General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Inter Vsys Routing Recommendations from Palo Alto Networks

Hi Team, I hope ye are well. Can we get a KB article on Palo Alto Networks recommendation regarding inter-vsys routing ? Given that inter-vsys routed sessions never get off loaded and can have a cost against the dp, is using basic cabling best option between interfaces or letting up/downstream switch handle the routing between vsys ? There has b...

Issue upgrading 8.1.x VW interfaces

Hi, I wanted to comment an upgrade issue that its making me crazy. We have a cluster A/P in 8.0.8, these devices are in diferents datacenter. We have tried to upgrade this cluster 2 times with no success. We upgrade the passive unit to 8.1.10 and everything is ok, but when we do the failover in order to put the upgrade node as active, all the Vi...

BigPalo by L4 Transporter
  • 2262 Views
  • 1 replies
  • 0 Likes

Can't install GlobalProtect on Win 10 Pro

Hi All,I am trying to install GlobalProtect on my Win 10 Pro but failed and got the message about no mfc120u,dll. Then I googled it and saw people suggest to install Microsoft Visual C++ 2013 Service Pack 1 Redistributable Package to solve this problem. But after I downloaded this Microsoft Visual, my computer indicated this app can't run on my ...

Bbisland by L0 Member
  • 3753 Views
  • 1 replies
  • 0 Likes

DHCP Relay with Source Nat blocked

Hi, a customer has two PA VMs in the Azure cloud with internal loadbalancers configured. Unfortunately the DHCP server is also running there. In order to perform symmetric return a source nat is needed on the firewall. However this breaks the DHCP flow between DHCP relay and windows DHCP server. The DHCP server always replies to the relay agent ...

DLP and PA-820

howdy all,Is the PA-820 firewall capable of DLP? We have migrated from the 500 to the 800 to the 820.Thank you

PA200-1 by L1 Bithead
  • 2558 Views
  • 1 replies
  • 0 Likes

Error: 'cannot start tunnel'

Hi allmy Name is Mario from Germany, i new here, sorry for my english, i hope you can understand me.i have a Problem with globalprotect . Version: 5.1.0-37Download / Installation / Setup: ok Connection error: 'cannot start tunnel' i use win10 64bitNorton IS is running - Firewall GpVpnApp= accept I have already uninstalled and reinstalled and F...

MBOTHGE by L1 Bithead
  • 6576 Views
  • 6 replies
  • 0 Likes

I am trying to find out information about user data use while they are on the VPN.

We had a user that had a mifi data usage bill that was very high. They claim that all they used it for was to VPN into the PA, and then RDP to a local pc. The PA said their internal data usage was low. The user said once they had VPN'ed into the network, they would leave the VPN open for hours. So would the data usage of this user's VPN connecti...

User-ID Verification Page for End Users

I'm wondering if anyone knows of a way, other than triggering a default URL block page, to display a User-ID association to an end user via a web page. For example, have the user go to useridcheck.domain.local, and see a simple page that like this:User ID CheckYour User ID: domain\jdoe

Resolved! URL Filter doesn't work in Deny rule

I have 2 rules for IT group: IT_Deny and IT_Allow as in the picture below. I'm using a same profile group for both rules, in profile group I have a URL_filter that block some websites like bbc.com, cnn.comBut when I access bbc/cnn, I get blocked by URL filter in profile group in IT_Allow rule. I don't understand why I don't get blocked by IT_Den...

Capture.PNG
SeanBui by L1 Bithead
  • 10539 Views
  • 10 replies
  • 0 Likes

GlobalProtect 5 for IOS blocking network stack access

Just recently had a couple of instances where the GlobalProtect client was not allowing network access. ios 13.2.3 and GP 5.0.9-11An established login to a mixed WPA home network would not connect, even though showing authenticated, no wifi bars. Same with cell service - bars, but no throughput. After reboot, router reset, ios network reset etc,...

NeilR by L2 Linker
  • 5203 Views
  • 3 replies
  • 0 Likes

Need help with scripting to palo alto using ssh

Hi all!I'm trying to creating a script for a customer i Windows Batch (*.bat) that needs to login to a Palo Alto Firewall, run a few commands and then login to another firewall and so on. This is a strict environment so no internet connection is available. The goal is to login to upload the anti-virus and content offline-packs (Dynamic Updates ...

Resolved! FAQ for the test URLs (grayware or cryptocurrency) - Blog Not Found

I receved notices message about new URLs that are categorized specifically as grayware or cryptocurrency.But FAQ for the test URLs and for more information about this change is not avaiable:Blog Not FoundThe blog you are trying to access is not available.Return to my original page (https://live.paloaltonetworks.com/t5/Blogs/New-URL-Filtering-Ca...

aaobuhov by L2 Linker
  • 4481 Views
  • 2 replies
  • 1 Likes

Curious about new URL filtering categories: Grayware and Cryptocurrency?

If anyone has been curious about the 2 new URL Categories that have been recently introduced in the #8206 Dynamic Updates, the LIVEcommunity has just published the following blog: New URL Filtering Categories: Grayware And Cryptocurrency I recommend that you head on over there to read the blog and then please feel free to discuss either here ...

jdelio by L7 Applicator
  • 8665 Views
  • 4 replies
  • 4 Likes

t.120 and Twitter-base

Hello all, Looking for more information on these two applications if anyone can assist. We're deploying firewalls as an MSSP and some of the traffic we're seeing hit application-based policies doesn't seem to make sense. Some of the examples we've seen are; t.120 hitting 21/22yelp-base hitting 80/443twitter-base hitting 21/22, 80, 443 We aren't ...

MathewRD by L0 Member
  • 3932 Views
  • 2 replies
  • 0 Likes
  • 24397 Posts
  • 123 Subscriptions
Top Solution Authors
Labels