This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4112 Views
  • 0 replies
  • 0 Likes

Require authentication via global protect when connecting to data center resources

In an attempt to secure connections to production resources. I would like to implement a policy that if you are for instance using SSMS to connect from one location to a database in the data center, that you first have to authenticate via global protect client using two factor authentication before you can connect to said resource. any guidance ...

Resolved! IPSEC VPN from PA to Multiple devices - Using same crypto profiles?

We have PA running IPSEC to different remote sites.Each site has different Public and Private networkFor each site i need to create tunnel interface and do the same config over and over. Say if i need ipsec to 15 sites then for each site i need to create separte tunnel interface i understood that. can i use the same ike and ipsec crypto for a...

MP18 by Cyber Elite
  • 3252 Views
  • 2 replies
  • 0 Likes

Certificate based authentication for IOS microsoft intune intergration

HI @gwesson I have an issue in client based authentication for IOS devices. I have imported the client certificate in windows and android it works same cert installed in iphone it shows an error client certificate not found. Recently, I have see behaviour of client certificate installation has changed in IOS 12. Client certificate should be d...

Resolved! LDAP authentication failover

Hi Community,I have 2 Domain controllers serving user information. I have configured these 2 under same LDAP server profile. I am using this profile in authentication profile for GP.I configured 4s each for search and bind timeout under LDAP server profile.I need the user should be authenticated with second server when first one is down(it is th...

Resolved! Multiple vpns to the same peer

Hi, We have a requirement where-in we need to configure 2 vpn tunnels to the same remote peer.Also the remote end local ip address ranges are the same. Below is a quick explanation Tunnel 1MyPeerPublicIp = 1.1.1.1RemotePeerPublicIp = 2.2.2.2MylocalSubnets = 10.1.1.0/24RemoteLocalSunbets = 10.2.1.0/24 Tunnel 2MyPeerPublicIp = 1.1.1.1RemotePeerPub...

adil.bgz by L1 Bithead
  • 22291 Views
  • 7 replies
  • 0 Likes

Resolved! how long phase 1 will show as red in web gui?

We have ipsec tunnel to vendor. web gui shows phase 1 as down and phase 2 as up.i can ping across the vendor network.traffic is passing via tunnel show vpn flow shows active. need to know how long web gui will show phase 1 is red?when web gui will show phase 1 as green? Also from cli below command does not show that phase 1 is down? show vpn ik...

MP18 by Cyber Elite
  • 3141 Views
  • 2 replies
  • 0 Likes

PA 5220 vsys HA Support

Hi, we have a pair of PA 5220 appliances currently running only the default vsys (vsys 0) in an HA (Active / Active) Setup. We would like to add additional vsys instances and also have each of the new instances running in a HA A/A Setup. Would the HSCI Port (currently configured for HA2 and HA3 HA A/A Traffic/Sessions support) as well as the HA1...

CarloMun by L0 Member
  • 4786 Views
  • 3 replies
  • 0 Likes

Problems installing on Ubuntu 16.04

I am trying to follow the directions found here: https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-16-04/ta-p/253336 I get to this step Adding the repo GPG key Add the MineMeld repo GPG key to the APT trusted keyring: wget -qO - https://minemeld-updates.panw.io/gpg.key | sudo apt-key add – Wh...

Capture.PNG
Mattk by L2 Linker
  • 5801 Views
  • 3 replies
  • 1 Likes

Packet Buffer OID VM-Series

Hi, Anyone know what is the OID used in the VM-Series to extract the packet buffer (hardware/software) values? In the MIB of Palo Alto Products I only find this one, but I don´t know what it exactly extracts: PA-VM: 1.3.6.1.4.1.25461.2.3.29 Any idea?

Resolved! unable to download or view the pa-500 specs sheet

i know this sounds like a silly question but I need to get the specs on our pa-500 firewalls. When I go to this page, https://www.paloaltonetworks.com/resources/datasheets/pa-500-specsheet nothing happens when I click the download button. Either the download link is broken or I am just out of my mind. What gives here? Do I need a valid support c...

youngi by L0 Member
  • 3634 Views
  • 2 replies
  • 0 Likes

HELP: Clients going 'under the radar' when CP is switched on...

We find that an increasingly number of students never get the captive portal auth dialog popping up once we switch on CP (when we are having a test or exam) for their subnet. The dialog pops up as expected for most of the students, but there are always a significant bunch that somehow never get the chance to authenticate, hence the FW classifie...

Resolved! BGP Routing Question

Hi All, I have BGP routing advertising from the Palo with eBGP advertising internally and externally for 4 vSYSs. How do I advertise a particular vSYS with public IP a.a.a.a to advertise it as a route for public IP b.b.b.b/27. Regards Adrian

a.jones by L3 Networker
  • 5600 Views
  • 2 replies
  • 0 Likes

Subscription signatures off-line updates

Good afternoon, colleagues, I have three subscriptions: url filtering, threat prevention and wf500 signatures. How to update them off-line and is it possible to distribute these updates for the firewall and wf through Panorama?

ColaNet by L1 Bithead
  • 4921 Views
  • 3 replies
  • 0 Likes

Resolved! Run 'script' from CLI

Hi,I wonder if it is possible to create a run a user defined script from our VM-100's CLI. The script should switch Policies / Authentication / <my CP profile> to 'web-form' - and do 'clear session all filter from ClassNet ' If this is possible how do I switch on the auth policy and save / run the script from CLI? Thanks a lot for help on ...

Resolved! Captive Portal and computers in hibernation

Hi,We use VM-100 at a high school and frequently we switch on captive portal to impose access restrictions for certain classes. We use AD group names in policies to target users. However, despite enabling CP it appears that quite a few students who are members of classes being restricted never get up the CP auth dialog. Hence they continue to ...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks