This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4118 Views
  • 0 replies
  • 0 Likes

IKE Certificate Authentication Peer ID

Hi, Im trying to setup a VPN connection using certificate based authentication. When Phase 1 tries to establish I'm getting the following error Peer's ID payload ' IPv4_address:xxx.xxx.xxx.xxx' does not match certificate ID, Error: failed to get subjectAltName. I have added the peer's IP address to the IP(SAN) of the certificate and also tried ...

Are EDLs updating from passive device?

Dear community, We´ve configured a couple of external dynamic list (IP and URL) on a local minemeld server and the passive device fails to fetch those lists. Error obtained is: "Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh." Manually forcing the firewall to download the list then it works ok. Ser...

Carracido by L4 Transporter
  • 3280 Views
  • 2 replies
  • 0 Likes

HA1 and HA2 Links

Hi Guys,I have configured each of my HA links to have backup links. I would like to know, are the backup links also sending and receiving traffic like port-channel in which both ports are active? Especially the HA2 if we want to have 20G or more links for session sync.Thanks

Nikko by L1 Bithead
  • 3028 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect Split-Tunnel via cli.

I am trying to add the MS IP's via cli for split-tunnelling. the documentation states the following...set network tunnel global-protect-site-to-site <name> client split-tunneling access-route [ <access-route1> but this is not working on 8.1.9 I can get this far..set network tunnel global-protect-gateway "gateway-name" but cannot con...

Mick_Ball by L7 Applicator
  • 6872 Views
  • 3 replies
  • 0 Likes

Resolved! updates.paloaltonetworks.com connectivity

hi all,we have been trying to test our networks connectivityto updates.paloaltonetworks.com and have been unsuccessful.we tried ping to updates but it fails and also traceroute it also fails.and when we tried from different networks all the coonectivitytests to updates.paloaltonetworks.com failed also.is your updates down?because we can seem to ...

Resolved! EDL dynamic list is URL access error

i have created the new EDL with this URL (http://panwdbl.appspot.com/lists/mdl.txtbut unable to fetch We have changed the service route with outside interface but the same issue was happening.

Joshan_Lakhani_0-1583264831448.png

IPSec VPN and Dead Peer Detection (DPD) in IKEv1 and Liveness check in IKEv2

I have two different IPSec VPN tunnels between a PAN and two different Cisco devices, let call them R1 and R2, as folllows: PAN IPSec IKEv1 <<---->> Cisco R2 IKEv1PAN IPSec IKEv2 <<---->> Cisco R1 IKEv2 I enable Dead Peer Dection (DPD) in the IKE gateway between the PAN IKEv1 and Cisco R2 router. On the Dead Peer interva...

dtran by L4 Transporter
  • 10901 Views
  • 2 replies
  • 0 Likes

Resolved! Palo alto networks licence

Hello, I'd like to know if this fonctionnality need a licence GlobalProtect in PAN or not: * VPN client for MAC OS , Windows XP and Vista * The third party: Apple iOS, Android 4.0 I will be appreciated for all your helps Thank you

RCHAIBI by L2 Linker
  • 4552 Views
  • 4 replies
  • 0 Likes

Resolved! Frequent connectivity issue- How to collect Globalprotect logs?

I have a user who is complaining about a frequent connectivity issues that happens throughout the day on Globalprotect VPN. I don't see any logs on firewalls but want to check the client logs. Is there a way we can collect logs on GP clients for a whole day but not on-demand(as the issue happens at random intervals)? Thanks.

GlobalProtect: The server certificate is invalid

I am trying to configure GlobalProtect (hereafter: "GP") TLS VPN on a PA-3050 running PAN-OS 8.0.6-h3. I am working with a GP client version 4.0.5. I have successfully configured GP so that I am able to connect when using a self-signed certificate in the SSL/TLS Service Profile used on both the GP Portal and Gateway configuration; however, whe...

PPPoe connecting to Centurylink / Qwest

I am replacing ASA boxes with PA. Currently the DSL modems are set up in "transparent" mode. This means that the firewall makes the "call".The ISP assigned a block of static IP's and at least in case of the ASA I do not need to specify anything else other than the credentials and type of Authentication to connect to the ISP whom in turn hands ou...

A1_IT by Not applicable
  • 6578 Views
  • 5 replies
  • 0 Likes

PPPOE Not Establishing

I am trying to connect a Palto Alto (in Ebano, Mexico) via PPPOE and it will not connect. As described in the PA doucment the interfeace is tyring every 3 seconds but getting the following "'PPPoE session failed to connect for user:u1st on interface:ethernet1/3. Reason: No PPPoE Offer receive" in the system log. A Cisco Router can use the same c...

Permissions for dependent application under parent application to inbound destination

Hi All, I am in the process of migrating from Lotus Notes to O365. The migration requires a ton of IP's being permitted from the outside inbound to my migration servers in my data centers. Rather than call all of those IP's, I am instead permitting any traffic from the outside inbound to these servers on application ms-office365. However, when...

Sip ALG

Hi community,I have seen lot of Palo Alto documents and some blogs saying about ALG functionality issue in firewall.I am facing some issues randomly with ALG functionality in firewall, I have seen documents says to disable ALG in PA, but my sip server/client is not aware of NAT, and I don't have any STUN servers.Does any body faced this kind of ...

  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks