This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4223 Views
  • 0 replies
  • 0 Likes

Resolved! EDL dynamic list is URL access error

i have created the new EDL with this URL (http://panwdbl.appspot.com/lists/mdl.txtbut unable to fetch We have changed the service route with outside interface but the same issue was happening.

Joshan_Lakhani_0-1583264831448.png

IPSec VPN and Dead Peer Detection (DPD) in IKEv1 and Liveness check in IKEv2

I have two different IPSec VPN tunnels between a PAN and two different Cisco devices, let call them R1 and R2, as folllows: PAN IPSec IKEv1 <<---->> Cisco R2 IKEv1PAN IPSec IKEv2 <<---->> Cisco R1 IKEv2 I enable Dead Peer Dection (DPD) in the IKE gateway between the PAN IKEv1 and Cisco R2 router. On the Dead Peer interva...

dtran by L4 Transporter
  • 11082 Views
  • 2 replies
  • 0 Likes

Resolved! Palo alto networks licence

Hello, I'd like to know if this fonctionnality need a licence GlobalProtect in PAN or not: * VPN client for MAC OS , Windows XP and Vista * The third party: Apple iOS, Android 4.0 I will be appreciated for all your helps Thank you

RCHAIBI by L2 Linker
  • 4584 Views
  • 4 replies
  • 0 Likes

Resolved! Frequent connectivity issue- How to collect Globalprotect logs?

I have a user who is complaining about a frequent connectivity issues that happens throughout the day on Globalprotect VPN. I don't see any logs on firewalls but want to check the client logs. Is there a way we can collect logs on GP clients for a whole day but not on-demand(as the issue happens at random intervals)? Thanks.

GlobalProtect: The server certificate is invalid

I am trying to configure GlobalProtect (hereafter: "GP") TLS VPN on a PA-3050 running PAN-OS 8.0.6-h3. I am working with a GP client version 4.0.5. I have successfully configured GP so that I am able to connect when using a self-signed certificate in the SSL/TLS Service Profile used on both the GP Portal and Gateway configuration; however, whe...

PPPoe connecting to Centurylink / Qwest

I am replacing ASA boxes with PA. Currently the DSL modems are set up in "transparent" mode. This means that the firewall makes the "call".The ISP assigned a block of static IP's and at least in case of the ASA I do not need to specify anything else other than the credentials and type of Authentication to connect to the ISP whom in turn hands ou...

A1_IT by Not applicable
  • 6675 Views
  • 5 replies
  • 0 Likes

PPPOE Not Establishing

I am trying to connect a Palto Alto (in Ebano, Mexico) via PPPOE and it will not connect. As described in the PA doucment the interfeace is tyring every 3 seconds but getting the following "'PPPoE session failed to connect for user:u1st on interface:ethernet1/3. Reason: No PPPoE Offer receive" in the system log. A Cisco Router can use the same c...

Permissions for dependent application under parent application to inbound destination

Hi All, I am in the process of migrating from Lotus Notes to O365. The migration requires a ton of IP's being permitted from the outside inbound to my migration servers in my data centers. Rather than call all of those IP's, I am instead permitting any traffic from the outside inbound to these servers on application ms-office365. However, when...

Sip ALG

Hi community,I have seen lot of Palo Alto documents and some blogs saying about ALG functionality issue in firewall.I am facing some issues randomly with ALG functionality in firewall, I have seen documents says to disable ALG in PA, but my sip server/client is not aware of NAT, and I don't have any STUN servers.Does any body faced this kind of ...

HA Upgrade Path 8.1 to 9.1

I have an HA pair of firewalls on 8.1. Do I need to upgrade both to 9.0 and then 9.1 or can I upgrade one all the way to 9.1 and then the second from 8.1. to 9.1?

Monitoring HA state with graphite

Hi there, i am currently working on a grafana dashboard to monitor a pa-3xxx cluster. getting numerical values by snmp with collectd is no problem. and it ist great for displaying the data. collectd can't handle strings, but the ha state ist totally string-based. does anybody know a way to get the snmp output parsed an sent into graphite? is the...

palo_dashboard.jpg
skemena by L1 Bithead
  • 2983 Views
  • 1 replies
  • 0 Likes

Resolved! Jumpcloud RADIUS Auth failure

Hi, I have configured a RADIUS profile to use a "Directory as a service" provider (JumpCloud) for authentication, I have tested this with LDAP and everything seems to work as intended but when I configure the Radius profiles and test authentication via the cli I get the following responseFailed EAPOL auth (-1). Response for user: "bob" from RADI...

Marc_T by L2 Linker
  • 11921 Views
  • 7 replies
  • 1 Likes

Expedition 1.1.88 hangs during XML export due to ASA Tags/Objects

I have a repeatable issue with Expedition. I have an ASA with 3 contexts, no matter how i import them, export refuses to pull out tags cat /etc/tmp shows: Notice: Undefined offset: 0 in /var/www/html/libs/common/xml/panosxml.php on line 1752Fatal error: Uncaught Error: Call to a member function addChild() on null in /var/www/html/libs/common/xml...

what is mean ---authentication cannot have more than one subconfiguration

I use two PA820s for ipsec vpn and used certificate-Based Authentication for IKEThe 820-A version is 8.1.6 and the 820-B version is 9.1.4.820-A configuration ike gateway no problem。820-B will report an error when configuring ike gateway ,authentication cannot have more than one subconfiguration,I attach a screenshot for reference.Do anybody ha...

Felixcao by L3 Networker
  • 3879 Views
  • 3 replies
  • 0 Likes

Allow Sub-URL to Specific IP

Hi All, We've 'abc.com' as primary URL which should be accessed by all. sub URL - 'abc.com/odata' should be allowed to access only to specific Public IP which we mention. Please suggest how we can apply these policy in PaloAlto. Thanks,Sathish

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks