General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

New LIVE AMA event, LIVEcommunity Team Roundtable!

If you are curious to know more about how the LIVEcommunity works, have a chance to chat with community team members, or ask a non-technical question? Now’s your chance! The floor is open for all you burning questions now through June 24. The LIVEcom...

ama-graphic.png
jdelio by Community Team Member
  • 287 Views
  • 1 replies
  • 4 Likes

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 18508 Views
  • 41 replies
  • 32 Likes

Best practice for setting up address groups

Hi Newbie to PA. I want to create a address group dynamic (think that might be best. made up from a group of network addresses in each DC. So for example if I have 3 DC dc1 - 10.1.0.0/16dc2 - 10.2.0.0/16dc3 - 10.3.0.0/16 I could tag them with "dc_net...

Resolved! Newbie question on polices

Hi Got to test pa-3060's got them setup in HA active active mode. I have a LACP trunk setup with 2 vlans of it. vlan 213 - zone trustedvlan 215 - zone devi have ospf and ip addresses assigned and working on the 213 side of things. so I can ping it fr...

Recommended MTU for GlobalProtect Gateway

Hello, We’re experiencing slowness from global connect clients located offsite back to firewall (i.e. 5MBps). Without the VPN client, the user can get up to 60MBps. What is the recommended MTU settings for GlobalProtect Gateway/interface should be se...

Farzana by L4 Transporter
  • 4660 Views
  • 5 replies
  • 0 Likes

Resolved! HA Configuration question?

Hi folks, As I prepare for my first HA configuration next weekend, have at least one question today. I understand from reading that the configuration will copy over to the second passive firewall over the HA1 link.Does that include everything? Certif...

OMatlock by L4 Transporter
  • 326 Views
  • 1 replies
  • 0 Likes

Two-Factor authentication failures

Hi, we have a few clients using GlobalProtect as VPN (various versions), some are authenticating using 2FA, using SecurEnvoy as a RADIUS server. What we're seeing is as follows - the user has an authenticated VPN connection, then their network connec...

amellor by L0 Member
  • 1056 Views
  • 1 replies
  • 0 Likes

LAN to Globalprotect VPN network not reachable

we have configured the GP VPN as follows, LAN: 192.100.1.0/24, gateway: 192.100.1.50->core switch->lan e1/1-192.100.1.55 PA -->tunnel.1 (same zone as LAN) 192.168.254.1/24. GP IP pool: 192.168.254.2-192.168.254.254Access route is proper: as traffic f...

Resolved! PA-3020 - Internet Connection over Cisco Switch

Hey guys, at the moment, there is a direct connection between my Palo Alto Firewall and the Internet Router. Ethernet 1/20 on the PA is my external interface - it's one of the fiber interfaces. I want to change this connection from "direct" to "over ...

MPI-AE by L4 Transporter
  • 1410 Views
  • 3 replies
  • 0 Likes

Block web browsing but allowing other apps.

I need to block webbrowsing but allow other apps which has web dependency.Trust to untrust - all allowed. But when I deny webbrowsing from trust to untrust other apps like skype stops working.Requirement is only web-proxy ip is allowed webbrowsing fr...

PBF SMTP for both ISP1/ISP2

I'm wondering if anyone has a similar setup and got it working. I'd like to have both SMTP services enabled on two ISPs for load-balancing and redundancy. I tried using PBF but couldn't get it working. It seems SMTP for ISP1 works fine but SMTP for I...

x by L1 Bithead
  • 655 Views
  • 1 replies
  • 0 Likes

API or script to report bad URLs to PAN?

Is there an ability to post bad URL reports to PAN in an automated/scripted fashion? I know the report site exists (https://urlfiltering.paloaltonetworks.com) but it requires a captcha. My goal is to write a script which takes in a (phishing) URL as ...

Schuyler by L0 Member
  • 681 Views
  • 3 replies
  • 0 Likes

PPPoE Interface Settings For PA-220 Eircom

Hi team, Just posting this if others setting up PPPoE on new PA-220. There was one or two check boxes to complete so hopefully this saves others some time. The ISP for this one was Eircom, and used default PPPoE settings for that ISP. ethernet 1/8 ta...

eth18-1.JPG
eth18-2.JPG
eth18-3.JPG
gp.JPG

Global Protect Client Improvement

Hey all, Not sure if this is allowed - so if it's not, feel free to delete my post. Natively, the Global Protect client has no support for saving credentials, which is kind of frustrating if you're like me and jump between portals on a regular basis ...

Boofis by L1 Bithead
  • 311 Views
  • 0 replies
  • 0 Likes