptable to have 6mb of overhead lose? Will enabling/disabling ipsec in ssl vpn setting make any difference.

GlobalProtect VPN disconnects every 30s, no internet access while connected

Hey, thanks in advance for any and all help. I'm working from home (as many of us are at the moment) and I have an issue every day without fail when I connect to the GlobalProtect VPN. It "connects" successfully, but then disconnects every 30 seconds

Global Protect: Full Tunnel Enforcement

I have already contact Palo Alot Networks support about this issue and their comment back to me was "you need to protect the route preference/configuration from the host side."

The issue that I am facing is that we have third parties that are not man

How to: Use GlobalProtect for two portals with different username without loging out?

Hi, 

i'm accessing two portals with different username and password .. So every time i logout and login when changing the portal .. is there anyway to dublicate the GlobalProtect application installtion? or setting different username and password for

Okta SAML Auth with Push Only for VPN (SSO for Okta Login)

Is it possible to configure Global Protect VPN connection such that....

1. Pre-logon connects user during login
2. After login, they get prompted to Okta login to proceed to user session (vs pre-logon session)
3. Okta SSO works so they do not need to re-enter t

Fresh from scratch firewall config

So i can't find much on what rule of thumb to follow. If you know what applications you want to be allowed, should you start with the level4 version of the rule using just a port and then migrate to app based rule? Once app id identifies it properly

Anydesk config

Hello,

I have tried to allow some specific users to use anydesk, but it did not work.

in security policy, under application allowed anydesk, service allowed any

in nat, service allowed - tcp 80, 443, 6568, 7070 (destination tcp)

but it did not worked. 

pl