This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4136 Views
  • 0 replies
  • 0 Likes

Resolved! Random Private MAC address

I use DHCP reservations to ensure the devices on my network get the same IP address every time. I have security and routing policies that depend on known IP addresses. Recently Apple, I’m sure other will follow, enabled a feature that by default that randomly selects a private MAC address when they lease an IP address. I realize that you can dis...

rmcrae by L3 Networker
  • 3705 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect: always-on pre-logon external and not logon internal is not working

I am trying to setup GP as always-on (pre-logon) when the user is external and not connect while internal. My understanding was that the internal host detection setting was suppose to let the client know that it was internal and not try to connect to the external gateway. That does not seem to work, or most likely I just did not understand the w...

Resolved! GlobalProtect slowness

Is anyone that is using GlobalProtect seeing significant performance issues? We are running PAN OS 5.0.10 and GP 1.2.8. We are also doing full tunnel. When I do a speed test from home without GP enabled I get 20 Mbps down and 5 Mbps up. With GP enabled I get 5 Mbps down and 0.25 Mbps down. Now I understand that I should be seeing some impac...

legeremt by L0 Member
  • 9984 Views
  • 8 replies
  • 0 Likes

Minemeld support on either Ubuntu 18.04 or 20.04?

Does anyone know when Minemeld may be able to run on either Ubuntu 18.04 or 20.04? It installs fine on 16.04, but with support for Ubuntu 16.04 ending on April 30, 2021, I would like to install it on one of the later releases will will at least have a couple more years of support and security updates. While it installs on 18.04, and I can get ...

RichardB by L1 Bithead
  • 3399 Views
  • 4 replies
  • 0 Likes

SSO fails by first time login

Hi All, GlobalProtect pre-logon is configured. The computers connect pre-logon just fine. However, if this is the first time a user is logging in, or someone else logged in last and they had to change back to their username, GlobalProtect prompts the user for credentials after windows login, even though everything is configured for SSO. If they ...

How does DNS Sinkhole actually works?

Hi Everyone, i need your help to better undestand how DNS Sinkhole actually works.I mean, i know how it works, how to configure it, but i'm facing a strange behaviour i cannot understand.In the photo i have uploaded i have an example.Both source and destination are in the same subnet (i have obscured the first two octects for privacy)the destina...

dns sinkhole.png
DKanta by L2 Linker
  • 3891 Views
  • 2 replies
  • 0 Likes

Resolved! Link and path monitoring enabled but no link and path group configured

Hi All, We have Link and path monitoring enabled but no link and path group configured. Actually I never enabled the link and path monitoring so my question is , is it enabled by default? Also, if we don't have any link or path group configured as in my case, is it not active ? I could not find any doc for the same. @BPry Can you please help ...

shafi021 by L2 Linker
  • 6120 Views
  • 3 replies
  • 0 Likes

QoS profile: Egress Max of Tunneled Traffic + Egress guaranteed of Clear(Regular) Text Traffic > Egress Max of Interface

Hi all,I have some Platform: PA-850, PA-820, ...I have configure QoS profile and apply QoS profile to interface (ethernet1/1) as attach files.When configure QoS profile then: Egress Max of Tunneled Traffic + Egress guaranteed of Clear(Regular) Text Traffic > Egress Max of InterfaceBut, some Platforms then commit -> OK, some Platform then c...

QoS profile_OK.PNG
QoS setting_OK.PNG
QoS error.PNG
ThomasX by L1 Bithead
  • 3411 Views
  • 1 replies
  • 0 Likes

Global protect for android phones using proxy

Could you please confirm if proxy is supported on the Android GP App. Our end users are using proxies on mobile devices including iOS, Chromebooks, and Android. It appears that only the GP clients on Android are having issues connecting. The GP client reports that there is no internet connection. This used to work 1-2 weeks ago(on old GP version...

High amount of traffic to exchange server

We are seeing a high amount of traffic coming from outside public IPs to our exchange server. It's more than 2GB and sometimes more than 4GB of traffic. Initially, we blocked these IPs in firewall policy but every time after blocking the IPs, some more new public IPs keep coming with high traffic. We are suspecting maybe it's some kind of attack...

Both the Vm Firewall was in active state

Hi Team , We have 2 Vm firewalls both the vm firewall are in Ha and in active and passive. The passive firewall base license and all the license have expired one week ago. The ha1 and ha2 link was showing and both the VM firewall was in active-active state.Both the firewalls were in active state.Can you please let me know why both the vm firewal...

Resolved! PA UID LAB not working correctly

Hi Everyone, I am currently having issues trying to get UID to work on Eve-NG using PANOS 9.0.4, it is a only a EVAL license but everything is working except for UID.I have followed agentless guide to setup and AD server is connected to the PA as per the "User Mapping" tab.Policy is setup correctly, however as soon as I add "Domain Users" as the...

Vimz888 by L1 Bithead
  • 6084 Views
  • 4 replies
  • 0 Likes

SDWAN and Tunnel Monitor config

Hi All, I'm trying to get my head around SD-WAN and tunnel monitoring, specifically SD-WAN AutoVPN creates Tunnels with tunnel monitor turned on with a destination IP of the other side of the tunnel and the Tunnel Monitor profile set to sdwan-default. If I then look in Network Profiles -> Monitor see sdwan-default configured with an action o...

KevinJB by L1 Bithead
  • 4907 Views
  • 1 replies
  • 0 Likes

Retro-fitting standard SD-WAN into existing firewalls

I want to deploy hub-spoke SD-WAN into my existing routers, but it says you must do it through Panorama. It then wants me to create a template, add the router, interface, etc. and basically define everything to do with SD-WAN in Panorama. The problem is I have a fully functional set of firewalls with live traffic, BGP, etc. and if I force temp...

  • 24340 Posts
  • 124 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks