This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4229 Views
  • 0 replies
  • 0 Likes

Resolved! Panorama Floating IP?

Does anyone happen to know if it is possible to create a floating IP that will direct you to the active Panorama in an HA pair? So the floating IP would be 10.10.10.1 while the actual device IPs would be 10.10.10.2 and 10.10.10.3. This way the administrator will always go to 10.10.10.1, but they will always end up on the Active firewall in an Ac...

VPN goes down each 8 hours

HI, We have a VPN from PA to Oracle cloud. We realised that this VPN goes down each 8 hours and it takes so long to renegotiate. From Oracle side tells this: " early November, OCI implemented enhancements to IKE, including support for additional DH groups and support for IKEv2. Consequently, the IKE proposal payload from OCI can exceed 1500 byte...

BigPalo by L4 Transporter
  • 6541 Views
  • 3 replies
  • 0 Likes

Resolved! security policy between layer 2 zones

Hi, I am new to Palo Alto, so this might be a dumb question, below is the setup I have been trying to get it to work -two layer2 zones; Zone1 and Zone2three PCs, PC1; PC2 and PC3PC1 in Zone1PC2 and PC3 are in Zone2all three PCs are on the same subnetquestion: I am trying to create a security policy to only allow PC1 to talk to PC2, and deny ever...

VPN and NAT query

Hi All, Can someone help me with a NAT over VPN. What I thought was correct isn't working and I have tried a number of combinations that all fail. The encryption domains are (based on Palo) Remote 85.90.253.239, local 192.168.90.228, to reach a server on IP 10.0.8.82. What would the NAT look like? Every combination that I think is correct doesn’...

a.jones by L3 Networker
  • 4516 Views
  • 3 replies
  • 0 Likes

Firewall bidirectional nat

I configured the bidirectional nat. After the configuration is complete, it can be accessed from the outside, but it cannot be accessed from the internal network. The link I visited is https://anyshare.positecgroup.com/#/The public address is 218.4.72.251.I put my configuration in the attachment, can you help me see where there is a problem?

image001(12-11-16-50-48).png
image002(12-11-16-50-48).png

Native Duo 2FA for GlobalProtect can't select Auth Profile or Auth Policy Zone

I'm moving to LDAP auth with Duo 2FA. We need a better answer than RADIUS as we've found Duo's Authentication Proxy functionally limited and crash-prone. Using Mitch Densley's video guide for PAN-OS 8.x as a starting point, I've gotten my Duo application set up, along with an authentication profile. However, when I try to create an Authenticatio...

Resolved! HIP Profiles in Global Protect

Hello, we tried to figure out if it´s possible to use HIP Profiles on Global Protect Client Configuration. We want to ristrict the User who is not matching the HIP Profile to connect to the Gateway. Normally, you can configure the HIP Objects on Policys, but we don´t want the user even connect to the VPN. Is there any Way we can do this ? Kind r...

Production issues with 9.0.4?

Hello Community!Has anyone made the jump to 9.0.4 on their production firewalls? I have read the release notes and installed it onto my lab unit. Just checking to see if anyone has had any issues outside of what is in the release notes. Currently we are running the 8.1 train. Cheers!

Resolved! PAN Device (in front of Alarm LED)

HiWhen We are used to run PAN DeviceUnfortunately PAN Device Occur FaultAfter that,,Alarm LED turn it on Red colorI checked CLI Command to see deep informationI got it cause,,TemperatureI solved a problemanyway,,in end of line What does means?,,10G physJaguarTigerDuneThat mean are aninmal something like thatgood bye~

Reboot / Shutdown options not displayed in Web UI if Role-Based Admin is used

Hi,I have created a role-based admin account with all rights enabled for the Web UI and superuser rights enabled for the CLI.After login to the Web UI using this account, under Device -> Setup -> Operations, the reboot/shutdown operations are not displayed. So i cannot reboot the device via the Web UI.If I go to the CLI (using the same acc...

zaphodbb by L1 Bithead
  • 7863 Views
  • 3 replies
  • 0 Likes

Query about admin credentials

Hello Team, We need your support to provide specific access to system admin user. We need to provide access one of system admin only for configuring VPN user & create system admin user. Kindly confirm can we create a custom admin profile for above task or any another way to restrict access. RegardsKarthikeyan Balamurugan

Resolved! Vwire connection between edge and distribution switch

We have stack of 2 edge switch and stack of 2 distribution switches.We have linkagg containing 2 ports running between them.IT is layer 2 connection only between edge and distro.Also we have MAnagement vlan on switch so that users can access it remotely Need to put PA in vwire mode.So for vwire I will have two pair of vwires and i will need to h...

vwire.png
MP18 by Cyber Elite
  • 4290 Views
  • 4 replies
  • 0 Likes

Not able to normalize UPN name retrieved from SAML assertion

Hi Team, We have configured SAML SSO authentication for Global protect. Microsoft Azure has the active directory we have configured it as identity provider and service provider as Palo alto global protect. Trust established between Idp and SP and we are able to authenticate portal using microsoft azure. But the problem in allowing list in authe...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks