General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

GlobalProtect with MFA Dual Authentication

We have set up a GP slit tunnel we allow SSO using LDAP and Certificate based authentication this allows access to everything in the corporate network. However for applications we have specifically listed by service and destination we have created additional authentication rules that force the user to authenticate using a MFA (Entrust) method th...

Resolved! No expiration set for collector group on Panorama m100

Hello everybody, I would like to know what happen if I don't configure the Expiration Period in my Collector Group. By default, blank field means that my logs will never expire but if it reachs the maximum capacity what happen ? Does my panorama take in consideration my Quota and override the oldest logs ? Regards,David

GlobalProtect portal user authentication failed

For globalprotect I have a radius server profile with two servers in it. I have noticed that all authentication goes to the first server in the list all the time. And that works. However, in testing, I have shut off the first server and the firewall never tries to send authentcation to the second server. If I use the "test authentication" co...

Hangout as ms-lync

Hello everyone, the users in our company use Google Hangouts / Meet. We allowed google-hangouts and google-meet and all the dependent applications with Service Any.However the connection is recognized as ms-lync!! Anyone else facing similar issue? Best Regards,RJ

Configure Firewall HA through Panorama

Hi ! How we can configure the HA between Firewall through Panorama. I have added the both devices in to single device groups. So whenever i did the HA configuration parameters it's getting applied to both devices . What are the steps need to be followed for this ? Thanks in Advance...

gpsriram by L1 Bithead
  • 2607 Views
  • 2 replies
  • 0 Likes

Panorama snmp trap

My idea was first to setup panorama to monitor the logs for critical and then send snmp trap.But from what i can see from the PA mibs, there are no way for panorama to send info in the trap about the device? So all i see in the trap is the panorama ip. Is there any way around this? Or is maybe best practise to trap from the individual device?

hbalzac by L3 Networker
  • 4124 Views
  • 2 replies
  • 0 Likes

qos rule allowed application is http-video but stats and cli also shows unknown-tcp

I have configured qos on application http-video only and category is any.Running OS 8.0.9 On qos stats graph it also shows application as unknown-tcpfrom cli when i run command > show session all filter qos-class 1 it shows application as undecided need to understand qos rule only applies application http-video why we see applications unkno...

MP18 by Cyber Elite
  • 2584 Views
  • 3 replies
  • 0 Likes

Resolved! Authentication via LDAP server

We have a PA-3050, I have setup LDAP auth and it is working fine, however I have a question/concern. Yesterday we had a user offsite who needed VPN access, he was not in the AD group initially, so I added him to the AD group and sent him instructions on how to download the agent, when he tried to sign in, it would not allow him, ten or so mins ...

GlobalProtect concurrent Gateway conections

Hi i have two separate PA-220 clusters in separate sites and i can connect to each one independtelly via global protect, but i have to choose one site or the other. is there a way to setup the Global protect to connect to both sites at the same time without the use of a VPN satellite setup? the networks are not overlapping.. thanks,Jonathan

Resolved! A new PA-3250 required licenses

Hi, I'm planning to deploy PA-3250 for a company. I've recommended the following modules for them as per their requirements:PAN-PA-3250-URL4-5YR.PAN-PA-3250-TP-5YR.PAN-PA-3250-WF-5YR. Now, i'm not sure if we must also include the premuim support license inorder to be able to opreate the firewall. Can I safely deploy the device without a support ...

Resolved! Updating MineMeld Miner indicators via http/https API requests from external systems ?

Dear MineMeld community, Can we add/remove indicators from a MineMeld Miner via http/https API? We currently have a simple automation system for IP whitelisting: External System sends an https request to an automation server with an IP address info and some another data: http://AutoRequest.com/request?ip=10.1.1.1&start_date=01/01/201...

Resolved! GlobalProtect - suppress the downgrade/upgrade prompt?

I noticed end-users will get a prompt to upgrade/downgrade their client, depending on whether the Activated version is lower or higher than their installed version.Is there a way to suppress and turn that off? It would IT controlled deployment upgrades more smoother and less confusing to end-users. Is this the setting here?

2018-11-05_9-23-39.png

GlobalProtect Connection Issue

The company I work for recently roled out paloalto vpn service for users to connect via VPNHowever one frustration most if not all users have observed is the initial connection via GlobalProtect client. Across all client versions and all OS's (Windows, MacOs) one thing which is causing frustration has been observed. * Instigating the connection ...

version.png
1.png
2.png
carterg by L2 Linker
  • 10893 Views
  • 5 replies
  • 0 Likes
  • 24396 Posts
  • 123 Subscriptions
Top Solution Authors
Labels