General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 43 replies

Resolved! Session Timeout Settings

Hi,we are using a PA environment in combination with Bluecoat Proxy SG for caching and user authentication. Bluecoat describes on his knowledgbase KB3323 the differences for session timeouts on proxie servers and firewalls.From our proxies I have man...

Howto delete sub-interace from cli

Hi,I`m trying to delete a sub-interface from CLI but cant seem to find the correct command, i managed to remove the IP address and tag but not the entire sub-interface.admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1...

u18830 by Not applicable
  • 12 replies

PA System Logs

Dear Expert , I need to get all System messages of PA in case of the below Events CPU Errors, warnings.Memory, RAM utilization warning, problem.Hardware failure, problem. .(Physical Events)Links , interfaces down.Processor warning.Disk warning.Fan wa...

hi Community

Hi all, We have upgraded globalprotect version 3.1.4 to 4.1.2. Its connected successfully . But after some time it saying portal not available. username take as portal name. anyone experience with globalprotect 4.1.2???

Resolved! Palo-Cisco VPN Logs

Im setting up a s2s vpn between a Palo and a Cisco ASR. The GUI is showing it all as up - green lights and ike tunnels. But the logs are showing the below: IKEv2 child SA negotiation is failed message lacks KE payload I am not sending traffic down th...

welly_59 by L3 Networker
  • 5 replies

Custom HIP Check for Linux

Hey guys, I've been tasked to have Globalprotect only allow company owned devices over the VPN. I know I can create custom HIP checks for Windows/Mac (reg/plist value). How would I do the same for Linux clients? I have two end users that work remote,...

Unable to find interface configured in vm machine in vmware

I’m new to Palo Alto VM series deployment and it’s the new project .. we’re trying to deploy Palo Alto HA in VMware environment . Deployed ovf template and configured management interface . Connected to GUI and all looks ok . But I’m not able to conf...

Hari007 by L1 Bithead
  • 6 replies

Resolved! DH group 15 IPSec tunnel

HiI must build up an IPSEC tunel between PA and Watchguard XTM. The other Side gives me ike phase where DH Group is 15. On PA I only can choose Group 1—768 bits, Group 2—1024 bits (default), Group 5—1536 bits, Group 14—2048 bits, Group 19—256-bit ell...

PPTP VPN can not be connected to external devices

I have built a VPN server in company domain and I have tried to connect it in the domain computer. Now I need it can be connected to external computer. I have search many information in Internet to know how to do this setting in firewall. But it stil...

Jacky.Yi by L0 Member
  • 2 replies

Resolved! Radius authentication for Global Protect

Hi community! I have encountered a "problem" with our Global Protect authentication while we were doing some maintenance works.We have an Authentication Profile with 3 RADIUS servers for authenticating the users, and the number of retries is set to 5...

Feature request thoughts - around nat selection

Hi I have 2 NAT pools, actually 4, cause for HA each pool is doubled - does that make sense. 1 pool is on a.b.c.13 and the second is on a.b.c.113. All good. what I would like to do is say going out internet interface from src group "out via non prod"...

DNS Proxy in Active Active cluster setup

Hi I am looking to setup 2 IP address I want to use for DNS proxy - I was planning on having each ip as a HA VIP - in fail over mode - 1 priotised to one node and the other to the other node Then I tried to setup the DNS proxy - can't attach it to ip...

Top Solution Authors
Top Liked Authors