This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Resolved! Defining metrics for routes learned through BGP

Hi All, We have four tunnels(tunnel 1, tunnel 2, tunnel 3 and tunnel 4) configured to reach the AWS Network through BGP on an single default virtual router on the firewall and all the tunnels are up. There are three ISP in total connected to the default router and Balanced round robin method is enabled on the firewall to pass the traffic. The Tu...

Capture traffic as is on the wire?

On a Palo Alto is there a way to take a packet capture on a specified interface and simply see everything as is on the wire? For example on a Check Point I can do a tcp dump on a specified interface and the interface is basically put into promiscuous mode and I see traffic after firewall, after NAT, etc. On my Palo's it seems I have to pick a s...

Palo alto XML API not working

The firewall internal interface used to have GP portal configured and then removed, we found the XML API does not work on the standard port 443. In web browser an API call returns the 404 error. Pcap shows that the firewall does not reply to the call. We need this for Clearpass integration, and when testing with a different port (with NAT) it wo...

GP LOGIN/LOGOUT POPUP BOX

Dear team, How to enable the popup message when the users are login in and login out in Global protect. for example, users are connected in the GP at the same time VPN is down so users need to get a pop-up box like you are not in the GP or logout.

Global Protect user private IP shows 0.0.0.0

Hi team, One of my customer experiencing a weird issue in global protect. When Client joins the GP he get a private IP 172.16.100.230 and i can see that system logs and also in his GP Agent. When he initiates traffic i can able to see that private iP in traffic log as well but issue is when i go to see the current users in GP Gateway >Remote ...

Resolved! GlobalProtect Agent Updates?

Most of the discussions I've heard, talk about managing your deployment with something other than the firewall (so thousands of users aren't hitting the firewall during an update). I have questions in two areas: 1-How do you handle updates when getting pushed from a centralized manager to windows clients (assuming your clients are internal only...

Sec101 by L4 Transporter
  • 14107 Views
  • 6 replies
  • 1 Likes

Gp 2fa

Hi Team, We have 2FA auth method using Radius Server for GP VPN users login.After LDAP password authentication users receives SMS Token and when user entering the token the GP VPN again prompts for the token.So eventually user receiving another SMS Token and when entering second token user getting authentication failed message on GP client. For ...

Many-to-Many NAT (Both Direction)

Hi Everyone, I am struggling to solve a problem NAT issue and need some help. I need to configure May-to-Many NAT on Palo Alto Firewall between two data centers. I have three /25 IPv4 subnets which needs to be mapped to three /25 subnets (subnet to subnet basis if not one to one IP basis) and three IPv6 /40 subnets needs same treatment. Traffi...

rthakker by L1 Bithead
  • 8510 Views
  • 8 replies
  • 0 Likes

Resolved! How to transfer license to new VM

We have Palo Alto VM-100 that we are planning to transfer to our new Infrastructure.So we want to activate license after migration.Please advise how to transfer license to new VM during the activity. Thanks in advance.

Resolved! is there a way to strip http:// from the output?

i set up a URL based output to feed into my lab box but it won't accept the URLs reaper@PANgurus> request system external-list show type url name phishing phishing Total valid entries : 0 Total ignored entries : 0 Total invalid entries : 1643 Total displayed entries : 100 Invalid urls: ...

reaper by Cyber Elite
  • 3250 Views
  • 2 replies
  • 0 Likes

Global protect IPsec retry

Hi Community, I am trying to figure out how the GP Ipsec connection behaves, if the IPsec fails to connect at the time of initial GP connection and the GP falls back to SSL, will GP retry IPsec after any specific interval? is this configurable ?. Also is there any way I can move the Ipsec connection from UDP/4501 to any other ports? Thanks in ad...

nat64 error

Hello I'm trying to do a NAT from ipv6 to ipv4. On commit I have an error "Nat64 needs an ipv4 in the rule for dest xlat" Rule : from untrust to untrust , destination ip is ipv6 and translated address is ipv4 destination NAT Thanks.

PanIst by L3 Networker
  • 5419 Views
  • 3 replies
  • 0 Likes

Download The Latest GlobalProtect Client?

I find not being able to download the latest client very frustrating. I work from home several days a week and the company I work for, has just switched to globalprotect for their vpn requirements. However on my companies client download page... https://mycompany.domain/global-protect/getsoftwarepage.esp ...they dont have the latest client ...

carterg by L2 Linker
  • 41002 Views
  • 15 replies
  • 2 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks