This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

Global Protect Client Bundles not installing. VM100

I am trying to install a client bundle for GP on out test VM-100 The VM has no internet connection so I downloaed the bundle from PA PanGP-4.0.6 On "device > Global Protect Client " I upload the file, which works but nothign is displayed. If i go to "Activate from file" it sees the file, and seems to activate with success. But nothign appea...

Resolved! ICMP reply from the firewall instead of endpoint destination

Hello everybody,What could cause ping to respond from a different IP?When tested from source, the response message of the ping command is successful and it's coming from the PaloAlto firewall, not from the destination IP.Where and how can I verify on the PaloAlto if this is expected or not?What setup can cause such behavior on the PaloAlto?Need ...

000000 by L1 Bithead
  • 3839 Views
  • 2 replies
  • 0 Likes

IPs and ports allowed to a specific host destination

Hello everyone! I was wondering if anyone had any tips or knew of any free tools that I could use to easily gather the allowed IPs and ports for a specific destination IP.We have a user that would like ot know what traffic is allowed to a specific group of servers. I'm just trying to avoid manually going through the all policies...I'm new to thi...

Cannot ping server but monitor sees the ping traffic as allow

My Palo Alto PA200 e1/1 (10.10.10.1/30) is connected to router A and e1/2 (10.10.20.2/30) is connected to router B.The server 192.168.1.100/24 is behind router A (10.10.10.2) which has a static router to destination 172.16.1.0/24 with next hop 10.10.10.1.The user 172.16.1.100/24 is behind router B (10.10.20.1) which has a static router to destin...

jac101 by L2 Linker
  • 2541 Views
  • 1 replies
  • 0 Likes

New Feature request or ?

Hi I would like to have apolicy that just logs and does nothing else - ie the packet keeps getting evaluated. some times I want to know there is packet there but not process it with that line. Can this be done already ?

Azure Site Recovery Miner - XML source into Minemeld

I'm looking to do, what I believe, would be a simple minor for Azure Site Recovery IP list. The list is located here and is in XML form. https://aka.ms/site-recovery-public-ips I have bounced around on some articles and tried to follow a few, but came up empty-handed. The Node I have setup says it was successful, but with 0 indicators. Is...

Jmarx1 by L1 Bithead
  • 4126 Views
  • 1 replies
  • 0 Likes

Resolved! Moving Colo Datacenter

Hi folks, We got some dreaded news that our colo vendor is not renewing lease and we are now moving.We have two 3020 firewalls configured in HA. I am looking for any general comments that could help in my direction. One thought:Break HA.Take secondary firewall over to new colo datacenter.Edit secondary firewall configuration for new IPs.Make sec...

OMatlock by L4 Transporter
  • 6571 Views
  • 7 replies
  • 1 Likes

Palo Alto against spam

helloİn the network users get many spams.We dont have any other anti-spam solution.Is it possible to stop spams by Palo Alto NGFW?

Radmin_85 by L4 Transporter
  • 11021 Views
  • 4 replies
  • 0 Likes

Resolved! Global Protect Migration Assistance

Hello! So, we inheritted an infrastructure with a few hundred VPN users whose Global Protect clients were all deployed pointing to the IP address of the GP Portal (not an FQDN). And, of course, we are now in a position where that physical site (and its IPSpace) are going away... We've stood up a new GP portal and gateway at a new location (wit...

locampo by L2 Linker
  • 9318 Views
  • 6 replies
  • 0 Likes

Global Protect ( Force Password, Use GoogleAuth, Client required file?)

Just stating to trial GP.... And have 3 questions. 1) I can't work out what option I need to tick to force the user to re-enter their password on connect ( Android Client in this instance. 2) Can Google Auth Be used for 2FA? I can't find a guide? 3) Can I specify a resource that must be on the device ( a file for example ) as aditional requireme...

Aruba AP Tunnel Problem

Hello, I'm having problems with Aruba AP connection through a FW. I got my APs in the inside zone, and the controller is in a DMZ. Previously I had a security rule that allowed aruba-papi and syslog app and the AP connected to the controller without any problems. But After I updated the firewall to 7.1 (now 7.1.19) the rule has not been working ...

gmunoz by L1 Bithead
  • 8765 Views
  • 3 replies
  • 0 Likes

Youtube working from - youtube application in phone

Hi Team as per the requirement youtube needs to be blocked , we have blocked youtube with applcation , url category and it is blocked on browser. but when customer accessing the youtube application it is not getting block even though it is hitting the deny policy . we have tried decrytion as well but no luck . Any suggestions ?

Rameshwar by L3 Networker
  • 2380 Views
  • 1 replies
  • 0 Likes

inbound ssl decrypt and iphone

Hi Seems like I am having issues with iphones and inbound ssl decrypt with 8.0.12 any one else having this issue. seems like 0-200k of data is okay, after that ... dies in the arseA

Trigger/logs DoS policy

Hello, We would like to be notified when there is a high number of requests to our servers, and even to control them in time. Aside to be able to see an event in the logs (as it is the case with the flood in the sessions) The configuration we are looking for does not require (and should not) limit the number of concurrent connections. We should...

BigPalo by L4 Transporter
  • 3467 Views
  • 2 replies
  • 0 Likes

Can't Update License from License Server

I recently bought a used PA-200 off ebay just to play with and learn on. It's been factory reset and has no licenses loaded. I am unable update the license from the license server. I do not have a support contract. I suspect I'm just hosed, but wanted to ask just in case whether I have any options.

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks