General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Force what Global Protect Portal to use

Hello, Our users will have 2 Global Protect Portals to choose from. The users sometimes log in to windows with a smart-card and sometimes with a normal AD-account (Username and password). Not sure if it's possible but can we force what portal they connect to based on what account they log in on? Theres one portal for smart-card users and one fo...

Probably a strange question...but Linksys RV082 and PA VPN tunnel anyone?

HI Been trying to get a VPN tunnel working between a Linksys Rv082 and Palo Alto. (dont ask...) But no luck in the testing, i based my PA config on the Linksys Rv082 settings, wich i got from the person that is on the other end, but so far - no success. Anybody tried this before ?I would appreciate any experiance or pointers. i provided a link...

Resolved! Captive Portal errors

Hello Early today the captive portal stopped working and UserID didn't get any user mappings. Users couldn't be able to login by SSO or captive portal. After some investigation, we restarted the l3-service and it come back working. The l3svc_ngx_error.log show us this errors: Error: pan_parse_bc_params(panos_addons/pan_l3svc_utils.c:2294): inval...

Resolved! global protect gateway ipsec connection and ssl connection

I have configured GP external gateway and it is working fine. connection type is always SSL even though ipsec is checked in the config. does GP supports ipsec connection? or is GP connection only supports ssl?

why are there duplicated threats (protections) ?

Hello,Browsing on the list of threats, i see many threats that repeat themself, only with different ID.What does that mean?

Minimum number of ports in aggreagte interface?

What is the minimum number of interfaces in an aggregate interface, will config commit with a single interface?

Monitor multiple IPs in a PBF rule?

Running 8.0.x on our PA-3020 and PA-220 systems. In our virtual routers, we can path monitor with multiple IP addresses and take action on AND or OR conditions, but PBF still seems to be limited to a single IP. I'd love to be able to monitor multiple IPs in a PBF rule. Is this possible, is it coming, or is there a workaround? Thanks! Jordan

Resolved! Two firewalls, identical rules, different behaviour

As far as I've been able to determine, the configuration for the two firewalls (PA-500s) are identical (with different IPs/subnets obviously), but the way they handle blocked connections is very different. On one firewall, a telnet to a blocked port just hangs until it eventually times out and the connection is dropped. On the other firewall, a ...

IPSec and DHCP relay

Can a DHCP relay be configured on the PA to be used by and IPSec tunnel also configured on the PA?

Resolved! SSL cert mgt-Chrome issues

I generated and imported ssl certificate for secure management. I also made sure the CA is on the local machine. I have no issues with Firefox or IE but on chrome, it shows me cert r=error for mgt interface. Did anyone face this before? please offer me a solution if so. Thanks.

Resolved! IPsec question

HelloI have many IPsec connectios on my PA. But their are 2 that both use 192.168.100.xNow IPsec A is policy based. So I have configured the proxy ID's. All working fine. Now I have narrowed the routes down to the 2 host I require. Which are 192.168.100.32/32 and .33/32 , IPsec B is a tunnel / route based IPsec. I've added the routes in which ar...

Resolved! Issue with setting QoS egress value with API

For scripting purpose I need to be able to set egress-max values in QoS with the API.First I created a QoS profile, TRUST-QOS, and set the egress-max to 20In powershell, I have the following: $paURL = "https://" + $PAIP + "//api/?key=" + $apiKey + "&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain'...

Global Protect on Chrome OS forget and reset portal.

I keep having to click forget on the chromebook globalprotect client and re add the portal to get it to connect to the VPN on the PA firewall. This happens daily to many of the Chrome OS devices.Also the + button to add a second portal does not work.We are running Chrome OS version 68.0.3440.118 (Official Build) (64-bit)HP Chrome Book also happe...

Resolved! internal routing being blocked

I'm having an issues with some internal routing I have two virtual router that have statics routes for an internal phone network on a different router in my trusted zone I can ping from computers in my lan but when i try and access any websites or management tools it doesn't work if I add a persistent route on the desktops it start to work but w...

Panorama - dynamic updates not working

Software Version 8.0.9Application Version 8024-474 Panorama VM is not receiving dynamic updates. I have checked traffic is allowed and also license is not expired.On manual check it is getting this error. Also tried updating by directly uploading the file. Apps+Threats file uploaded but gave error below. Apps file uploaded and it was able to g...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Force what Global Protect Portal to use