This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4257 Views
  • 0 replies
  • 0 Likes

Testing non-http mfa feature with GP

Hi there. Documentation is rather slim here. I've set ut MFA for web site access, and it works. When testing it for non-http, accessing a SSH server, it kills the SSH connects, but no 2FA challenge on my GP. What am I doing wrong? What's needed? I've done this: "Set Enable Inbound Authentication Prompts from MFA Gateways to Yes" https://www.pal...

gtomte by L3 Networker
  • 14055 Views
  • 11 replies
  • 0 Likes

Resolved! HA1 Backup Down - PA220 9.0.4

Hi All,I have followed the PA design for creating an HA Active/Passive pair of PA220s. I see however that HA1 Backup is showing red/down. Attached are the relevant sections and a High Level Topology of the HA setup. Any advice?If I reboot the active PA the Passive one does take over so not sure what issues this HA1 is causing if any.Also, the ma...

HA Screen 2.JPG
HA Screen 1.JPG
HA Screen.JPG
PA Topology.JPG

Resolved! SSL Decryption URL and App Filter

Hello everyone,I have to block some URLs and applications as per our company policies. Since we dont have a general rule from the inside zone to the outside (Internet), we are very restrictive in our access to the internet, and since there are some websites and applications that we need explicitly to block no matter what, what I did was create a...

joseglez by L1 Bithead
  • 4828 Views
  • 2 replies
  • 0 Likes

Firewall is limiting concurrent users for GlobalProtect

We are using PA-VM-300 and it should allow 2000 vpn users concurrently. Our global protect IP pool is configured for /23, so firewall should accommodate 500 users, as it is having enough IP available in the pool. For some reason, when the other firewall failed due to internet outage, the main firewall did not allow more than 260 connections. We ...

Resolved! Outbound RDP access

I just heard one of my coworkers saying we need to block outbound access to RDP, I didn't have chance to follow up with him what him because of COVID-19. I am trying to to understand what would be the reason, is that a best practice possibly?

Amin2 by L2 Linker
  • 7580 Views
  • 4 replies
  • 0 Likes

FIPS 140 and CC enabling?

Couple of questions on FIPS. When you enable FIPS140 on a Palo it wipes the device. Can you just reload your last saved?Can a FIPS140 enabled device talk to a non-FIPS device over an ipsec tunnel provided the cyphers are compatible?FIPS disables PAP. System wide? or Just for authentication to the FW? Our Radius doesn't support CHAP.Anything else...

Rdp windows

Hi,is it a good idea giving access to public windowd rdp ?.Folks says do not publish outside Any good reason for this ?Thanks

simsim by L4 Transporter
  • 8784 Views
  • 11 replies
  • 0 Likes

how to create a log forwarding profile using gmail or office 365

Hi I am trying to create a log forwarding profile in the firewall and parallel we created the server profile for the Gmail and office 365 while scheduling the report and used the Gmail or office 365 email id and we try to test the email we are getting the below error we have added the mail server profile. we schedule the reports and getting er...

HemanthV by L2 Linker
  • 5143 Views
  • 3 replies
  • 0 Likes

Resolved! Cleanup Rule

Do you recommend creating a cleanup rule (last rule to deny any any) in PA? As far as I know, PA firewalls only allow traffic explicitly defined, and the last DENY is a built in "known rule"…correct? or will the interzone policy take care of this?

Resolved! Virus/win32.wgeneric.ajgdai id 341892366

Hi Team, I have issue. One user connect to SSL VPN, and cannot ping one IP 192.168.1.11. Only one IP. after i checking at firewall, I found this users got blocking activity Threat Name virus/win32.wgeneric.ajgdai id 341892366. But when this users using mobile hotspot. him can ping this IP address 192.168.1.11. Palo Alto PA-220 Thanks

Resolved! VmFirewall on Xen?

Hello, good morning. I have purchased the vm300 virtual firewall.I have seen that no downloads are available for the XEN hypervisor at this time.There are for vmware, kvm, citrix netscaler, etc.I finally got the vmware virtual machine running on Xenserver after adding some xen libraries so that the parts could communicate correctly.But I wonder ...

Resolved! Certification profile in global protect

Hello All, I have configured the GP with authentication of credentials(Username and password) as well as the certificate profile.When I connect the GP agent it is connected successfully.My question is how we make sure GP is using a certificate profile for authentication. because when I see the authd.logI am not able to see any specific authentic...

Resolved! DNS Proxy feature

Hey guys, I've read about DNS proxy and how it works. My question is, what are the benefits of using DNS proxy on the firewall? This obviously gives the Palo insight into the DNS responses, but if the DNS traffic traverses the firewall it can snoop in on the DNS anyway. I don't see anything specific to DNS under logs to even show the DNS interac...

Global Protect // Multible post-vpn-connect scripts

After connecting with Global Protect I execute an post-vpn-connect script to mount the users network shares. I execute them in the context of the user.Unfortunately, I need to execute another post-vpn-connect script in the context of an admin. Does anybody know how to execute two different post-vpn-connect scripts with differet user contexts? R...

BHaaf by L0 Member
  • 4525 Views
  • 2 replies
  • 0 Likes
  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks