This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4119 Views
  • 0 replies
  • 0 Likes

Resolved! L3 ARP entries

Hello Mr. We need to make some mac address in Palo Alto L3 interface.the question is that , How many manual arp entries can be added per single interface?and because no document discussing it, I wanted to make sure if this works as an ARP inpection, so IP and MAC address must mach, or the packet will be dropped.Kindly answer and confi...

Shadow Rule Warning after upgrade

Hi All, We have a customer who has upgraded to 9.0 and they get shadow rule warnings since the upgrade. All the shadowing rules are more generic with any/any for source and destination, but with source user restrictions.The shadowed rules have more specific source/destination values. Traffic is hitting the shadowed rules. The same rules weren't...

Saml IDP certificate.

Hi Team, We need to integrate Saml With Global Protect .We have done the saml configuration in azure perfectly fine.We have exported the metadata file from azure and inported in PA NGFW successfully.We need to achieve through IDP certifcate but the issue is we are unable to add the IDP certificate in authentication profile in certificate for sig...

Global protect client stuck on connecting

Hi All - Global protect client for a few users is stuck on connecting state, is anyone able to help me look into P 865-T24627 Mar 05 07:15:48:180208 Info ( 495): Server is trusted ***.gpcloudservice.com(0.0.0.0)P 865-T19203 Mar 05 07:15:48:445236 Info ( 389): Finished with ****.gpcloudservice.com:443P 865-T19203 Mar 05 07:15:48:445253 Debug( 309...

WildFire Analysis Exclusions? smbv3

Seeing a lot of false positives with WildFire for application ms-ds-smbv3, specifically for PE+MSDOCX files. Is there anyway to just exclude ONLY this application from our Wildfire? I'd really hate to have to create a 2nd WildFire Security Profile and another Policy Rule just to exclude 1 application type. If we do have to create a 2nd WildFire ...

pan_rags.png
Rags by L2 Linker
  • 2388 Views
  • 1 replies
  • 0 Likes

Resolved! Is there a way to limit the number of response or captive portal pages, generated by the L3svc process for 1 second?

Hello to ALL, I have seen several cases where data plane overutilization may cause the managment plane to crash. In most cases I see the Devsrvr process to commit many times and to restart the L3svc process that uses I think it uses something like nginx as the palo alto firewall logs seem to be nginx related but it could be something else (that...

NMAP Scan, PA show open ports

Hello experts! When I scan my firewall from the internet no matter what I try I still get this.. PORT STATE SERVICE REASON53/tcp open domain syn-ack ttl 6480/tcp open http syn-ack ttl 64443/tcp open https syn-ack ttl 648080/tcp open http-proxy syn-ack ttl 64 I have setup an untrust-untrust (app) any (application) any and to drop rule at the top...

BizBo by L2 Linker
  • 7905 Views
  • 4 replies
  • 0 Likes

Generate a Global Protect user report

hi there,I have seen a few posts on this issue. but for some reason, I was unable to see the steps on how to do it.I simply want to generate a daily report that will tell me how many users connected through global protect in the workday.if someone can help me with how to do that it will be great! thanks!

Arielpa by L0 Member
  • 1970 Views
  • 1 replies
  • 0 Likes

Resolved! Special NAT configuration. Asking about possibility

I have a working Hub & Spoke VPN network. Computers in Spoke1 can reach the computers in Spoke2 and vice versa. For some reason, a particular device in Spoke2 with IP 172.16.200.62 can only be reached by the computers in the same subnet. I want to know is it possible to assign a 172.16.200.x IP address to the computers in Spoke1 when they at...

HubAndSpoke.jpg
jeremylo by L3 Networker
  • 3859 Views
  • 4 replies
  • 0 Likes

Resolved! GlobalProtect BSOD Windows 8.1

Installed the latest round of Windows (and driver) updates. 1-3 seconds after GlobalProtect connects, I get a BSOD and reboot. I've read through various memory dumps and it's always one of two issues. pangps.exe - IRQL_NOT_LESS_OR_EQUAL (a)An attempt was made to access a pageable (or completely invalid) address at aninterrupt request level (IRQ...

IPSec tunnel between PA-220 and VM300 in Azure

Trying to build a IPSec tunnel between a lab PA220 and a VM300 we have in operation in an Azure environment. I think I've got all the necessary ingredients covered, and I've checked all the "How To" docs I can find, but still no luck. Are there any gotchas related to this kind of setup that I should know about as I proceed? Any advice would be...

GlobalProtect 2FA

Hi, PaloAlto VM-100 8.0.13 I've been trying to add 2FA to our GlobalProtect Gateway. I've followed the instructions described here: https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/authentication/set-up-two-factor-authentication/enable-two-factor-authentication-using-one-time-passwords-otps Probably I've ...

Static IP for GP User

hey, i have a requirement from a customer for some users to always have the same ip when they connect to the VPN for example if the IP Pool for the GP clients is: 192.168.x.110 where x will be 10-15 depends on which GP GW you are connected to. i have managed to configure using specific client settings for example for user A ip pool is 192.168.10...

minow by L4 Transporter
  • 12632 Views
  • 7 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks