This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4108 Views
  • 0 replies
  • 0 Likes

Different log retention periods

Hi, for privacy reasons our customer has different log retention periods. He want's to delete all personally identifiable traffic log for traffic from internal to external to delete after 7 days. Also traffic logs for blocked traffic from externel to internal should be deleted after 7 days. Traffic logs for allowed traffic from externel should n...

Resolved! No Objects after successful Fortinet import in Palo Alto Expedition

After 'successfully' importing a FortiGate configuration file into Palo Alto Expedition, I do not see any Address Objects or Security Rules. I do see the Interfaces and Security Zones. The FortiGate configuration file was exported using FortiiManager v6.0.7. The FortiGate is running firmware 6.0.6 in HA Mode Active-Passive. My Expedition version...

Resolved! Global Protect 8.1 - HIP Profile doesn't work - No logs, No HIP profile found from CLI, No Matches

I have Global Protect VPN configured and everything is working, but the moment I apply a HIP-Profile to my security rule (for my VPN Users), they immediately do not match my VPN security rule. I get no HIP logs, I cannot find any hip profiles. I configured a HIP Profile, to match any Windows operating system, so I kept it simple. I can remove th...

MS Outlook 2010 not conecting to the server, when connected via GlobalProtect Always-On VPN

Hi, I have GP Always-On VPN configured and my test Windows 10 machine connects to the gateway and accesses internal LAN resources fine. MS Outlook 2010 doesn't seem to connect when I am connected via the GP client. Outlook just keeps saying 'Trying to connect to server'. On one occasion, the MS Outlook prompt did appear for me to enter my passwo...

rchung54 by L2 Linker
  • 12206 Views
  • 11 replies
  • 1 Likes

Resolved! Panorama Floating IP?

Does anyone happen to know if it is possible to create a floating IP that will direct you to the active Panorama in an HA pair? So the floating IP would be 10.10.10.1 while the actual device IPs would be 10.10.10.2 and 10.10.10.3. This way the administrator will always go to 10.10.10.1, but they will always end up on the Active firewall in an Ac...

VPN goes down each 8 hours

HI, We have a VPN from PA to Oracle cloud. We realised that this VPN goes down each 8 hours and it takes so long to renegotiate. From Oracle side tells this: " early November, OCI implemented enhancements to IKE, including support for additional DH groups and support for IKEv2. Consequently, the IKE proposal payload from OCI can exceed 1500 byte...

BigPalo by L4 Transporter
  • 6459 Views
  • 3 replies
  • 0 Likes

Resolved! security policy between layer 2 zones

Hi, I am new to Palo Alto, so this might be a dumb question, below is the setup I have been trying to get it to work -two layer2 zones; Zone1 and Zone2three PCs, PC1; PC2 and PC3PC1 in Zone1PC2 and PC3 are in Zone2all three PCs are on the same subnetquestion: I am trying to create a security policy to only allow PC1 to talk to PC2, and deny ever...

VPN and NAT query

Hi All, Can someone help me with a NAT over VPN. What I thought was correct isn't working and I have tried a number of combinations that all fail. The encryption domains are (based on Palo) Remote 85.90.253.239, local 192.168.90.228, to reach a server on IP 10.0.8.82. What would the NAT look like? Every combination that I think is correct doesn’...

a.jones by L3 Networker
  • 4474 Views
  • 3 replies
  • 0 Likes

Firewall bidirectional nat

I configured the bidirectional nat. After the configuration is complete, it can be accessed from the outside, but it cannot be accessed from the internal network. The link I visited is https://anyshare.positecgroup.com/#/The public address is 218.4.72.251.I put my configuration in the attachment, can you help me see where there is a problem?

image001(12-11-16-50-48).png
image002(12-11-16-50-48).png

Native Duo 2FA for GlobalProtect can't select Auth Profile or Auth Policy Zone

I'm moving to LDAP auth with Duo 2FA. We need a better answer than RADIUS as we've found Duo's Authentication Proxy functionally limited and crash-prone. Using Mitch Densley's video guide for PAN-OS 8.x as a starting point, I've gotten my Duo application set up, along with an authentication profile. However, when I try to create an Authenticatio...

Resolved! HIP Profiles in Global Protect

Hello, we tried to figure out if it´s possible to use HIP Profiles on Global Protect Client Configuration. We want to ristrict the User who is not matching the HIP Profile to connect to the Gateway. Normally, you can configure the HIP Objects on Policys, but we don´t want the user even connect to the VPN. Is there any Way we can do this ? Kind r...

Production issues with 9.0.4?

Hello Community!Has anyone made the jump to 9.0.4 on their production firewalls? I have read the release notes and installed it onto my lab unit. Just checking to see if anyone has had any issues outside of what is in the release notes. Currently we are running the 8.1 train. Cheers!

Resolved! PAN Device (in front of Alarm LED)

HiWhen We are used to run PAN DeviceUnfortunately PAN Device Occur FaultAfter that,,Alarm LED turn it on Red colorI checked CLI Command to see deep informationI got it cause,,TemperatureI solved a problemanyway,,in end of line What does means?,,10G physJaguarTigerDuneThat mean are aninmal something like thatgood bye~

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks