This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Ipsec Tunnel Failover issue

We have a PA-3020 firewall pair that has multiple IPsec tunnels to a VM series pair in AWS. We have 4 IPsec tunnels that we run to the firewalls. They are: Tunnel A - On Prem to AWS FW1 over Direct ConnectTunnel B - On Prem to AWS FW2 over Direct ConnectTunnel C - On Prem to AWS FW1 over Public InternetTunnel D - On Prem to AWS FW1 over Public I...

Fr4nk4 by L2 Linker
  • 4698 Views
  • 1 replies
  • 0 Likes

Resolved! Lock down VPN for certain users

I am fairly new to Palo Alto so please forgive me if this is a simple answer or answered somewhere else.I have a requirement to lock down our Global protect for our vendors. Here is what I have.I have group mappings and User-ID mappings set up and working fine.I have 2 GP portals and 2 gateways set up. 1 portal\gateway for company users and 1 po...

refresh connection option in GP agent allowing users to disconnect GP

We disallowed users to disable global protect app in Portal > app configuration setting , but still due to refresh connection option user able to disconnect GP and using local internet for browsing.We don't want to disable GP icon from system tray due to password change policy.Also enforce global protect for network resource option in app set...

Deepak_K by L3 Networker
  • 6690 Views
  • 3 replies
  • 0 Likes

Resolved! Does Palo Alto do NAT before doing Policy Based Forwarding

Hello Folks,I'm trying to set up my Palo Alto to do Policy Based Forwarding. Does PA do NAT before Policy Based Forwarding??? I've created Policy based forwarding to send traffic to an interface, if it is sourced from an address. 10.0.0.0/24 BUT it's seems to be failing ... sometimes. I've noticed that it fails when the source traffic is NATTED...

Jedi_D by L2 Linker
  • 15682 Views
  • 5 replies
  • 0 Likes

Workaround for GPC-9415 Issue ID

Hi Team, Just want to know whether is there any workaround for the mentioned GPC issue ID. Issue ID : GPC-9415 (For the GUI version of the GlobalProtect app for Linux, SAML authentication with Microsoft Azure does not work on Ubuntu 1804 or greater versions.)Note: Below this Ubuntu version it works. On Firewall GP Agent activated version : 5.0.6...

SahulH by L3 Networker
  • 3276 Views
  • 1 replies
  • 0 Likes

Resolved! how to create policy and how to identify which ports are being used on PAN

Hi Guys, I am new to Palo Alto. I recently joined the firm and they are using any any as policy for internal to Public, Internal to WAN zone. My tasks is to identify the ports which are being used and apply the ACL. My question to experts is how to find out which ports are being used and how should I apply this ACL on PAN. I have little idea tha...

shafi021 by L2 Linker
  • 9792 Views
  • 5 replies
  • 0 Likes

Panorama not receiving logs after rebuilding with new OVA

We had to rebuild Panorama from new OVA file. It is on version 9.0.8 and running on vmware.Firewalls are all in-sync This is the disk status on panoramaadm-rajrupindertoor@Panoramanv1> show system disk-spaceFilesystem Size Used Avail Use% Mounted on/dev/root 8.0G 3.4G 4.3G 45% /none 7.9G 68K 7.9G 1% /dev/dev/sda5 24G 9.3G 14G 41% /opt/pancfg...

image.png
raji_toor by L4 Transporter
  • 3424 Views
  • 2 replies
  • 0 Likes

Problem renewing ssl certificates with global protect portal

Hi all,I have the following problem. We have an ssl certificate (public ca) and this renews end of this month. We use ssl.domain.xx as gateway. Since we have to renew our certificate I ordered Networksolutions certificate and installed this within the certificates 'device/certificates' with the complete chain, according the normal procedure. Roo...

certificates2.png
config.png
error2.png

Resolved! What is the preferred way to monitor vmware view environments for User-ID?

How are others monitoring their Vmware view / horizon environments for user-id?I see there is a terminal services agent you can use, (looks like you can only install on windows and citrix) but I haven't found specifics on actually monitoring the vmware view environment/and what permissions that account would need in vmware. Can anyone point me i...

Sec101 by L4 Transporter
  • 9312 Views
  • 4 replies
  • 0 Likes

Resolved! Log Collector question

Please explain: Panorama must be running the same (or later) software release as Log Collectors but must have the same or an earlier content release version:Software release version—If your Panorama management server is not already running the same or a later software release than the release to which you intend to update Log Collectors, then yo...

Resolved! Encyrption domains / proxy ID

Hi, I am new to setting up VPN tunnels from Palo Alto to a 3rd party firewall and I'm unsure how to setup the proxy IDs for the tunnel config. On the local side I have 9 x /32 addresses and on the remote side there are 7 x /25 subnet addresses. Do I need to setup a proxy ID for each individual transaction between local and remote subnets? That w...

NTP sync to server 0.pool.ntp.org failed

Hello all, we run an upgrade on our Panorama to 9.0.7.Since a few days, I'm receiving this warning: NTP sync to server SERVER failed, authentication type none Same message for primary and secondary NTP server.I switched from internal to external NTP server. Same error. I already checked: CLI NTP status command user@PAN> show ntp NTP state: ...

  • 24380 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks