This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Problem with routing of NATted reply packets over IPSEC tunnel

I have an IPSEC tunnel to another organisation, they have two endpoints at the other end on addresses which conflict with our networks. We can just focus on one to keep it simple. We have an IPSEC tunnel set up and passing traffic fine (tunnel.3 interface on the untrust zone).The external endpoint’s native address (at the other end of the tunne...

djr by L4 Transporter
  • 5535 Views
  • 3 replies
  • 0 Likes

Resolved! SMB & Robocopy

Hi,I have server 2016 with all patches and I use Robocopy to sync files to the backup server. RC kill smb "server service" several times per day, no event log. Windows 10 clients cant access shares.The only solution is to restart the server. Can even restart server service, which stuck in stopping state. I like robocopy But, can't anymore use...

rasil66 by L1 Bithead
  • 7100 Views
  • 6 replies
  • 1 Likes

GlobalProtect SMB file transfer results in error for large files

We have some users that need to transfer large files on-preemies. When copying files shortly between 5-20% data transfer this error is thrown. Files are MultiGig in size. Small file around 100M that I tested did not show this error. Copying to the same file share from within on-prem network does not give this error. I have tried changing mtu as...

image.png
raji_toor by L4 Transporter
  • 5709 Views
  • 3 replies
  • 0 Likes

Setup Azure MFA with Global Protect - NPS/ISE

I am building this new but don't have concrete steps to start with. What I understand until now is that we need NPS extension for MFA to work with Azure. We last year moved away from NPS as our radius server to Cisco ISE. So do I have to figure out how to integrate ISE with Azure or do i have no choice but to implement NPS to get this working.

raji_toor by L4 Transporter
  • 3712 Views
  • 2 replies
  • 0 Likes

User-id issue.

Hi All, Firewall is 3050 with pan-os version 9.0.9-h1 we are using user-id agent as well as agentless for user-mapping.Sometimes we are getting machine names instead for ip-address instead of source usernames.we have user-based security policy. Why do we get machine names for usernames in the user-id logs. Agent version is 9.0.5-8 Thanks and reg...

Trouble with NAT and VPN

Hi there,i want to finish an easy setup which needs a simple DNAT and forwarding into a VPN tunnel on my PA5020.I've created a working VPN tunnel which is the destination for my traffic. And this works fine if i'm using the tunnel ip to reach targets inside the vpn destination network (192.168.5.0/24). To use this setup it is necessary to hide t...

QoS and GlobalProtect

We have a use case where many users need to upload files on premises and these are very large video files to on-premises. We want to rate limit/control the organization bandwidth consumed by these users. What are our options. Also we use subinterfaces so there is a QoS already in use for rate limiting traffic traffic to another campus. How can w...

raji_toor by L4 Transporter
  • 2560 Views
  • 2 replies
  • 0 Likes

Second Gateway and PPPoE

Hi allI'm in trouble whit this scenario:- Internet connection by PPPoE protocol with 1 static IP (ie 3.3.1.205)- additional 8 public IP like: 3.3.3.0 to 3.3.3.7 with 3.3.3.1 as gateway- Internet connection on ethernet1/1- internal LAN on ethernet 1/8 set with IP 192.168.80.254 (and LAN 192.168.80.0/24)- Web Server on ethernet 1/5 = 192.168.50.25...

Resolved! Logging - advise if CPU load same regardless of log export method HTTP(s) Syslog and Netflow logging

Hello Experts, I tried to find any information to assist with understanding if some log export protocols taxing CPU (Management and DP) more then others. Perhaps ones DP pass log events to MP it is for Management to package and ship the logs, therefore, as long as some rules has logging enabled, the DP load will be the same regardless of the pro...

SergGur by L2 Linker
  • 4029 Views
  • 2 replies
  • 0 Likes

Resolved! secure email alert configuration.

Hi, I have now a problem and that is I have been through all discussions here related to email alerting, but all uses non-authenticated smtp.my problem that my used email uses secured smtp server, means I need to enter my email smtp authentication information which is not available in my current PAN-OS 9.0.any ideas how to configure this authe...

IP Spoofing understanding

I'm planning to implement IP drop - under Zone protection on a production system. I'm really only interested in the ' IP Spoofing ' aspect & I'd like to understand a little more on how it works so that I can addresses any issues, should they arise. Is the basis of IP spoofing to stop any RFC 1918 addresses from coming into the FW from the u...

smk391 by L0 Member
  • 14898 Views
  • 1 replies
  • 0 Likes

I can't open Support Cases.

I can't open Support Cases. Becauase single sign on error. I cleared the browser cache and tried with other browsers too. Other options work fine, but only the Support Cases is not open. What should I do?

Not opening login page to login

I'm using GlobalProtect to connect to a customer.Earlier a "web" page opened to type in my user name, now it's not happening anymore. It's trying to use my company login which is wrong, I have a account at the customer. My IT helpdesk, is telling me to contact customer IT helpdesk, and the other way around.I quess I just need this Microsoft to o...

mosekjar_0-1606290028954.png
mosekjar by L0 Member
  • 1859 Views
  • 1 replies
  • 0 Likes

Testing "Security-Focused URL Categories"

Is there a way to test the "Security-Focused URL Categories" with some example of URLs that would match the category?I went looking for them in my log after setting them to Alert and found none. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/url-filtering/url-categories/url-risk-categories.html

BoDollis by L1 Bithead
  • 1998 Views
  • 1 replies
  • 0 Likes

GlobalProtect with Azure MFA - Double login (username+password)

Hi, we have a customer with GlobalProtect with MFA from MS Azure. The setup works fine but we are still unable to get rid of a "double login". Not the MFA with a SMS on phone but the regular username/password combo.Usually it goes like this: 1. Login with username/password. 2. Redirected to the same page. 3. Login with username/passowrd. 4. SMS ...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks