General Topics

Discussions

Sorted by:

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

VPN and NAT query

Hi All,

Can someone help me with a NAT over VPN. What I thought was correct isn't working and I have tried a number of combinations that all fail.

The encryption domains are (based on Palo) Remote 85.90.253.239, local 192.168.90.228, to reach a serve

...

Firewall bidirectional nat

I configured the bidirectional nat. After the configuration is complete, it can be accessed from the outside, but it cannot be accessed from the internal network. The link I visited is https://anyshare.positecgroup.com/#/
The public address is 218.4.7

...

Does Dynamic Group Tagged address through API survive reboot?

It appears that these are synchronized through HA, but do IP address objects registered/populated to a Tag through the API survive a reboot?

Native Duo 2FA for GlobalProtect can't select Auth Profile or Auth Policy Zone

I'm moving to LDAP auth with Duo 2FA. We need a better answer than RADIUS as we've found Duo's Authentication Proxy functionally limited and crash-prone. Using Mitch Densley's video guide for PAN-OS 8.x as a starting point, I've gotten my Duo applica

...

Resolved! HIP Profiles in Global Protect

Hello,

we tried to figure out if it´s possible to use HIP Profiles on Global Protect Client Configuration. We want to ristrict the User who is not matching the HIP Profile to connect to the Gateway. Normally, you can configure the HIP Objects on Poli

...

Production issues with 9.0.4?

Hello Community!

Has anyone made the jump to 9.0.4 on their production firewalls? I have read the release notes and installed it onto my lab unit. Just checking to see if anyone has had any issues outside of what is in the release notes. Currently we

...

Resolved! PAN Device (in front of Alarm LED)

When We are used to run PAN Device

Unfortunately PAN Device Occur Fault

After that,,

Alarm LED turn it on Red color

I checked CLI Command to see deep information

I got it cause,,

Temperature

I solved a problem

anyway,,

in end of line What does means?,,

10G p

...

Reboot / Shutdown options not displayed in Web UI if Role-Based Admin is used

Hi,

I have created a role-based admin account with all rights enabled for the Web UI and superuser rights enabled for the CLI.

After login to the Web UI using this account, under Device -> Setup -> Operations, the reboot/shutdown operations are not dis

...

Query about admin credentials

Hello Team,

We need your support to provide specific access to system admin user. We need to provide access one of system admin only for configuring VPN user & create system admin user. Kindly confirm can we create a custom admin profile for above ta

...

Resolved! Vwire connection between edge and distribution switch

We have stack of 2 edge switch and stack of 2 distribution switches.

We have linkagg containing 2 ports running between them.

IT is layer 2 connection only between edge and distro.

Also we have MAnagement vlan on switch so that users can access it remo

...

Not able to normalize UPN name retrieved from SAML assertion

Hi Team,

We have configured SAML SSO authentication for Global protect. Microsoft Azure has the active directory we have configured it as identity provider and service provider as Palo alto global protect. Trust established between Idp and SP and we

...

Restrict GlobalProtect connection from a single Linux computer

Hi everyone,

I must to implement some VPN access control based on computers. By this way, a user will only be able to connect to VPN if agent is executed from a specific computer.

I have read the documentation but I don't find if I can restrict the c

...

Resolved! "Wrong" IP netmask object definition

Hi,

I am a new bee in PA. Can any answer very basic question.

I have seen IP Netmask object defined with non-zero host portion and mask smaller then /32 in some firewall configurations..

Like this: 192.168.1.1/24 .

How does this work. Is that host obje

...

Https traffic to http

Hi Guys,

I have a webserver hosted for public access using http. Now I want to know is it possible to NAT traffic entering to palo alto as https from outside to http as inside.

So user will try to connect server using public IP on port 443 their port

...

User-ID in multiple vsys failing for vsys2

Both vsys1 and vsys2 are using same agentless settings and are accessing same DC servers. While vsys1 shows as connected vsys2 shows nothing under status and system logs show 'connect-server-monitor-failure'. I have rechecked password in both vsys bu

...