This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Missing Zone Assignment

I have an issue where traffic coming in one zone is not being forwarded to the right zone. It seems the destination zone is not being assigned right when the session is setup. It seems to be matching the predefined intrazone policy trust-trust. Has anyone seen this before? 10.46.36.11 should be part of a zone called KNAPP, but it is not assi...

eridavis by L1 Bithead
  • 2796 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect Connect to one of two data centers

My customer has two data centers with GP access.What is the best way to make this a redundant setup and have the GP client prefer to access the closed DC and fail-over to the other DC, in case the preferred DC becomes unavailable? Thank you for your time.

CHKlomp by L2 Linker
  • 3678 Views
  • 1 replies
  • 0 Likes

Experience with GlobalProtect during Corona pandemic time

I would like to share issues with GlobalProtect, and what was done to fix it. QoS with loopback interfaceDue to high network load on the Internet line, we wanted to priorize (or limit) some traffic. It took several hours (testing, reading documents, having a PA supporter analyzing the issue, ...) until the root cause was identified. Applying QoS...

Designing Networks - Access Denied

Hi community, I'm wondering if it is possible to gain access to the below live community link or is this just for Palo Alto Networks employees? https://live.paloaltonetworks.com/t5/Internal-Knowledge-Base/Designing-Networks-with-Palo-Alto-Networks-Firewalls/ta-p/60868

Rasmgr GlobalProtect

Hi, We are SNMP monitoring the number of users connected by GlobalProtect Gateway. Sometimes we see how the graph goes to 0 and recover the value some minutes later. No issues were reported by users connected by SSL-VPN. So we are investigating if this is a issue about SNMP, GP service, etc...Going to snmp.log we dont see anything about problems...

Captura1snmp.JPG
Captura2snmp.JPG
BigPalo by L4 Transporter
  • 3814 Views
  • 1 replies
  • 0 Likes

App-ID Policy to Explicitly Block - Allow WiFi Calling

Hello,I tried searching but was surprised to find no ready answers for this.. I'm trying to determine the App-ID policy to explicitly block or allow voice calling over wifi (or wifi calling) on Verizon, AT&T, etc. I can't seem to find this in App-ID's database. Any advice?Thanks!

REganEVO by L1 Bithead
  • 6554 Views
  • 2 replies
  • 0 Likes

Global Protect will connect then immediately disconnect

A GP issue I am dealing with at the moment is where the client will successfully connect but I cannot ping anything on my network. It appears to immediately disconnect. I have attached the log files if anyone may know how to help determine the cause. I have gone through them but I am not having any luck just yet. The user is running the late...

nthen by L3 Networker
  • 11159 Views
  • 8 replies
  • 0 Likes

Enabling Jumbo Frames on HA Pair

I have an active passive PA850 pair, and want to turn on jumbo frames. I wondering about the best order-Can I:do the passive unit first, and rebootfail over and do the primary then fail back. Any issues with the HA function while one unit has jumbo enabled and the other does not?Was thinking I'd manually set all interfaces to 1500 firstAny other...

NeilR by L2 Linker
  • 4180 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect HIP check issue

HIP object is correctly setup. We are testing the missing patches HIP check object and noticed that an VPN endpoint is showing 3 missing patches (on the HIP report).However the machine is showing it's installed these patches already.How does Palo detect the missing patches as Windows is showing them as installed? Using ver: 8.1.10

Resolved! DNS Security - High Risk Sites

thumbnails.trvl-media.com used by www.hotels.com to host its images is classified as a high risk siteIf this is a false positive, how do I get Palo Alto DNS Service to take a second look or find out why it's classified as high risk? How are other people using the high risk category? Are they using url blocking, sink-holing, or custom file block...

DMZ, inside, outside - is it simple thing?

Hi there. I have a PA-200.Internal net is 192.168.0.0/24 eth1/2 , inside L3 interface (default gw) - 192.168.0.254One external ip address is using for outside inteface, eth1/1.For connection to Internet I typically use pair inside-outside with:1. NAT : dynamic-ip-and-port to outside interface address nat-rule2. Security policy "allow from ins...

mxe2fmk by L1 Bithead
  • 9471 Views
  • 6 replies
  • 0 Likes

Unable to reach GP Portal while on internal network

Hi All, I was working with a site that has a PA firewall with a GP Portal and Gateway. Some time ago, I had an issue where my users couldn't upgrade their globalprotect version while in the office. I was able to resolve this issue by creating a No NAT rule where if the source was internal and the destination was the IP of the portal. That work...

ce1028 by L4 Transporter
  • 6725 Views
  • 4 replies
  • 0 Likes
  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks