This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4110 Views
  • 0 replies
  • 0 Likes

Resolved! IKE-NEGO-P1-FAIL

We are trying to setup a IPSec VPN from our VM-300 Palo Alto Firewall running in AWS. Using PANOS 9.0.11. I’m having issues with the configuration of the IKE Gateway as the Interface IP address is set via AWS DHCP and does not reflect the public (elastic) IP. PAN OS will not allow me to set an address in the Local IP address field the only opt...

gateway.png
System logs.png

Resolved! GlobalProtect issue on Android device

Error message: gateway external server cert is invalid Only for Android users who are using GP version 5.1 or 5.2. No issues with 5.0. Using PANOS 9.1.3 Using Public Certificate and we only received 1 PEM file from the client.The server cert (SSL1_Networkscomms) is standalone. Not sure how to add it to the cert chain. Added the Root CA and Inter...

Certificate.jpg
FarzanaMustafa_0-1612932636837.png

Slow speed via Global Protect.

I have VM300 with GP without split tunnel. Between with and without GP their is a lose of around 6mb.Is it acceptable to have 6mb of overhead lose? Will enabling/disabling ipsec in ssl vpn setting make any difference.

GlobalProtect VPN disconnects every 30s, no internet access while connected

Hey, thanks in advance for any and all help. I'm working from home (as many of us are at the moment) and I have an issue every day without fail when I connect to the GlobalProtect VPN. It "connects" successfully, but then disconnects every 30 seconds, then spends another 1-2 seconds reconnecting, before successfully "reconnecting" again. During ...

Global Protect: Full Tunnel Enforcement

I have already contact Palo Alot Networks support about this issue and their comment back to me was "you need to protect the route preference/configuration from the host side." The issue that I am facing is that we have third parties that are not managed by our company however need access to medical systems to support our customers. In order to...

Okta SAML Auth with Push Only for VPN (SSO for Okta Login)

Is it possible to configure Global Protect VPN connection such that.... Pre-logon connects user during loginAfter login, they get prompted to Okta login to proceed to user session (vs pre-logon session)Okta SSO works so they do not need to re-enter their AD credentials - this requires the pre-login tunnel to stay up while authenticating userPush...

Resolved! VM-100 will not configure management interface.

We have a VM-100 to run int our test environment ( VMware 5.5)Pan-OS8.0.0 Despite reading the same information over and over I can't get the management interface to come up. I have applied the config #set deviceconfig system ip-address 128.129.10.40 netmask 255.255.255.0 #comit but "show interface management" hasip address unknownnetmask unknown...

Fresh from scratch firewall config

So i can't find much on what rule of thumb to follow. If you know what applications you want to be allowed, should you start with the level4 version of the rule using just a port and then migrate to app based rule? Once app id identifies it properly migrate using best practices? Do you start off with the app id version of the firewall rule right...

Anydesk config

Hello,I have tried to allow some specific users to use anydesk, but it did not work.in security policy, under application allowed anydesk, service allowed anyin nat, service allowed - tcp 80, 443, 6568, 7070 (destination tcp)but it did not worked. plz guide me on this. thank you.

dwalll by L0 Member
  • 2990 Views
  • 1 replies
  • 0 Likes

User-ID Help

In recent weeks we've had a problem reported where one minute a site will be accessible for instance Youtube and then it won't be and then it will and it goes on, after looking in the logs when the connection to Youtube fails is when the log show no USER-ID when it works it shows a local USER-ID. We use an AD group for access to general interne...

JonHill by L1 Bithead
  • 3550 Views
  • 4 replies
  • 0 Likes

Resolved! How Palo Alto enabled with DNS Sinkhole will see original Client IP Address; when internal DNS server working in Recurisive mode?

Hi All, I need help in solution to know how actually Palo Alto enabled with DNS Sinkhole will see original client IP Address making DNS request to a domain in DNS sinkhole list. More Information is:My client computer with IP address (10.10.10.10) configured with Internal DNS server with IP Address (10.10.10.20). Internal DNS server working in th...

7000 series log forwarding card not forwarding traffic logs to collector

Hey everybody,I'm setting up a 7050 with a log forwarding card to a dedicated log collector. On the log collector, I have it set to device log collection and collector group communication on ethernet1/5. I have log settings configured as well as a log forwarding profile. With traffic running through the firewall, I'm seeing hits against rules...

dan731028 by L3 Networker
  • 5526 Views
  • 4 replies
  • 1 Likes

Resolved! Azure ip-range list EDL size

Hi, I ran into a problem today when expanding a customer's environment. I'd previously set up an EDL pointing to a Minemeld-generated list of all Azure ip-ranges, no problem thus far. I've done this for other customers before without any issue but noticed now that when I used the recommended prototype azure.cloudIPsWithServiceTags it generated a...

QoS Profile Configuration

I'm doing my first PAN QoS configuration- it's for a SIP trunk to a carrier from our VoIP network. I've read through the procedures and wanted to do a sanity check for my approach: 1) I've configured my security rules for SIP to have QoS "Follow Client to Server Flow" to maintain the DSCP markings from carrier to VoIP internal network and vise-v...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks