This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4474 Views
  • 0 replies
  • 0 Likes

Force Authentication Policy (MFA) for known users (user-id agent)

Hi, I had configured Authentication policy for one of the environments and everything worked fine as expected. While replicating similar setup for a different environment, the Authentication policy was not working. After some troubleshooting, I observed that if the firewall has user to ip mapping generated via user-id agents (type UIA), it does ...

Palo Alto image for demonostation shown in the video

Hi team, I am looking for setting up the palo alto firewall as well panorama in VMware workstation as shown in below video. It seems to be pretty easy. Only thing I am looking for is palo alto image. How can I get the image ? I googled and got to know that it requires palo alto support portal access but I do not have access to portal. Is there a...

Vikashh by L2 Linker
  • 2055 Views
  • 1 replies
  • 0 Likes

Are used PA 'for-sale' posts permitted

Hello - does Palo Alto support resale of hardware that is not End-of-Life, and are posts on resale permitted in LIVEcommunity? I have been searching for pinned community rules and have not found anything related yet. I don't want to post/ask more related to this if it is not allowed. Thanks!

keklund by L1 Bithead
  • 1910 Views
  • 1 replies
  • 0 Likes

IP spoofing /source routing

Hi Friends, I have nt enabled Zone protection for our palo alto firewalls as its connected to trusted zones. I want to know the whether IP source routing is disabled in the PA NG Firewall (Pan OS > 9.0) by default or not. Also steps to protect against IP Spoofing or IP source Routing related attacks. Thanks in advance. S

SDWN and PAT

Trying to setup a LTE link as a backup link for an SDWAN deployment. All of the LTE gateway devices do PAT as they get a single IP from the provider. Will this work. Don't think it will work in the hub but in the branches believe it will. Just want to make sure since there is no specific documentation around this or any configuration objects...

upgrading from PAN OS 9.0 to 10 without internet connection

I need to upgrade from PAN 9.0.4 to 10 but without an internet connection where i have to upload the images manually, what im not sure about is that i read i need to make sure i meet the minimum content release for the target version which makes the upgrade process very frustrating , am i supposed to upgrade content release for each version alon...

chuckles by L2 Linker
  • 5786 Views
  • 1 replies
  • 0 Likes

Palo Alto QOS - WRED drops

In Palo Alto firewall, we observed WRED drops on QOS (150Mbps) applied egress interface eth 1/11 – due to which DB sync/mirroring is randomly getting failed/dropped between DC & DR. Please let me know for any configuration changes/workarounds to avoid this WRED drops.

preetpk by L2 Linker
  • 4672 Views
  • 1 replies
  • 0 Likes

Resolved! IKE-NEGO-P1-FAIL

We are trying to setup a IPSec VPN from our VM-300 Palo Alto Firewall running in AWS. Using PANOS 9.0.11. I’m having issues with the configuration of the IKE Gateway as the Interface IP address is set via AWS DHCP and does not reflect the public (elastic) IP. PAN OS will not allow me to set an address in the Local IP address field the only opt...

gateway.png
System logs.png

Resolved! GlobalProtect issue on Android device

Error message: gateway external server cert is invalid Only for Android users who are using GP version 5.1 or 5.2. No issues with 5.0. Using PANOS 9.1.3 Using Public Certificate and we only received 1 PEM file from the client.The server cert (SSL1_Networkscomms) is standalone. Not sure how to add it to the cert chain. Added the Root CA and Inter...

Certificate.jpg
FarzanaMustafa_0-1612932636837.png

Slow speed via Global Protect.

I have VM300 with GP without split tunnel. Between with and without GP their is a lose of around 6mb.Is it acceptable to have 6mb of overhead lose? Will enabling/disabling ipsec in ssl vpn setting make any difference.

GlobalProtect VPN disconnects every 30s, no internet access while connected

Hey, thanks in advance for any and all help. I'm working from home (as many of us are at the moment) and I have an issue every day without fail when I connect to the GlobalProtect VPN. It "connects" successfully, but then disconnects every 30 seconds, then spends another 1-2 seconds reconnecting, before successfully "reconnecting" again. During ...

Global Protect: Full Tunnel Enforcement

I have already contact Palo Alot Networks support about this issue and their comment back to me was "you need to protect the route preference/configuration from the host side." The issue that I am facing is that we have third parties that are not managed by our company however need access to medical systems to support our customers. In order to...

Okta SAML Auth with Push Only for VPN (SSO for Okta Login)

Is it possible to configure Global Protect VPN connection such that.... Pre-logon connects user during loginAfter login, they get prompted to Okta login to proceed to user session (vs pre-logon session)Okta SSO works so they do not need to re-enter their AD credentials - this requires the pre-login tunnel to stay up while authenticating userPush...

Resolved! VM-100 will not configure management interface.

We have a VM-100 to run int our test environment ( VMware 5.5)Pan-OS8.0.0 Despite reading the same information over and over I can't get the management interface to come up. I have applied the config #set deviceconfig system ip-address 128.129.10.40 netmask 255.255.255.0 #comit but "show interface management" hasip address unknownnetmask unknown...

  • 24379 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks