General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! Enforce GlobalProtect Connection for Network Access not enforcing when GP disabled?

Hi all! I'm experimenting with enforcing GlobalProtect Connection for Network Access. When I enable that setting, and put myself in user-logon (always on) things work great, but if I then disable GP, I can still access the network. I had a call with TAC and they said to make this work I needed to make sure I couldn't disable GP, so I set it up s...

uvdes by L2 Linker
  • 23766 Views
  • 13 replies
  • 1 Likes

Google Safe Search Update

Enforcing Google SafeSearch with Palo Alto Networks Firewalls - Lockstep Technology Group BlogsEnforcing Google SafeSearch With Palo Alto Networks FirewallsLockstep works with a number of organizations that require filtering of inappropriate web based content (esp. our K12 customers). While many solutions existing in marketplace today, our engin...

eputnam by L1 Bithead
  • 5563 Views
  • 2 replies
  • 4 Likes

Resolved! upgrade OS

Hi, How can I upgrade8.1.8 from 7.0.1 can anyone tell me the procedure........

Redistribute ebgp route into ebgp

Hi Team, I have EBGP peering between PA- Router using EBGP. learning route 10.10.1.0/24 I want to advertise those EBGP routes ( ex 10.10.1.0/24) learned by PA to AWS where I have another EBGP peering between PA and AWS. Could this be done in Palo Alto. I see redistributes rules are there . I just wanted to have clear understanding if one ebgp...

UDP issues after network outage

We're experiencing multiple issues with udp-based applications after network outages. A common problem is that udp tracking sessions (I assume from ALG) in PA for DHCP create issues and clients are unable to attain IP-address. This error must be manually solved by clearing sessions. We've also seen this error for other udp applications. Question...

Resolved! ownload OS update, without having associated the device with an account.

Dear Community,First of all, my best regards, here are my questions:I need to download the updates of a PA firewall model PA-220, I do not find any update repository to perform the update manually, they tell me that it is necessary to associate the device with an account, but this device still cannot be associated with an account because they do...

Persistent issue with APP-ID Reliability

Hello all. I have had an issue with PANOS since 7.0 (Currently I am on 9.0.2-h2) where the application id feature is not reliable in security rules. I can add a rule and for example lets say I allow ssl to 10.1.1.1 from 10.2.1.1 no user restrictions and just add the ssl application and commit. Then I try to access https on 10.1.1.1 from 10.2.1.1...

drops.png

GlobalProtect Clientless VPN inactivity and session lifetime logouts enforcement

Good day, Inactivity and session lifetime forced logouts are not enforcing logouts on open clientless applications. Currently running 8.1.8H5 and have found that clientless application sessions are remaining open even after a forced logout. Going back to portal tile page, requires a login for any new application but all open sessions reamin ope...

rdefeo by L0 Member
  • 3291 Views
  • 1 replies
  • 0 Likes

Global Protect Client on Linux cannot connect to local gpd

Hi, have this problem since a few releases back.Installed latest Globalprotect client for linux, currently 5.0.3. Install ok, runns ok but doesent activate and connect.root@khazad:/home# systemctl status gpd● gpd.service - GlobalProtect VPN client daemonLoaded: loaded (/lib/systemd/system/gpd.service; enabled; vendor preset: enabled)Active: acti...

IKEv2 between PAN-OS 8.1.9HF4 and Cisco IOS routers or ASA devices

I am trying to setup site-2-site VPN between a Cisco router and PaloAlto 820 running 8.1.9HF4. Everything is working fine in IKEv1but it is not working in IKEv2. Look like PaloAlto is not playing nice with Cisco devices. If I replace the PaloAlto with Checkpoint firewall, it works fine with Cisco in IKEv2. I have a ticket open with PaloAlto...

dtran by L4 Transporter
  • 6048 Views
  • 3 replies
  • 0 Likes

Redirect some FQDN to VPN

Hello, It's possible to redirect some domain name (exemple: *.com and *.net) to tunnel VPN ?I think that it's possible by creating address object and use by policy based forwarding for redirection, but I can't use wildcard match all *.com. thanks.

  • 24401 Posts
  • 123 Subscriptions
Top Solution Authors
Labels