This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4124 Views
  • 0 replies
  • 0 Likes

Resolved! GlobalProtect HIP check issue

HIP object is correctly setup. We are testing the missing patches HIP check object and noticed that an VPN endpoint is showing 3 missing patches (on the HIP report).However the machine is showing it's installed these patches already.How does Palo detect the missing patches as Windows is showing them as installed? Using ver: 8.1.10

Resolved! DNS Security - High Risk Sites

thumbnails.trvl-media.com used by www.hotels.com to host its images is classified as a high risk siteIf this is a false positive, how do I get Palo Alto DNS Service to take a second look or find out why it's classified as high risk? How are other people using the high risk category? Are they using url blocking, sink-holing, or custom file block...

DMZ, inside, outside - is it simple thing?

Hi there. I have a PA-200.Internal net is 192.168.0.0/24 eth1/2 , inside L3 interface (default gw) - 192.168.0.254One external ip address is using for outside inteface, eth1/1.For connection to Internet I typically use pair inside-outside with:1. NAT : dynamic-ip-and-port to outside interface address nat-rule2. Security policy "allow from ins...

mxe2fmk by L1 Bithead
  • 9488 Views
  • 6 replies
  • 0 Likes

Unable to reach GP Portal while on internal network

Hi All, I was working with a site that has a PA firewall with a GP Portal and Gateway. Some time ago, I had an issue where my users couldn't upgrade their globalprotect version while in the office. I was able to resolve this issue by creating a No NAT rule where if the source was internal and the destination was the IP of the portal. That work...

ce1028 by L4 Transporter
  • 6741 Views
  • 4 replies
  • 0 Likes

Inability to Download GlobalProtect Client from Firewall

We are currently attempting to update our globalprotect client on our Palo Alto firewall, a PA-500. The version we are attempting to download is 5.0.8. Currently when attempting to download we get the following error Which hasn't given us much indication of what the issue is, and how to rectify it.We have checked the logs in an attempt to find...

0 (2).png

Dual Isp - Two webserver

Hi all, i have a problem, maybe stupid for all of you, but i can't understand how to configure my pan-220.I had only one isp and all it's ok (internet, webserver, 2 vlans, etc).Now i have another ISP and, if is possibile, i need to publish a web server with this connection (without failover. only publish a webserver with another ip)Anybody can h...

Resolved! aggregated-ethernet - combine SFP+ and Cu port possible

Hello We increased our Internet speed beyond 1Gbs. The connection between the firewall node and the Internet switch is facilitated using one SFP-Port (1Gbps). Is it possible (and supported) to combine Cu-Ports and SFP-Ports (both with the same speed and duplex) into one aggregated-ethernet? All interfaces on the Internet switch are 1G Cu ports.

SSL Decryption severe throughput impact

Hi EDIT2: Please see follow up post belowEDIT: One open ticket is being investigated by TAC escalation as a possible known issue. I will update again as I know more. In the last month 3 different customers came to me with the same issue - when SSL Decryption is enabled their HTTPS throughput/bandwidth decreases noticeably, one customer said it d...

ShaiW by L4 Transporter
  • 6750 Views
  • 2 replies
  • 0 Likes

GLobalProtect Portal not found

I can get to the GlobalProtect portal on the PA firewall from outside and login and download GlobalProtect client. However, after installing the client and try to connect, it says "Portal not found" Any ideas? Client is joined to domain, it did not ask for credential when trying to connectSSL CA and Gateway is self signed on PA and Root CA and ...

Resolved! Policy-Based Forwarding with dual ISP's

Hi ALL, We are planning to build active passive PA with 2 ISP's and want to send S2S VPN traffic through ISP1 and Internet traffic through ISP 2. We are running static routing for both the ISP.Can someone suggest how to configure PBR in PA.

PALO_ALTO.JPG
Yusuf_PA by L1 Bithead
  • 9023 Views
  • 6 replies
  • 0 Likes

downtime for migration from MPLS to VPN with BGP with bgp routing

Hello community! I have currently two sites connected through MPLS and I plan to configure a VPN with bgp routing to migrate traffic. I am calculating the downtime that may require the migration from MPLS with static routing to the VPN with bgp routing. I´m considering the following:- Routes learned from IBGP has default AD = 200 and static rout...

Carracido by L4 Transporter
  • 2648 Views
  • 1 replies
  • 0 Likes

Resolved! Minemeld. Add a single IP via Api

Hello. I am absolutiely locked trying to send a single IP to minemeld (as an indicator) from a script. Some help or tips will be very appreciated: I want to add a single IP via API to Minemeld I figure out (I haven't found documentation) I need a miner to receive it. So I have created a Miner: - Miner Name: LISTENER_IPV4 - Class: minemeld.f...

Email Notification Alerts for VPN connections.

Team, We have started WFH facility for all of our users.We have deployed GP portal and client to connect corporate network.As per security requirements,We would like to receive the email notifications when the user connected to vpn client. Can any one help if you have the same setup and share the details of how to implement this on PA 3260's. Th...

Can't find the correct XML API path for excluding network ranges from GlobalProtect gateways

I'm having some troubles locating the correct XML API path in order to add/remove network ranges in a Global Protect gateway through a Panorama template. Any advice on what is the best way to locate tricky paths like this one? So far no issues with all other API operations, but this one I can't find it by using the https://panorama/api navigatio...

PANGW.png
MarcelST by L3 Networker
  • 4757 Views
  • 3 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks