General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 41 replies

Resolved! Global Protect Access routes for Office 356

Hi Guys, I am struggling to find a solution for one request that I have from customer. We have VM-300 with PanOS-7.1.6 and customer wants to enable Global Protect for remote access users. The tricky part is that for the split-tunneling configuration ...

Populate Dynamic Address group via XPATH

Hi, Has anyone succeeded yet in populating a Dynamic Address Group with IP addresses using XPATH?(API can use 2 methods: an XML file or all info included in one command via XPATH).Idea is to integrate with Infoblox, which only understands XPATH. Than...

Site to Site vpn with Dhcp server at remote site

Hi, I have a site to site ipsec vpn between 2 PA devices. Lets call them Site A and Site B and at Site A I have a Cisco router acting as a dhcp server. I'm trying to have all the client at Site B get their dhcp address and scope options from the cisc...

strobins by L1 Bithead
  • 5 replies

High Available address unable to ping

Hi So I have a active/active cluster.I have a highly available ip on vlan 80 I also have on the same interface. from I can't ping, from I can't ping is the dgw for 10.33.8...

Application Risk level

What happens when you change an application risk number from a 5 to a 1? Does this just change the read out of your risk level or does it change the way the firewall acts on the application?

jdprovine by L4 Transporter
  • 4 replies

Schedules expired

Hi Community I see when the schedule policy has expired the rule continue as a enable rule but It doesn´t work because the rule has expired,Can you tell me how I can find the expired schedules?, is it possible to configure somehow when the rule has e...

ftrimino by L0 Member
  • 3 replies

Google Hangouts audio-video detecting as STUN

I am noticing an issue were clients are using Google Hangouts, but the APP-ID is detecting the session as STUN over UDP/TCP port 19302-19309, instead of the APP-ID signature of google-hangouts-audio-video. Has anyone else noticed this behavior? The t...

log snapshot.JPG

GlobalProtect Users appear on GUI and not on CLI

PANOS 8.0.5Current connected GlobalProtect Users appear on GUI by “Monitor/User-ID/Source-type=globalprotect” and not appear on CLI "show user ip-user-mapping all type GP”: the record is not absolutely present.On PANOS 7.1 the CLI command "show user ...

Aiace by L1 Bithead
  • 1 replies

Licence NFR PaloAlto

Hello I just receive my PA-850, i made the registration of the device in support section, but after this registration, i can't see the licences for the new device :Threat PreventionBrightCloud URL FilteringPAN-DB URL FilteringGlobalProtect GatewayGlo...

nfr palo.jpg

Resolved! Deleting Aggregate Interface

Good Morning, can someone verify that the following command is correct for removing an aggregate-ethernet interface? delete network interface aggregate-ethernet ae1 layer3 units ae1.82 I am a litte leary of implementing this command due to the fact t...

Customer Account Personal Email

I bought a pa-220 for my own personal lab through my employer's pa vendor and I would prefer not to use my company email account just in case I were to leave my company. If that would happen, a year from now when my licenses expire, I won't be able t...

Resolved! QoS: why is it capped at 1 Gbps?

Is it a physical limitation, or a software limitation? The PA-3020 has gigabit ports, which can be combined into aggregate interfaces that support multi-gigabit combined throughput. However, it you enable QoS on an aggregate interface, no matter how ...

fjwcash by L4 Transporter
  • 2 replies

Help with IPSEC VPN with overlapping subnets

I'm working with a vendor to setup an IPSEC VPN but we have an overlapping host address. My side has a PA500 and their side is a Sonicwall. Palo Alto Side: Source server: Server: My server NAT address:

global protect multiple portal issue

We want to configure Portal level redundancy in Global protect .If we bind 2 IPs of 2 different location firewalls to our portal address then how does clinent interpret the DNS resolution .after how much time client will try on another system

NIRAVK9 by L1 Bithead
  • 13 replies