This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4124 Views
  • 0 replies
  • 0 Likes

Remote Access VPN - Strongswan client to PA GP Gateway

Is it possible to access a GlobalProtect gateway using the strongswan client on Ubuntu 16.04 LTS? I am trying to use ikev2 and use certificate authentication. PA guidance suggests it is possible using Ubuntu 14 and PAN-OS7 but I can see no guidance for later versions.

CC2021 by L0 Member
  • 2612 Views
  • 2 replies
  • 0 Likes

Resolved! Applications Depends On Column - Prelogon Policies

I am trying to setup prelogon and have a question about the sec policies described in Step 2 of this guide: https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-quick-configs/remote-access-vpn-with-pre-logon.html I assume the source zone would be VPN (applied to tunnel) and the destination zone is Trusted (inte...

MichaelMedwid_0-1618764222665.png

Blocking outside-to-outside blocks ping from outside interface. Is that ok?

Hi Gang, First, thanks for having a look and a big thank you for taking the time to respond. I recently created a security policy rule that blocked outside-outside zone traffic. I did this due to outside traffic that did not match any NAT rules, for some reason, ended up matching the intrazone-default rule. Although this effectively allowed such...

GlobalProtect Use Connect Before Logon is not compatible with Pre-logon(Always On) ?

Hello to All, We are use globalprotect with Always-on and "Enforce GlobalProtectfor Network Access" and blocking the users to delete or disable the globalprotect app. This way we are forcing them to always use the VPN. We are planning to test "Connect Before Logon" but the strange thing is ''Pre-logon(Always On)'' is not mentioned as to not be ...

Resolved! Certificate Validation not working

Hi all,hope you are doing well!I've a little probelm with the certificate validation.I've changed the DDNS provider to a custom one bit certifiate validation dows not work.PAN OS: 10.0.5First what I've done on CLI:set network interface ethernet ethernet1/1 layer3 ddns-config ddns-vendor-config dyn-api-host value updates.dnsomatic.com set network...

Image 4.png
Image 5.png
Image 3.png
Image 2.png

Is PANOS 9.1.6 is vulnerable for wreck security vulnerability?

Hi guys, Im having a query whether any of the PAN OS has the vulnerability as wreck in Palo alto network firewall. If so kindly update me here.I have searched with the PAN Advisory as well as other portals. like these https://www.cvedetails.com/vulnerability-list/vendor_id-12836/product_id-26167/Paloaltonetworks-Pan-os.html but no luck. So incas...

Resolved! About DNS security

Hello Bros, I my network and my firewall 3220 setup I have a question regarding the DNS security feature.If you go through creating an anti-spyware profile, and exactly in the DNS signature what is the difference between DNS signature source "Palo Alto networks content DNS signature sinkhole as an action" and " Palo Alto network D...

Hybrid model (where some exchange mailboxes are hosted in Microsoft 365) (using DNAT) Palo Alto inspect the traffic be regarded secure enough?

We have clients who want a Hybrid model (where some exchange mailboxes are hosted in Microsoft 365) rather than full blown integration. Would the proposed solution (using DNAT) with the sources constrained to the Microsoft approved IP/URL list and having the Palo Alto inspect the traffic be regarded secure enough?

NavidAlam by L3 Networker
  • 3438 Views
  • 2 replies
  • 0 Likes

Error Palo Alto Global Protect on MacBook

Hi Guys, I am facing an error when i want to use global protect on my mac. Every time i want to log on, It shows Gateway SSL VPN GW: The server certificate is invalid. Last two weeks i just use this and no problem. Please help me to solve this issue because it was very urgent. Appreciate if you could help me to solve this. Btw: my MacBook OS...

Kevin234 by L0 Member
  • 2551 Views
  • 1 replies
  • 0 Likes

Commit Error Messsge for Application being used

We noticed last month that a core firewall PA-3060 has started reporting the same error message as in this link. Application being already in use. We have provided tech support files to PAN support but they are still unable to determine the reason that we keep getting these error messages when we commit to the firewall.https://live.paloaltonetwo...

bambox by L1 Bithead
  • 2419 Views
  • 1 replies
  • 0 Likes

Data Filtering logs not in Panorama

Hi All, we are running 9.0.12. I've got data filtering with the patterns etc all set up. The logs appear fine on the firewall. And logging profile is set to forward all to Panorama, but none appear in Panorama. It's empty. Logging profiles is set to forward log type Data to Panorama.Any help would be appreciated. Panorama is forwarding all event...

igs1917 by L1 Bithead
  • 4212 Views
  • 4 replies
  • 0 Likes

SSH to Management interface (RADIUS Auth) PAN OS 10.0.4

Working on an HA Pair of PA-820 firewalls and just finished configuring auth for management interfaces. Went to test, and found that the firewall said auth succeeds, but the SSH connection immediately drops. Config:Auth profile is RADIUS (Windows NPS server)PAN OS 10.0.4Tests:Authentication to web interface works for user via RADIUS profileAuthe...

D_Baerry by L1 Bithead
  • 4414 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect - Use Machince Certificates for Authentication

Hi everyone, at the moment our GlobalProtect Infrastructure is only using LDAP for authentication, which is a problem since users should only be allowed to connect to GlobalProtect via a corporate Windows notebook.As a second factor we would now like to use machine certificates. We have already rolled out machine certs to every machine by an int...

Enabling multi vsys on a prod firewall.

I’m planning to create multi vsys on my palo alto. I just wanted to know if my existing configuration (interfaces, aggregate interfaces and rulebase) will be moved as it is to vsys1 or they need to be mived manually? I have aggregate interfaces layer 2 in my environment so I need to assign vlan interfaces to vsys and keep parent port in no vsys ...

  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks