This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Resolved! PPTP/L2TP Tunnel on PA

Please let me know if its possible to configure either PPTP or L2TP tunnel on Palo Alto. Please also share the steps to do so.

Indentify internal users using thinclient machines.

Hello , Can anyone help to identify users on thinclinet machines(linux). These machines have same ip and mac-address and are recieved by a server. We use machines from n-computing. I was thinking to use captive portal but i suppose that it wont work in our case. Please let me know a way out on how this can be achieved.

GlobalProtect usage PDF Report

Hi, is it possible to get a daily/weekly PDF Report over succeeded and failed GlobalProtect authentifications? I only found the CSV Export inside the system log with an active filter (like (eventid eq globalprotectportal-auth-succ)). I'm looking for an automatic approach, with optionally a better layout. System Log Forwarding only works for ever...

mrkskhn by L1 Bithead
  • 6102 Views
  • 4 replies
  • 0 Likes

Inter Vsys Routing Recommendations from Palo Alto Networks

Hi Team, I hope ye are well. Can we get a KB article on Palo Alto Networks recommendation regarding inter-vsys routing ? Given that inter-vsys routed sessions never get off loaded and can have a cost against the dp, is using basic cabling best option between interfaces or letting up/downstream switch handle the routing between vsys ? There has b...

Issue upgrading 8.1.x VW interfaces

Hi, I wanted to comment an upgrade issue that its making me crazy. We have a cluster A/P in 8.0.8, these devices are in diferents datacenter. We have tried to upgrade this cluster 2 times with no success. We upgrade the passive unit to 8.1.10 and everything is ok, but when we do the failover in order to put the upgrade node as active, all the Vi...

BigPalo by L4 Transporter
  • 2179 Views
  • 1 replies
  • 0 Likes

Can't install GlobalProtect on Win 10 Pro

Hi All,I am trying to install GlobalProtect on my Win 10 Pro but failed and got the message about no mfc120u,dll. Then I googled it and saw people suggest to install Microsoft Visual C++ 2013 Service Pack 1 Redistributable Package to solve this problem. But after I downloaded this Microsoft Visual, my computer indicated this app can't run on my ...

Bbisland by L0 Member
  • 3665 Views
  • 1 replies
  • 0 Likes

DHCP Relay with Source Nat blocked

Hi, a customer has two PA VMs in the Azure cloud with internal loadbalancers configured. Unfortunately the DHCP server is also running there. In order to perform symmetric return a source nat is needed on the firewall. However this breaks the DHCP flow between DHCP relay and windows DHCP server. The DHCP server always replies to the relay agent ...

DLP and PA-820

howdy all,Is the PA-820 firewall capable of DLP? We have migrated from the 500 to the 800 to the 820.Thank you

PA200-1 by L1 Bithead
  • 2479 Views
  • 1 replies
  • 0 Likes

Error: 'cannot start tunnel'

Hi allmy Name is Mario from Germany, i new here, sorry for my english, i hope you can understand me.i have a Problem with globalprotect . Version: 5.1.0-37Download / Installation / Setup: ok Connection error: 'cannot start tunnel' i use win10 64bitNorton IS is running - Firewall GpVpnApp= accept I have already uninstalled and reinstalled and F...

MBOTHGE by L1 Bithead
  • 6233 Views
  • 6 replies
  • 0 Likes

I am trying to find out information about user data use while they are on the VPN.

We had a user that had a mifi data usage bill that was very high. They claim that all they used it for was to VPN into the PA, and then RDP to a local pc. The PA said their internal data usage was low. The user said once they had VPN'ed into the network, they would leave the VPN open for hours. So would the data usage of this user's VPN connecti...

User-ID Verification Page for End Users

I'm wondering if anyone knows of a way, other than triggering a default URL block page, to display a User-ID association to an end user via a web page. For example, have the user go to useridcheck.domain.local, and see a simple page that like this:User ID CheckYour User ID: domain\jdoe

Resolved! URL Filter doesn't work in Deny rule

I have 2 rules for IT group: IT_Deny and IT_Allow as in the picture below. I'm using a same profile group for both rules, in profile group I have a URL_filter that block some websites like bbc.com, cnn.comBut when I access bbc/cnn, I get blocked by URL filter in profile group in IT_Allow rule. I don't understand why I don't get blocked by IT_Den...

Capture.PNG
SeanBui by L1 Bithead
  • 10158 Views
  • 10 replies
  • 0 Likes

GlobalProtect 5 for IOS blocking network stack access

Just recently had a couple of instances where the GlobalProtect client was not allowing network access. ios 13.2.3 and GP 5.0.9-11An established login to a mixed WPA home network would not connect, even though showing authenticated, no wifi bars. Same with cell service - bars, but no throughput. After reboot, router reset, ios network reset etc,...

NeilR by L2 Linker
  • 5031 Views
  • 3 replies
  • 0 Likes

Need help with scripting to palo alto using ssh

Hi all!I'm trying to creating a script for a customer i Windows Batch (*.bat) that needs to login to a Palo Alto Firewall, run a few commands and then login to another firewall and so on. This is a strict environment so no internet connection is available. The goal is to login to upload the anti-virus and content offline-packs (Dynamic Updates ...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks