General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Loosing USER-ID

Our AD based USER-ID seems to keep loosing the IP/USER association. We only have a few rules which work some of the time and then fail with a blank user. What's the best solution to get it 100%??? Rob

Resolved! No way to reach the linux GlobalProtect client download

I try to install GlobalProtect on my ubuntu linux, according to my workplace request.I went here. The instructions there say I need to go to the support site here, select "updates" and "Software Updates".However, there is no "Updates" section in the support site.I found an old version of the .deb package in some site, but it was CLI only.Where i...

YotamB by L0 Member
  • 5253 Views
  • 4 replies
  • 0 Likes

unknown port 137 from GP users to Public IPs

I have GP users whose logs show multiple attempts to public IPs on port 137. I have checked this KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClLfCAK and made sure user-id is not enabled on Internet interface but I have it enabled on GP interface.Image above shows the NBNS pcap captured on firewall.Anyone experien...

Capture.PNG

SSL Decrypt on Virtual Wire deployment Certificate Issue (Chrome)

I have my PA-200 on virtual wire mode with Captive Portal using SSL Decrypt for all users with Self Signed Certificate.When the users try to navigate on crhrome browser to internet they receive NET::ERR_CERT_COMMON_NAME_INVALID that doesn't permit to bypass for go to untrust site. When i manually enter a site that support http or another certifi...

WhatsApp Image 2020-03-25 at 19.20.07.jpeg
WhatsApp Image 2020-03-25 at 19.43.51.jpeg
RPerez11 by L0 Member
  • 3899 Views
  • 1 replies
  • 0 Likes

MacOS connection errors while using GlobalProtect VPN client 5.0.8-4

Hi folks, So i'm having pretty bad vpn problems while working from home. It's been happening for a while, but now that I'm working remotely every day, it's become unbearable. I hope someone can assist. This is how it goes: I connect to my work vpn and after some time (maybe 10-15min, sometimes longer and sometimes shorter), requests to remote sy...

ClintP by L1 Bithead
  • 6853 Views
  • 4 replies
  • 0 Likes

Login with globalprotect before windows login

Is it not possible in some way to launch the client from the Windows login screen, create a tunnel with the users credentials, and THEN log in to Windows? Or is the only way going the machine certificate route?

gyrodude by L0 Member
  • 5012 Views
  • 3 replies
  • 0 Likes

Certificate Renewal issue

When i renew the self signed certificate i got the error. i have restart the management plane but issue still same.I have all renew from CLI but issue still same. Please suggest me

Joshan_Lakhani_1-1585827448143.png
Joshan_Lakhani_0-1585827329675.png

Resolved! Traffic logs filter on syslog

Hello team, We are sending all the traffic logs to our inhouse syslog servers. So whatever traffic is matching current security policies, all such traffic logs are forwarded to syslog server. Now in those logs, i am seeing everything like Source, Destination, port everything. Now our requirement, we need to send only specific logs to syslog for ...

johnde by L2 Linker
  • 9028 Views
  • 6 replies
  • 0 Likes

GlobalProtect opening Windows VPN settings

My company recently set up GlobalProtect to have us work from home. It works for everyone but myself. When I installed the app, it installed through the Microsoft App Store. When I try to run GlobalProtect, all it does is open a popup window with a link that opens my windows vpn settings. In other words, GlobalProtect doesn't actually run or do ...

globalprotect1.png
Pbourque by L0 Member
  • 4922 Views
  • 3 replies
  • 0 Likes

app-id question you-tube

Hi can somebody tell me the difference between youtube-baseyoutube-streaming will later only ever be there video stream. Looking to add it to GP thanks

Which logs will capture the new VPN admin creation?

Hi Team, We need to capture new VPN administrator creation at our LogRhythm SIEM end. We wanted to know in which log will we get that information. For Example, for login and logout we get logs in the below ones:GlobalProtect gateway user login succeeded.GlobalProtect gateway user logout succeeded. Please help with the log pattern for "new VPN ad...

Global Protect packages Pre-Eval prior to activation.

Is there a support page somewhere where you can obtain the various global protect packages outside of setting up a gateway? I'm looking to see how we could download specific versions to evaluate them before we activate them on the firewall. When I search Palo documentation there isn't a site where you can download those packages.

Resolved! Global Protect Portal/Gateway Public IP Question

Good Afternoon Everyone, This may be somewhere else so if i'm asking something that has already been asked, please point me to it. I am trying to set up a new vpn tunnel on a public IP from my block assigned by my ISP. I only have one interface going straight to my ISP but extra public IPs. how would i go about using the other Public IP and go t...

Problems with GlobalProtect from China?

Hi, we have a user who spends a lot of time in China, but is having major problems getting GlobalProtect working while there. Does anyone else have any experience running GlobalProtect out of China (to Norway, in our case), either positive or negative? We're seeing tunnels sometimes going down for no apparent reasons, "Failed to connect to re...

hklygre by L1 Bithead
  • 21397 Views
  • 6 replies
  • 0 Likes

Resolved! GP Gateway commit error.

Hi,, Even after i configured to "Retrieve Framed-IP-Address attribute from authentication server" Why am i still getting IP pool range commit failure ?? Please find below screenshots. Commit ErrorConfig Setting

error_.png
config_detail.png
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels