This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

GlobalProtect Android version 13 issue

Global Protect login continues to fail on Version 13 Android. It seems to have been caused by Android security enhancement issues. created it with SHA 384 but I can't log in. "The network connection is unreachable or the portal is unresponsive, Check the network connection and reconnect" There is no problem with global protect c...

qmso475_0-1701243435266.png
qmso475_1-1701243590189.png
qmso475_2-1701244110530.png
qmso475 by L3 Networker
  • 4967 Views
  • 11 replies
  • 0 Likes

EST Enrollment over Secure Transport

I use certificate based IPSec VPN Tunnels that rely on Certificates. The Certificate Authority i use supports EST to allow for automated enrollment similar to SCEP. Is there a way to configure Pan-OS to work with EST instead of SCEP? I have not been able to find any other forums to support this topic.

Resolved! Regarding Security Advisory CVE-2024-3393

Hello Team, I have recently upgraded my pa-1410 firewall to panos ver. 11.1.4-h7, because its preferred version so far. Today I have received this advisory link ... https://securityadvisories.paloaltonetworks.com/CVE-2024-3393 I have DNS Security enabled. Things are not clear to take an action, what id action required? I can see my version li...

Resolved! Failure to install Apps and Threats

Model PA-3050Software Version 9.1.16GlobalProtect Agent 6.1.0Application Version 8692-7955 (03/30/23)Threat Version 8692-7955 (03/30/23)Antivirus Version 4401-4918 (03/26/23)WildFire Version 757322-760771 (04/06/23)URL Filtering Version 20230406.20155 Issue: A few weeks ago, i started to notice that Apps and threats are failing to install. See...

Kali by L2 Linker
  • 5792 Views
  • 5 replies
  • 1 Likes

Resolved! Multiple authentication profiles for GP portal and gateway?

Hi, I am using LDAP authentication profile for GP Portal and Gateway authentication. The problem is when the LDAP server is down I can not log in. So I want to use two authentication profiles. One for LDAP backend and one for local authentication. As you see in the attached screenshot, I added them to GP portal settings. The problem is I can not...

panos-gp-portal.PNG

about transparent

sorry for bothering you all. I'm new to computer networking. And while I'm building my own system, I'm having some trouble. MODEM (internet) --- Firewall Palo Alto --- Laptop. This is the model I'm building myself. I was going to use transparent mode but I can't find it on the firewall paloalto 440. I hope you guys can give me some suggestions. ...

Palo Alto Global Protect

Hello. I am looking to setup and use Palo Alto's Global Protect feature; The question I have is if I have only 1 egress port (WAN) port that is public-facing, can I setup my Global Protect on that egress port or do I need to use another port for egress and assign that port to both gateway and portal? Or can I use my one (egress) port to be a...

For those that seek to get SSH Proxy working

Searching the internet it seems that people are looking to enable SSH Proxy and not finding answers. I managed to get it working but must say that the current supported SSH decrytion parameters for all PAN-OS versions aren't the most secure ones so you should consider what's more important for your situation: SSH inspection with less secure S...

Untitled1.png
Untitled1.png
Untitled2.png
Untitled2.png
Han.Valk by L2 Linker
  • 1028 Views
  • 1 replies
  • 1 Likes

GlobalProtect access to local LAN devices

I am fairly new to Palo Alto devices. We are in the process of testing the GlobalProtect client and have set it up without split-tunneling. I have confirmed this works for web browsing (get the PA NAT address), but we are still able to get to all local LAN resouces. We are able to use local wireless printers, I am able to ping to and from the ...

rgreens by L2 Linker
  • 24294 Views
  • 12 replies
  • 0 Likes

Onboarding to Passive HA to Panorama

Hi Everyone, I need advice on how to onboard the passive HA to Panorama. The Primary is already on Panorama but upon checking, it doesn't belong to a device group yet. I have read some documentation on how to onboard a local firewall to panorama, but I haven't seen how to onboard the Passive Ha on Panorama. Could someone point me to documentatio...

N.MANTUA by L1 Bithead
  • 1054 Views
  • 2 replies
  • 0 Likes

Resolved! Replicating vSwitch NIC status to a NGFW VM (ESXi)

Greetings all, I wanted to see if anyone has successfully replicated the status of a host NIC attached to a vSwitch to a Palo Alto NGFW VM in ESXi 8? Right now, all ports always remain up because the virtual switch they are attached to remain up. It seems like this should be a trivial configuration, but I can't figure it out for the life of me.

Resolved! Deep Packet Inspection and SSL Certificate

Hello, newbie here. One of our clients asked me: "We have an exchange server which is on site. We need to renew the ssl certificate, I was told that if the Palo Alto firewall performs deep packet inspection, we need to supply the ssl certificate to the firewall. if it is so, we need to coordinate with my local admin to install the ssl certif...

N.MANTUA by L1 Bithead
  • 5871 Views
  • 4 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks