This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4250 Views
  • 0 replies
  • 0 Likes

speedtest is not correctly identified with and without decryption 10.2.4 latest app-id

hi guys, I searched through and it looks like it's an know issue that speedtest.net is not correctly identified by app-id I use app -default setting on the policy The policy cannot really see speedtest.net's traffic and identifies the traffic as ssl, speedtest uses customer port tcp 8080 which is obviously not part of ssl app id defined...

nevolex by L3 Networker
  • 4205 Views
  • 3 replies
  • 0 Likes

Resolved! after 11.1.5-h1 update, 11.1.5-h1 missing from software list

I recently updated to 11.1.5-h1 on one of my firewalls and the software area updated to show the base versions and previous preferred versions we were running but I am not able to see that I am actually on the 11.1.5-h1 version. I assume it isn't listed since it isn't preferred but then how do I know for sure what version I am running? Do I need...

Setting Up a Remote VPN using Connect Before Logon

Looking for some assistance as I am building out a remote vpn using Connect before logon for my Palo Alto. Does anyone know a simple, easy way to set this up with LDAP. Some article are outdated and some are inconsistent in their approach verse other documents. Appreciate the help.

Unable to commit changes

Hello team, i have been facing the below error when trying to commit changes in palo alto firewall pa-1420 invalid local dhcp setting for monitor destination 8.8.8.8 (module routed client routed phase 1 failure please help.

GlobalProtect fails to connect to backup gateway when portal is down

Hello, PAN-OS 8.1.4; GP 4.1.6I am using only the one VR with dual gateways and ECMP routing enabled with WRR (Weigthed 1/4 (WAN1=50, WAN2=200).I have one portal configured for WAN2. I have two (2) gateways; one on WAN2 and one on WAN1. When WAN2 is up, I can acces the portal and the gateway on that interface.When the portal is down (WAN2), and ...

Hardening Guide for PAN NGFW and Global Protect

For compliance reasons, specifically StateRAMP (and likely FedRAMP in the distant future), I'm looking for any hardening guides or STIG for the PAN NG-FW and Global Protect or even general best practices. I feel odd asking for "security hardening" for a security solution, but I'm just making sure all bases are covered. I've found a couple t...

malmgren by L0 Member
  • 2578 Views
  • 1 replies
  • 0 Likes

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries. You'll find this new area under the Articles section of the main menu: Our goal is simple: provide clear, comprehensive resources that address your most frequent issues. Using data-driven ...

kiwi_0-1719493645523.png
kiwi by Community Team Member
  • 2957 Views
  • 2 replies
  • 1 Likes

Firmware upgrade ver from 10.2.10 to 11.1.x.

Hi Support,Our organization is in the process of upgrading the firmware of Palo Alto 460. We are now on 10.1.10. We would like to upgrade to 11.1.x. I would like to know which is the recommended version. There is always a dilemma of which version is the best and have minimum vulnerabilities. By reading various documents it is more confusing to u...

how to uninstall global protect when it keeps reinstalling even after i uninstall it (i have admin)

Hi there, Ive tried to uninstall gp from my computer, however, it keeps reinstalling. I have tried deleting all files related to gp (e.g appdata gp files and gp program files). ive also tried this method (link is below) but it doesnt work as it keeps reinstalling. Does anyone know how to uninstall it permanantly? https://knowledgebase.paloal...

Mulit-Vsys setup with Wildfire

Hi Friends, We are planning for a multi-vsys PA setup, where one vsys will have only L3/L4 policies and second vsys will be in L2 bridge mode with Threat prevention features only. Vsys1 will only scan L3/L3 policies while vsys2 will scan traffic for any threats. We believe this is logically possible solution, need some clarity on integrating W...

Site blocking under music category

Hi Team, One Visa processing URL blocking under Music category in my firewall. I ready added the this site into allowed list. But still blocking under music category. How to allow this URL make acces withough enable music category.

IPsec tunnels to multiple peers with overlapping remote networks

Say I have site-to-site IPsec tunnels from my Palo to 2 different peers. How do I handle the case when the 2 peers have the same or overlapping networks? Do I ask one of the peers if they can NAT their network to something that doesn't conflict with my other peer? What if neither peer is able to NAT?  

ipsec_overlapping_remote_networks.png

GP Always on VPN - Except if on internal LAN?

Is there a way to implement this? I have seen the internal host detection option but as far as I can see that is only to choose whether you connect to an internal or external gateway.I want all remote site users to go through the Palo Alto, but I can achieve that by routing alone. I dont see what I would be achieving by forcing vpn while on inte...

welly_59 by L3 Networker
  • 4295 Views
  • 3 replies
  • 0 Likes

GlobalProtect Always On Issue

I am currently testing GlobalProtect Always on, I have configured to operate at user logon. The issue I am having is that on start-up of my laptop, on my corporate network I am prevented from any network access. If I connect to my public WIFI and connect GlobalProtect and can access my network ok. Reverting back to my corporate network and it th...

rossm by L1 Bithead
  • 6100 Views
  • 8 replies
  • 0 Likes
  • 24360 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks