This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4151 Views
  • 0 replies
  • 0 Likes

DHCP Relay with Source Nat blocked

Hi, a customer has two PA VMs in the Azure cloud with internal loadbalancers configured. Unfortunately the DHCP server is also running there. In order to perform symmetric return a source nat is needed on the firewall. However this breaks the DHCP flow between DHCP relay and windows DHCP server. The DHCP server always replies to the relay agent ...

DLP and PA-820

howdy all,Is the PA-820 firewall capable of DLP? We have migrated from the 500 to the 800 to the 820.Thank you

PA200-1 by L1 Bithead
  • 2495 Views
  • 1 replies
  • 0 Likes

Error: 'cannot start tunnel'

Hi allmy Name is Mario from Germany, i new here, sorry for my english, i hope you can understand me.i have a Problem with globalprotect . Version: 5.1.0-37Download / Installation / Setup: ok Connection error: 'cannot start tunnel' i use win10 64bitNorton IS is running - Firewall GpVpnApp= accept I have already uninstalled and reinstalled and F...

MBOTHGE by L1 Bithead
  • 6274 Views
  • 6 replies
  • 0 Likes

I am trying to find out information about user data use while they are on the VPN.

We had a user that had a mifi data usage bill that was very high. They claim that all they used it for was to VPN into the PA, and then RDP to a local pc. The PA said their internal data usage was low. The user said once they had VPN'ed into the network, they would leave the VPN open for hours. So would the data usage of this user's VPN connecti...

User-ID Verification Page for End Users

I'm wondering if anyone knows of a way, other than triggering a default URL block page, to display a User-ID association to an end user via a web page. For example, have the user go to useridcheck.domain.local, and see a simple page that like this:User ID CheckYour User ID: domain\jdoe

Resolved! URL Filter doesn't work in Deny rule

I have 2 rules for IT group: IT_Deny and IT_Allow as in the picture below. I'm using a same profile group for both rules, in profile group I have a URL_filter that block some websites like bbc.com, cnn.comBut when I access bbc/cnn, I get blocked by URL filter in profile group in IT_Allow rule. I don't understand why I don't get blocked by IT_Den...

Capture.PNG
SeanBui by L1 Bithead
  • 10190 Views
  • 10 replies
  • 0 Likes

GlobalProtect 5 for IOS blocking network stack access

Just recently had a couple of instances where the GlobalProtect client was not allowing network access. ios 13.2.3 and GP 5.0.9-11An established login to a mixed WPA home network would not connect, even though showing authenticated, no wifi bars. Same with cell service - bars, but no throughput. After reboot, router reset, ios network reset etc,...

NeilR by L2 Linker
  • 5048 Views
  • 3 replies
  • 0 Likes

Need help with scripting to palo alto using ssh

Hi all!I'm trying to creating a script for a customer i Windows Batch (*.bat) that needs to login to a Palo Alto Firewall, run a few commands and then login to another firewall and so on. This is a strict environment so no internet connection is available. The goal is to login to upload the anti-virus and content offline-packs (Dynamic Updates ...

Resolved! FAQ for the test URLs (grayware or cryptocurrency) - Blog Not Found

I receved notices message about new URLs that are categorized specifically as grayware or cryptocurrency.But FAQ for the test URLs and for more information about this change is not avaiable:Blog Not FoundThe blog you are trying to access is not available.Return to my original page (https://live.paloaltonetworks.com/t5/Blogs/New-URL-Filtering-Ca...

aaobuhov by L2 Linker
  • 4376 Views
  • 2 replies
  • 1 Likes

Curious about new URL filtering categories: Grayware and Cryptocurrency?

If anyone has been curious about the 2 new URL Categories that have been recently introduced in the #8206 Dynamic Updates, the LIVEcommunity has just published the following blog: New URL Filtering Categories: Grayware And Cryptocurrency I recommend that you head on over there to read the blog and then please feel free to discuss either here ...

jdelio by L7 Applicator
  • 8539 Views
  • 4 replies
  • 4 Likes

t.120 and Twitter-base

Hello all, Looking for more information on these two applications if anyone can assist. We're deploying firewalls as an MSSP and some of the traffic we're seeing hit application-based policies doesn't seem to make sense. Some of the examples we've seen are; t.120 hitting 21/22yelp-base hitting 80/443twitter-base hitting 21/22, 80, 443 We aren't ...

MathewRD by L0 Member
  • 3842 Views
  • 2 replies
  • 0 Likes

upgrade of PA-500

when in process of upgrading OS for pa-500 active/passive pair, on the passive devic i upgraded from 7.115 -- 8.0.0(download)-->8.0.20(install) -->8.1.0(download) -->8.1.12(install) now passive device is 2 major os version ahed , looking for ideas how can I perform upgrade on active ideas. now if i enable HA , i think one device being a...

Ritika by L0 Member
  • 2817 Views
  • 2 replies
  • 0 Likes

How to set up two HA (active / passive mode) firewalls to be managed by panorama

Hi All,I already have two firewalls to set HA and use Active / Passive mode.But when I put both devices into the same Device Groups and Templates and push the configuration file to both devices, the HA settings of the second device will be overwritten by the HA settings of the first device.I saw this "Migrate a Firewall HA Pair to Panorama Manag...

Resolved! Connect to Two Palo Alto VPNs

I have an employee who travels often with a need to simultaneously connect to two Global Protect VPNs, neither of which are clientless VPNs.The first connection is to the main office.The second connection is to another company, which has whitelisted our main office external ipaddress and that of our vpn ipaddress.The second connection must be ma...

SSL VPN REDUNDANCY

Hello everyone, I want to make redundancy ssl vpn for two ISP.I have two ISP.I will use DNS failover.And write nat rule for two publıc to loopback interface.(I use loopback interface for globalprotect).I write symmetric return for two external interface to loopback interface.But doesn't work.After that ı try with vlan interface but nothing chang...

  • 24340 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks