This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! GP on PA-500 how many users?

My customer has a PA-3020 setup for GP. Now they want their branch PA-500 enabled for GP as well, so users can connect direct for access to the branch resources. I cannot find any spec's about the usage limit for GP on a PA-500.Anyone has a ballpark what to expect? 20, 50 or 100 users? Thanks all!

CHKlomp by L2 Linker
  • 3403 Views
  • 1 replies
  • 0 Likes

Resolved! DHCP relay for L2 switches

I am working on a network segmentation project for our organization. We currently run Cisco switches and all devices reside on the default VLAN, VLAN 1. All routing is currently done on our PA-850. On the PA-850, I have configured the new VLAN's as sub-interfaces and all switches for layer 2. If I put a PC on any VLAN and set a static IP address...

Global Protect Pre-login issue with Microsoft Windows PKI generated machine cert

Hi, We are trying to setup always on + Pre-Login with Machine cert which generated by Microsoft PKI and distributed by GPO when user turned on the machine . Then, when user login to the machine, it will use windows logon with SSO. Like this KB. https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-quick-configs/r...

Panorama Managed Devices names missing in HA peer, and show as disconnected when they're not!

Hi, I'm using Panorama 8.1.13 to manage 60 or so firewalls. Mostly PA-220s with a few PA-5220. These firewalls are in a number of templated device groups. Both Panoramas are M100 appliances. The Managed Devices are correct on the primary Pano. The Device Names and Serial Numbers are correct, and they are in the correct device groups.My problem i...

Global Protect Info

Hi, We have two GP gateways configured in our PA. We realised that the passive PA unit, we can see "remote users" connected. Why is this? It shouldnt be asumme all GP user sessions in the active unit? On the another hand, what is the OID (SNMP) to get tha value total users connected per GW? is that possible?

BigPalo by L4 Transporter
  • 2536 Views
  • 2 replies
  • 0 Likes

Resolved! GlobalProtect IP pool exhaustion / overflow to secondary IP pool?

We have 2 IP pools configured for each GlobalProtect gateway to help with IP conflicts. If the first IP pool is exhausted, will the secondary IP pool continue to distribute IP addresses? Due to the recent influx of remote users, I want to make sure we have enough IPs to hand out for the GP clients connecting. If not, I need to increase the prima...

IPsec VPN tunnel cant ping eachother

Hi there, I cant figure it out why tunnel interface cant ping each other even site to site VPN is up and running fine. Is there anything I am missing here?? I have setup multiple site to site VPN with all other vendor and its just works fine. This is to Palo to Palo.i did test vpn ike-sa and ipsec-sa multiple time but still no luck Thanks in adv...

Email server profile with custom port

We have a client who wants to schedule PDF reports to an email server using a custom port. The firewall will let him enter the port in the email server profile, but when trying to send a test email of the report, it fails immediately and tcpdump shows that there are no packets sent. When the custom port is removed, the firewall tries to send a t...

GlobalProtect v5.1.1 remembering wifi network, not allowing new wifi

Have rolled out GlobalProtect v5.1.1 and successfully connected from one remote location on the wifi network at that location.When I move a new remote location with a different wifi, the laptop is connected to wifi I can browse the Internet, but GlobalProtect will not connect and says that it cant find xxxxxxx network. xxxxxx represents the na...

What is the maximum number of Domain controller allowed to bind with PaloAlto Firewall

Hi Folks, I have this customer, who doesnt have centralsed AD and has 40 domain controller sitting across the network. to provide the zscaler solution, customer wants user-based traffic forwarding, but unfortunately he has pretty much close to 40 domain controller he says. which i came to know after adding his two domain controllers from hi...

CVE-2020-8597 is it applicable for Palo alto ?

We have received a Critical Security Advisory related to Buffer Overflow Vulnerability in Point-to-Point Protocol Daemon (pppd). is applicable to our PaloAlto and Panorama Firewall devices.?Risk Advisory No CVE-2020-8597Advisory Name Buffer Overflow Vulnerability in Point-to-Point Protocol Daemon (pppd)Severity CriticalAction Required ImmediateS...

CyberEye by L3 Networker
  • 2893 Views
  • 1 replies
  • 0 Likes

Queries related to SSL VPN

Hello Team, The below things are need to clarify,,, How to know calculate SSL VPN interfaces bandwidthIndividual VPN user bandwidth consumptionWhich VPN interface the highest bandwidth user is connected toAll active connected VPN usersTime duration of the connected VPN userif we enabled Split tunnel, SSL VPN Bandwidth should be increase??Regards...

Compare Palo to Panorama config before revert

I'm showing Panorama says that all of my firewalls are in sync in the Panorama>Managed Devices>Summary screen. However, if I change the Context to a firewall that has been out of sync in the past, I see that there is an Override cog next to the company Network>Virtual Router>CoName. I saved a named configuration snapshot on the local...

GlobalProtect VPN version 5.0.7-2: Error( 53): Driver is not installed, reinstall it now!

On a Windows 10 laptop, we install the GlobalProtect VPN client and everything seems to run to completion. However, when we try to use the VPN client from the tray, it acts like it's greyed out and is non-responsive. Looking at the PanGPS.log, the only interesting looking message is the one in the Subject line above. We've gone through severa...

RandlHam by L0 Member
  • 11784 Views
  • 2 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks