This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Global Protect, use custom port for portal, followed the tutorial on paloaltonetwork

Hi, I followed the tutorial : How to Configure GlobalProtect Portal Page to be Accessed on any Port but it's not working.When I connect using browser I get an error. I see in monitor that the port is accessed and I see the rules for the nat as well, but in the application it's written "incomplete". How can I debug it further ?Thanks for help.Jon

GlobalProtect agent can not connect to my internal Network

Hello,After correctly configuring global protect VPN on the firewall, and installed the agent globalprotect on the remote machine, when I am in connected mode with the agent I can not connect to my internal network not even send a ping, I checked the security rules and the NAT between the two zones, the access route but the problem persists

ADINESMA by L0 Member
  • 3383 Views
  • 1 replies
  • 0 Likes

Resolved! authetication override

Why is it necessary to enter "generate cookie for authentication override and accept cookie for the authentication override on both the portal and gateway? I would think it would make more sense to select generate cookie for authentication override on the portal and accept cookie for the authentication override on the gateway.I am also not sure...

jdprovine by L4 Transporter
  • 5414 Views
  • 6 replies
  • 0 Likes

logical interface packets drops

Hi, we are experiencing this issue that we are troubleshooting from a couple of days. we have done all our checks WAN and LAN side however there is a paloalto firewall between WAN routers and core switch in a Vwire mode with an any-any rule. the only problem I have noticed so far is that at the time of issue the firewall is not too responsive i....

qasim02 by L2 Linker
  • 3653 Views
  • 3 replies
  • 0 Likes

Resolved! how to get CA trusted root cer for global protect url

Hi, We have external global protect gateway with dns name.when users browse to domain name they get warning message certificate is not trusted. How can i get trusted cer from CA like go daddy so that when remote users download the GP client they do not get cert warning? RegardsMike

MP18 by Cyber Elite
  • 2560 Views
  • 1 replies
  • 0 Likes

Resolved! Global Protect client - Block inbound traffic - Internet Adapter

Hi,The scenarios is as follows:a) I have a Windows10-client with Global Protect (GP) version 4.1.4 installedb) The Win10 has inbound RDP (tcp-3389) enabled so that the support can access the client remotelyc) The GP is configured with "Always On" so that it connect to our company network as soon as it finds an ISP-connection The problem:a) Whil...

Ask about by license for PA-500, Renew license after End-of-sale?

Dear All, My company device is PA-500, I'll be End-of-Sale Date at 31-Octorber-2018. But it's license will be Expires at April ,2019.So how I can do to renewal the license? Do I buy the license after End-Of-Sale ? OR Can we renew the license befor the End-of-Sale?Please help me clear this issue.Thanks and Regards,Tho.

Problem routing traffic from ipsec tunnel to ipsec tunnel

We have two PA820 boxes PA#1 & #2, both are connected via IPSec and the traffic flows without any problemWe have a TMG server to which PA#2 is connected via IPSec and traffic flows without any problemNow we want PA#1 to be talking to TMG server via PA#2ON PA#1 we can see that the traffic is going through the tunnel, but it is not being detec...

Resolved! Global Protect external gateway traffic is ssl decrypted

Hi, I have configured GP external gateway and all is well.But i see my ssl tunnel connection from my public ip to GP public ip this traffic is decrypted. I have no decryption policies configured for this. this traffic is from external to external zone. need to understand how this traffic is beging decrypted? Mike

MP18 by Cyber Elite
  • 6377 Views
  • 4 replies
  • 0 Likes

Templates and Interface IPs

I have setup an HA pair of 5220s and have them added in Panorama all running on 8.1.2. I have setup the Templates and can push out changes to the HA pair. I tried to push an IP change to a subinterface on the pair and though both Panorama and the HA Pair claim to have accepted and commited the changes, the HA Pair still has the old IPs and Pan...

afrias by L0 Member
  • 3174 Views
  • 1 replies
  • 0 Likes

New to Palo Alto

Hello, I am new to Palo Altos. We just took over a company with a Palo Alto and we are taking a look at all of the settings in the device to get a handle on how everything is set up. I wanted to see if someone could clarify something for me. When I looked at what appears to be the internet facing interface, all I see is an IP assigned to the int...

Resolved! Is there a place to submit changes to Application Definitions?

I was testing an app today, and much to my surprise it had a definition already created. When I added it to my trust-untrust allowed applications rule, it still didn't hit it. The firewall identified it as SSL over 5494, not the app. The app just lists TCP/5494, and probably needs to be further identified. Opening a case with support is the obvi...

  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks