This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4229 Views
  • 0 replies
  • 0 Likes

Designing Networks - Access Denied

Hi community, I'm wondering if it is possible to gain access to the below live community link or is this just for Palo Alto Networks employees? https://live.paloaltonetworks.com/t5/Internal-Knowledge-Base/Designing-Networks-with-Palo-Alto-Networks-Firewalls/ta-p/60868

Rasmgr GlobalProtect

Hi, We are SNMP monitoring the number of users connected by GlobalProtect Gateway. Sometimes we see how the graph goes to 0 and recover the value some minutes later. No issues were reported by users connected by SSL-VPN. So we are investigating if this is a issue about SNMP, GP service, etc...Going to snmp.log we dont see anything about problems...

Captura1snmp.JPG
Captura2snmp.JPG
BigPalo by L4 Transporter
  • 3840 Views
  • 1 replies
  • 0 Likes

App-ID Policy to Explicitly Block - Allow WiFi Calling

Hello,I tried searching but was surprised to find no ready answers for this.. I'm trying to determine the App-ID policy to explicitly block or allow voice calling over wifi (or wifi calling) on Verizon, AT&T, etc. I can't seem to find this in App-ID's database. Any advice?Thanks!

REganEVO by L1 Bithead
  • 6668 Views
  • 2 replies
  • 0 Likes

Global Protect will connect then immediately disconnect

A GP issue I am dealing with at the moment is where the client will successfully connect but I cannot ping anything on my network. It appears to immediately disconnect. I have attached the log files if anyone may know how to help determine the cause. I have gone through them but I am not having any luck just yet. The user is running the late...

nthen by L3 Networker
  • 11408 Views
  • 8 replies
  • 0 Likes

Enabling Jumbo Frames on HA Pair

I have an active passive PA850 pair, and want to turn on jumbo frames. I wondering about the best order-Can I:do the passive unit first, and rebootfail over and do the primary then fail back. Any issues with the HA function while one unit has jumbo enabled and the other does not?Was thinking I'd manually set all interfaces to 1500 firstAny other...

NeilR by L2 Linker
  • 4204 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect HIP check issue

HIP object is correctly setup. We are testing the missing patches HIP check object and noticed that an VPN endpoint is showing 3 missing patches (on the HIP report).However the machine is showing it's installed these patches already.How does Palo detect the missing patches as Windows is showing them as installed? Using ver: 8.1.10

Resolved! DNS Security - High Risk Sites

thumbnails.trvl-media.com used by www.hotels.com to host its images is classified as a high risk siteIf this is a false positive, how do I get Palo Alto DNS Service to take a second look or find out why it's classified as high risk? How are other people using the high risk category? Are they using url blocking, sink-holing, or custom file block...

DMZ, inside, outside - is it simple thing?

Hi there. I have a PA-200.Internal net is 192.168.0.0/24 eth1/2 , inside L3 interface (default gw) - 192.168.0.254One external ip address is using for outside inteface, eth1/1.For connection to Internet I typically use pair inside-outside with:1. NAT : dynamic-ip-and-port to outside interface address nat-rule2. Security policy "allow from ins...

mxe2fmk by L1 Bithead
  • 9597 Views
  • 6 replies
  • 0 Likes

Unable to reach GP Portal while on internal network

Hi All, I was working with a site that has a PA firewall with a GP Portal and Gateway. Some time ago, I had an issue where my users couldn't upgrade their globalprotect version while in the office. I was able to resolve this issue by creating a No NAT rule where if the source was internal and the destination was the IP of the portal. That work...

ce1028 by L4 Transporter
  • 6794 Views
  • 4 replies
  • 0 Likes

Inability to Download GlobalProtect Client from Firewall

We are currently attempting to update our globalprotect client on our Palo Alto firewall, a PA-500. The version we are attempting to download is 5.0.8. Currently when attempting to download we get the following error Which hasn't given us much indication of what the issue is, and how to rectify it.We have checked the logs in an attempt to find...

0 (2).png

Dual Isp - Two webserver

Hi all, i have a problem, maybe stupid for all of you, but i can't understand how to configure my pan-220.I had only one isp and all it's ok (internet, webserver, 2 vlans, etc).Now i have another ISP and, if is possibile, i need to publish a web server with this connection (without failover. only publish a webserver with another ip)Anybody can h...

Resolved! aggregated-ethernet - combine SFP+ and Cu port possible

Hello We increased our Internet speed beyond 1Gbs. The connection between the firewall node and the Internet switch is facilitated using one SFP-Port (1Gbps). Is it possible (and supported) to combine Cu-Ports and SFP-Ports (both with the same speed and duplex) into one aggregated-ethernet? All interfaces on the Internet switch are 1G Cu ports.

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks