General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Having trouble passing traffic from one VPN through to another

Hi all, Here's what I'm trying to do - I have a PA firewall with two VPNs - let's call them A and B. I'm trying to work out how to get traffic from site A to route through to site B, but it's eluding me - the site B tunnel doesn't come up. I have tunnel.198 to Site A with a route passing 192.168.24.0/21 traffic to that tunnel, and tunnel.300 wit...

CoreHR by L1 Bithead
  • 3372 Views
  • 2 replies
  • 0 Likes

Globalprotect Block sessions if the certificate was not issued to the authenticating device

Hello,My organization is testing out GlobalProtect for Linux and we've quickly realized that the certificates we deploy through SCEP (MS NDES, Certmonger) can be utilized on other systems than whom they were intended for. This opens up for users with root access (dev's) to set up a non company owned/managed devices with GlobalProtect and this pr...

Tony-Le by L0 Member
  • 5694 Views
  • 2 replies
  • 0 Likes

Multiple URL Global Protect Multiple FQDN

We would like to use multiple URL's to access our Palo with Multiple LDAP authentication. portal.company1.com LDAP1 portal.company2.comLDAP2 portal.company3.comLDAP3 We could also do like C1.company.comLDAP1C2company.comLDAP2C3company.comLDAP3 Can anybody guide me to a solution so far support has not been super helpfull. Another is portal.comp...

GlobalProtect - Windows 10 - Client Won't display

I have a fresh install of Windows 10. When I right click on the GlobalProtect icon in the tray no menu ever shows up. I see the GlobalProtect icon in the taskbar but any click on it will make icon dissappear. Any ideas or workarounds? I have re-installed the client at least 5 times now and restarted my PC several times. Same behavior every t...

egv12wQ

Can't receive Multicast traffic from un-trust zone to trust zone

Dears,We should receive a multicast traffic from a third party router that are connected to our un-trust zone.This multicast should be received on a server that are connected to LAN environment (trust zone)Firewall is PA-820 and OS is 9.0.4 We tried to allow multicast and PIM/IGMP on both interfaces but no hope. Multicast is not passing the fire...

Ammar by L2 Linker
  • 3352 Views
  • 3 replies
  • 0 Likes

GlobalPotect initial login

I have deployed the GlobalProtect Always-On VPN via the MSI.exe, where the external gateway is specified. The GP client installs fine on the Windows endpoints. The remote user logs into the Win 10 endpoint with their Windows domain credentials as normal. As they have never connected via the GP client before, they are prompted to enter their Wind...

rchung54 by L2 Linker
  • 3452 Views
  • 3 replies
  • 0 Likes

Resolved! PA5050 | PSU | two failed power supplies

Hi All,We have a dead PA5050 device due to double failure of PSU.One day failed first power supply and PA5050 worked fine on remaining only. A day after failed second power supply and PA5050 died.As soon as our support contract ended we can not ask support team directly neither we can not open the case.Could it be that somebody know how to repa...

pa5050PSU.jpg
IHEP by L1 Bithead
  • 6380 Views
  • 5 replies
  • 0 Likes

Different log retention periods

Hi, for privacy reasons our customer has different log retention periods. He want's to delete all personally identifiable traffic log for traffic from internal to external to delete after 7 days. Also traffic logs for blocked traffic from externel to internal should be deleted after 7 days. Traffic logs for allowed traffic from externel should n...

Resolved! No Objects after successful Fortinet import in Palo Alto Expedition

After 'successfully' importing a FortiGate configuration file into Palo Alto Expedition, I do not see any Address Objects or Security Rules. I do see the Interfaces and Security Zones. The FortiGate configuration file was exported using FortiiManager v6.0.7. The FortiGate is running firmware 6.0.6 in HA Mode Active-Passive. My Expedition version...

Resolved! Global Protect 8.1 - HIP Profile doesn't work - No logs, No HIP profile found from CLI, No Matches

I have Global Protect VPN configured and everything is working, but the moment I apply a HIP-Profile to my security rule (for my VPN Users), they immediately do not match my VPN security rule. I get no HIP logs, I cannot find any hip profiles. I configured a HIP Profile, to match any Windows operating system, so I kept it simple. I can remove th...

MS Outlook 2010 not conecting to the server, when connected via GlobalProtect Always-On VPN

Hi, I have GP Always-On VPN configured and my test Windows 10 machine connects to the gateway and accesses internal LAN resources fine. MS Outlook 2010 doesn't seem to connect when I am connected via the GP client. Outlook just keeps saying 'Trying to connect to server'. On one occasion, the MS Outlook prompt did appear for me to enter my passwo...

rchung54 by L2 Linker
  • 12541 Views
  • 11 replies
  • 1 Likes

Resolved! Panorama Floating IP?

Does anyone happen to know if it is possible to create a floating IP that will direct you to the active Panorama in an HA pair? So the floating IP would be 10.10.10.1 while the actual device IPs would be 10.10.10.2 and 10.10.10.3. This way the administrator will always go to 10.10.10.1, but they will always end up on the Active firewall in an Ac...

VPN goes down each 8 hours

HI, We have a VPN from PA to Oracle cloud. We realised that this VPN goes down each 8 hours and it takes so long to renegotiate. From Oracle side tells this: " early November, OCI implemented enhancements to IKE, including support for additional DH groups and support for IKEv2. Consequently, the IKE proposal payload from OCI can exceed 1500 byte...

BigPalo by L4 Transporter
  • 6656 Views
  • 3 replies
  • 0 Likes
  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels