This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 660 Views
  • 0 replies
  • 0 Likes

hi Community

Hi all,

 

We have upgraded globalprotect version 3.1.4 to 4.1.2. Its connected successfully . But after some time it saying portal not available. username take as portal name. anyone experience with globalprotect 4.1.2???

Resolved! Palo-Cisco VPN Logs

Im setting up a s2s vpn between a Palo and a Cisco ASR. The GUI is showing it all as up - green lights and ike tunnels. But the logs are showing the below:

 

IKEv2 child SA negotiation is failed message lacks KE payload

 

I am not sending traffic down th

...

welly_59 by L3 Networker
  • 6853 Views
  • 5 replies
  • 0 Likes

Custom HIP Check for Linux

Hey guys,

 

I've been tasked to have Globalprotect only allow company owned devices over the VPN. I know I can create custom HIP checks for Windows/Mac (reg/plist value). How would I do the same for Linux clients?

 

I have two end users that work remote,

...

Unable to find interface configured in vm machine in vmware

I’m new to Palo Alto VM series deployment and it’s the new project .. we’re trying to deploy Palo Alto HA in VMware environment . Deployed ovf template and configured management interface . Connected to GUI and all looks ok . But I’m not able to conf...

Hari007 by L1 Bithead
  • 6308 Views
  • 6 replies
  • 0 Likes

Resolved! DH group 15 IPSec tunnel

Hi

I must build up an IPSEC tunel between PA and Watchguard XTM. The other Side gives me ike phase where DH Group is 15.

 

On PA I only can choose Group 1—768 bits, Group 2—1024 bits (default), Group 5—1536 bits, Group 14—2048 bits, Group 19—256-bit ell

...

PPTP VPN can not be connected to external devices

I have built a VPN server in company domain and I have tried to connect it in the domain computer. Now I need it can be connected to external computer. I have search many information in Internet to know how to do this setting in firewall. But it stil

...

Jacky.Yi by L0 Member
  • 2522 Views
  • 2 replies
  • 0 Likes

Resolved! Radius authentication for Global Protect

Hi community!

 

I have encountered a "problem" with our Global Protect authentication while we were doing some maintenance works.

We have an Authentication Profile with 3 RADIUS servers for authenticating the users, and the number of retries is set to 5

...

Feature request thoughts - around nat selection

Hi

 

I have 2 NAT pools, actually 4, cause for HA each pool is doubled - does that make sense.

 

1 pool is on a.b.c.13 and the second is on a.b.c.113.

 

All good. what I would like to do is say

 

going out internet interface from src group "out via non prod"

...

DNS Proxy in Active Active cluster setup

Hi

 

I am looking to setup 2 IP address I want to use for DNS proxy  - I was planning on having each ip as a HA VIP - in fail over mode - 1 priotised to one node and the other to the other node

 

Then I tried to setup the DNS proxy -  can't attach it to

...

Routing issues LDAP AD server profiles

Hi, Im trying to set up Group mapping and foudn an interesting issue that I wabnted to put out here see if theres any ideas that can help us out. This is the situation:

 

Hardware

  • ethernet1/12 is trunk with subinterfaces
  • ethernet1/12.2 vlan 2 tagged subi
...

rcaduser by L0 Member
  • 2249 Views
  • 2 replies
  • 0 Likes

PA220 routing issue

I have three PA220s, let's call them

 

PA220-A

PA220-B

PA220-C

 

They are connected in the following manner:

 

PA220-A ---- PA220-B ----- PA220-C

 

All three have an Inside and Outside Interface. All the Outside interfaces are connected via a Layer2 network. M

...

  • 23954 Posts
  • 113 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks