This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4116 Views
  • 0 replies
  • 0 Likes

Resolved! IPSEC GUI shows green for both phase 1 and 2 - Need to restart the ipsec to ping across the ipsec

Gui shows both phase 1 and 2 up.Can not ping lan IP at vendor end. when i ping vendor lan ip i see below ( description contains 'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 0.0.0.0/0 type IPv4_subnet protocol 0 port 0, received remote id: 192.168.46.32/28...

MP18 by Cyber Elite
  • 3453 Views
  • 2 replies
  • 0 Likes

Resolved! Route Monitoring. Possible FR?

Hi I ran into an interesting requirement which (I believe) is not possible with the current path monitoring features for static routes. Here is my scenario... First lets just remove dynamic routing from the equation. For this specific use case dyanamic routing isnt possible between R1, R2 and the PA. PA has a default route configured to R1. R1 i...

4D83FE9B-261E-45EA-9969-1C48BD460C9F 4.png
4D83FE9B-261E-45EA-9969-1C48BD460C9F 6.png

Require authentication via global protect when connecting to data center resources

In an attempt to secure connections to production resources. I would like to implement a policy that if you are for instance using SSMS to connect from one location to a database in the data center, that you first have to authenticate via global protect client using two factor authentication before you can connect to said resource. any guidance ...

Resolved! IPSEC VPN from PA to Multiple devices - Using same crypto profiles?

We have PA running IPSEC to different remote sites.Each site has different Public and Private networkFor each site i need to create tunnel interface and do the same config over and over. Say if i need ipsec to 15 sites then for each site i need to create separte tunnel interface i understood that. can i use the same ike and ipsec crypto for a...

MP18 by Cyber Elite
  • 3252 Views
  • 2 replies
  • 0 Likes

Certificate based authentication for IOS microsoft intune intergration

HI @gwesson I have an issue in client based authentication for IOS devices. I have imported the client certificate in windows and android it works same cert installed in iphone it shows an error client certificate not found. Recently, I have see behaviour of client certificate installation has changed in IOS 12. Client certificate should be d...

Resolved! LDAP authentication failover

Hi Community,I have 2 Domain controllers serving user information. I have configured these 2 under same LDAP server profile. I am using this profile in authentication profile for GP.I configured 4s each for search and bind timeout under LDAP server profile.I need the user should be authenticated with second server when first one is down(it is th...

Resolved! Multiple vpns to the same peer

Hi, We have a requirement where-in we need to configure 2 vpn tunnels to the same remote peer.Also the remote end local ip address ranges are the same. Below is a quick explanation Tunnel 1MyPeerPublicIp = 1.1.1.1RemotePeerPublicIp = 2.2.2.2MylocalSubnets = 10.1.1.0/24RemoteLocalSunbets = 10.2.1.0/24 Tunnel 2MyPeerPublicIp = 1.1.1.1RemotePeerPub...

adil.bgz by L1 Bithead
  • 22293 Views
  • 7 replies
  • 0 Likes

Resolved! how long phase 1 will show as red in web gui?

We have ipsec tunnel to vendor. web gui shows phase 1 as down and phase 2 as up.i can ping across the vendor network.traffic is passing via tunnel show vpn flow shows active. need to know how long web gui will show phase 1 is red?when web gui will show phase 1 as green? Also from cli below command does not show that phase 1 is down? show vpn ik...

MP18 by Cyber Elite
  • 3141 Views
  • 2 replies
  • 0 Likes

PA 5220 vsys HA Support

Hi, we have a pair of PA 5220 appliances currently running only the default vsys (vsys 0) in an HA (Active / Active) Setup. We would like to add additional vsys instances and also have each of the new instances running in a HA A/A Setup. Would the HSCI Port (currently configured for HA2 and HA3 HA A/A Traffic/Sessions support) as well as the HA1...

CarloMun by L0 Member
  • 4787 Views
  • 3 replies
  • 0 Likes

Problems installing on Ubuntu 16.04

I am trying to follow the directions found here: https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-16-04/ta-p/253336 I get to this step Adding the repo GPG key Add the MineMeld repo GPG key to the APT trusted keyring: wget -qO - https://minemeld-updates.panw.io/gpg.key | sudo apt-key add – Wh...

Capture.PNG
Mattk by L2 Linker
  • 5804 Views
  • 3 replies
  • 1 Likes

Packet Buffer OID VM-Series

Hi, Anyone know what is the OID used in the VM-Series to extract the packet buffer (hardware/software) values? In the MIB of Palo Alto Products I only find this one, but I don´t know what it exactly extracts: PA-VM: 1.3.6.1.4.1.25461.2.3.29 Any idea?

Resolved! unable to download or view the pa-500 specs sheet

i know this sounds like a silly question but I need to get the specs on our pa-500 firewalls. When I go to this page, https://www.paloaltonetworks.com/resources/datasheets/pa-500-specsheet nothing happens when I click the download button. Either the download link is broken or I am just out of my mind. What gives here? Do I need a valid support c...

youngi by L0 Member
  • 3637 Views
  • 2 replies
  • 0 Likes

HELP: Clients going 'under the radar' when CP is switched on...

We find that an increasingly number of students never get the captive portal auth dialog popping up once we switch on CP (when we are having a test or exam) for their subnet. The dialog pops up as expected for most of the students, but there are always a significant bunch that somehow never get the chance to authenticate, hence the FW classifie...

Resolved! BGP Routing Question

Hi All, I have BGP routing advertising from the Palo with eBGP advertising internally and externally for 4 vSYSs. How do I advertise a particular vSYS with public IP a.a.a.a to advertise it as a route for public IP b.b.b.b/27. Regards Adrian

a.jones by L3 Networker
  • 5600 Views
  • 2 replies
  • 0 Likes

Subscription signatures off-line updates

Good afternoon, colleagues, I have three subscriptions: url filtering, threat prevention and wf500 signatures. How to update them off-line and is it possible to distribute these updates for the firewall and wf through Panorama?

ColaNet by L1 Bithead
  • 4922 Views
  • 3 replies
  • 0 Likes
  • 24334 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks