This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

IPOE Standard

Hi, Does anyone know if the Palo Alto supports the IPOE standard? I have a PA-220 that we need to use for a PPPoE Internet and I have just been told that they use IPOE which doesn't require a username & password. I suspect I could just set it to DHCP instead on the Layer 3 interface and this could be enough? Thanks Brad

I want to ignore to update ip-user-mapping information from other domain.

Hi, My FW is updated ip-user-mapping information from only A DC with a.com.A DC have been connecting Forest with B DC included b.com.Sometimes, The FW has been updated users in b.com domain from A DC.So I want to ignore to update user-ID from A DC for b\users, only allow a\users. I have tried a way using ignore-list but I want to know a way bett...

DNS server failover not working for GP client

We have a problem with the GP client and DNS. when the primary DNS server configured on the GP gateway is down, the GP client is unable to resolve FQDNs (over the split tunnel). Once I reversed the and made the secondary (active) DNS server the primary, the GP was able to resolve internal names. The only global timer that I can see for DNS is u...

URL categories

Is there a limit to the number of URLs we add inside one URL category?If i will add many URLs in this category affect Palo Alto performance?

iPad Global Protect Auto Connect

Good morning, GP works great on our iPads, except you need to open the app and hit 'connect'. Sometimes it becomes disconnected and needs to be done again. This is for K-12 students, so we're hoping there is actually a way to force persistence. Is this possibly a limitation that Apple has placed on iOS or maybe a config that needs changing on...

GlobalProtect says "Connected" to quickly........

Someone can stop me if it's meant to do it this way, but if feels like a bug that needs fixed. GlobalProtect 5.0.4-16PanOS 9.0.1HIP Checks in place Scenario:Using HIP checks to limit scope of connectivity to internal network. Issue:Let's say that one of my HIP checks is to look and make sure that widget.exe is running on a PC. I connect to Glob...

rtaImage.png
Shawverr by L3 Networker
  • 2621 Views
  • 2 replies
  • 0 Likes

Device Average Memory Usage High PA-3060

We have observed a high memory utilization on PA-3060 ,do we have to upgrade our RAM or this is normal behavior? show system resourcestop - 02:47:35 up 631 days, 20:43, 1 user, load average: 0.02, 0.04, 0.05Tasks: 117 total, 1 running, 115 sleeping, 0 stopped, 1 zombieCpu(s): 3.7%us, 1.3%sy, 0.3%ni, 94.5%id, 0.0%wa, 0.0%hi, 0.1%si, 0.0%stMem: 3...

Resolved! load config partial - from local file to security ruleset

First issue:I am trying to get load config partial working from local file , address objects , address groups, service groups and security and NAT rules, to local firewall. I am used to doing load config partial on PANORAMA to device groups.. but not local file to local FW.. cant quite pin down the API XML format, even when looking on local ...

Global Protect UpGrade Windows Installer

Pushed the global protect client out through SCCM. Which works, but when the auto update is applied, we end up with the windows installer issue. the msiexec /Option error I have checked to make sure no other installer is running, and there is nothing. Has anyone been able to solve this issue?

Resolved! Security Profile - Mass change - Is there an easy way?

I received a request to change the current security profile on 3,502 policies (spanning three VSYS) from a shared profile to a local profile. Is there a better way to do this than doing them individually through the GUI? I don't even want to think about how long this would take if I have to do it through the GUI, not to mention the arthritis I'l...

Resolved! AlienVault taxii miner versus prebuilt reputation data miner

AlientVault has the OTX with a taxii feed configuration which looks like it could be handy. However the miner for the alienvault reputation has a link which 404's. Does anyone have any idea if this overlaps? Also the AlienVault taxii feed would require an API key, I'm not entirely sure how to set up a new miner for taxii which requires an API ...

chirss by L3 Networker
  • 25427 Views
  • 21 replies
  • 0 Likes

Path Monitor... source IP must be within the same subnet as destination?

I'm trying to monitor the availability of one tunnel, to re-route the same destination traffic into a second tunnel. The other side can't do routing protocols right now--which would solve this easily. I hoped to find a non-manual way to fail over. I read in a discussion that the SOURCE IP and destination IP have to be in a single network. The d...

Royalfr by L2 Linker
  • 7729 Views
  • 2 replies
  • 0 Likes
  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks