General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 41 replies

Limting Globalprotect client access via IP address

Is there a way to allow specific GlobalProtect users to only connect from specific public IP addresses? For example say I only wanted to allow user1 to connect from IP address, and if user1 connects from any other public IP address, or if use...

Resolved! Newbie question on polices

Hi Got to test pa-3060's got them setup in HA active active mode. I have a LACP trunk setup with 2 vlans of it. vlan 213 - zone trustedvlan 215 - zone devi have ospf and ip addresses assigned and working on the 213 side of things. so I can ping it fr...

Resolved! OSPF LSA Threshold: Security Finding

Wondering if there's a way to configure a threshold for OSPF LSA updates/messages?Or if such a threshold is already in place by default on Palo Alto firewalls. Something that can maybe drop anything more than say 7 LSA messages in 5 minutes.Apparentl...

Resolved! Exposing Videoconference - "Incomplete" traffic allowed

Hi allI have tried to expose Videoconference system behind Palo Alto.Unfortunately using App ID in security policy I have seen Palo Alto allows a lot of "incomplete" traffic.That's really an issue: When enabling h.323 in security Policy App id engine...

BFD Dropping During Firewall Failover

Having an issue with BFD. I have BFD configured between the Palo Alto and a couple of routers (BFD Single Hop). When a firewall failover occurs, this causes the BFD peering to drop and come back. I would not anticipate this to happen. This causes a u...

Palo Alto Participation in Spanning Tree Protocol

Putting it out there for votes:Among other benefits, one of the big items we would like to see in a FR is the ability for PAN to participate in STPFor a layer 2 deployment the only option we have for HA state is "shut-down" on the passive. The issue ...

Resolved! Management Interface traffic logs

Hi guys,Is there a way to see traffic logs of management traffic? I'm trying to troubleshoot user-id redistribution source from the management interface.ThanksNetWorkZeus

Resolved! DNAT issues into servers with teamed nic's ?

DNAT issues into servers with teamed nic's ?Anyone seen issues with this before ? I literally can't DNAT into servers with teamed nic's.. I'm going to run a wireshark capture on the server to see what is going on..

mpgioia by L3 Networker
  • 18 replies

PA upgrade problems

Hi, we have a cluster with PANOS 7.0.6, we want to upgrade to 7.1.8. In a similiar upgrading path we were affected for a bug related to VPN, which was applying when you jump to 7.1.0 an then 7.1.8. So we would need to jump directly to 7.1.8. On the a...

Qos question

Hi,Let's say user wathing youtube , to limit the user's traffic ,do we need to create qos profile for upload and download ?Thanks

simsim by L4 Transporter
  • 10 replies

PA-200 FYI

I haven't seen this mentioned so I thought I would put it out there quick. Palo Alto has identified an issue with PA-200 units with the serial numbers ange 001606044723 to 001606075266 that have SSDs that do not meet their standards. If you have an e...

BPry by Cyber Elite
  • 1 replies
Top Liked Authors