This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4224 Views
  • 0 replies
  • 0 Likes

global protect: keeping clientless vpn users seperate from remote access (vpn client) users

Here's what I need:Employees using the global protect client, and vendors logging into clientless vpn and getting the apps I assign them.I do not want any vendor to be able to access the vpn client. Here's where I am:I have a GP portal and gateway assigned to the outside interface. Remote access (employees) authenticates to radius server (ACS) a...

Resolved! VRRP on switches connected to PA in active and passive mode

below we have setup https://snag.gy/3kRV8C.jpg Where switches and routers are running ospf.PA has static route to the VRRP IP of the switch. 1>>Need to know is this good design to have the VRRP backup router connected to the PA active switch? 2>>Also yesterday when we reboot the router 1 during that time we lost the internet connec...

MP18 by Cyber Elite
  • 5869 Views
  • 4 replies
  • 0 Likes

show user group list - Shows custom group only

Under group mappings of LDAP i have so many AD groups. But when i run below command show user group listTotal: 11* : Custom Group IT does not show me any group names from AD?what is the reason for that? Also what is difference between Custom group and AD groups in LDAP?

MP18 by Cyber Elite
  • 13920 Views
  • 30 replies
  • 0 Likes

Authentication Policy with Captive Portal using Session Cookie

Customer has authentication policy with web-form as authentication profile and 60 minutes timeout.Captive Portal has both timers at 60 minutes and uses Session Cookies with 60 minutes timeout. However if a user hits refresh for the authenticated (https) session less than 60 minutes after succesful authentication he gets prompted to re-authentica...

santonic by L6 Presenter
  • 6427 Views
  • 4 replies
  • 0 Likes

Resolved! Global Protect issue with BGP routing configuration

Hi All, I have configured Global Protect and I can successfully connect. My Palo Altos are configured to peer and route via BGP which is working without issue. My problem is I cannot reach anything once I am connected. I need at access two address ranges. From the CLI of the Palo I can ping the gateways of the networks I need to reach via the Gl...

a.jones by L3 Networker
  • 4127 Views
  • 2 replies
  • 0 Likes

Resolved! Basic GP routing/NAT/policy

The Gateway/Portal of my setup works fine.It's routing I think that's not working. I just want a client over GP to hit local networks off the PANOS. IP Pool and access routes that been defined, work just fine .. I can see client has been bestowed these when it connects.. What's the basic setup from a routing perspective ?- I set up a tunnel.## ...

Resolved! Split tunnel greyed out

Hello, We are using PANOS 8.1.7 and GP 4.1.8. We have multi Vsys and one of our VSYS administrator account cannot access GP protect agent split tunnel setup. It is greyed out.Is this an account limit or something wrong?

Screenshot.jpg

threshold values for SNMP Monitoring PA-5250

Hi,How much RAM does a PA-5250 have? And which threshold value should be defined for alarming in SNMP Monitoring?And what other oid make sense to monitor and which hreshold value? e.g. count of Sessions: Data Sheet 8.000.000, but what would be a appropriate threshold value? Thanks a lot Robert

regioiT by L0 Member
  • 3568 Views
  • 2 replies
  • 0 Likes

Resolved! TS Agent no port mapping when using windows net use

Hey GuysWe have noticed a weird behaviour:When I do a telnet to IP 1.1.1.1 Port 445 on our Terminal Server with the TS Agent installed, the associated Port Range will be used as expected and the source user-id will be mapped.But when we do a net use in the same CMD window, it won't associate it with the expected port range but with a higher, not...

Resolved! Steps required to add separate Log collection and LC communication Interfaces

Currently we have Single Management Interface on 2 M500 acting as Management InterfaceLog collectionLC Communication. From Panorama M100 we have single interface doing all the above functions. Need to know what are steps in order to separte the interfaces on M500 for log collection and collector communication

MP18 by Cyber Elite
  • 2993 Views
  • 2 replies
  • 0 Likes

GlobalProtect Windows client - command line interface?

We're using the GlobalProtect Windows client application to connect to a customer’s VPN. We’d like to automate this process, as right now our only way to connect is to click on the tray icon ‘Connect’ option. Is it posible to automate (e.g. via command line) the process to connect/disconnect into our customer’s GlobalProtect system? TIA

Resolved! VPN IPSec gcm or cbc cypher types

When configuring VPN to a 3rd party vendor and you are given the required settings for IPsec profile as sha1 or sha256 only, however on the Palo Alto firewall we have the option to use cbc or gcm, e.g. aes-256-cbc and aes-256-gcm.In the past I used to add both to the profile, but I need to automate bulk VPN creation and it will be easier to sele...

BatD by L4 Transporter
  • 19516 Views
  • 6 replies
  • 0 Likes

DNS proxy rule

I have a DMZ zone for guest wireless users on Palo Alto. They use our internal server 192.168.10.10 for DNS. I am trying to configure the firewall to force them use 8.8.8.8 for a specific domain eg:*.amazon.comPlease let me know if configuring a DNS proxy with 192.168.10.10 as Primary and creating DNS proxy rules with fqdn *.amazon.com-pointing ...

  • 24355 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks