General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 1696 Views
  • 0 replies
  • 0 Likes

Resolved! DH group 15 IPSec tunnel

Hi

I must build up an IPSEC tunel between PA and Watchguard XTM. The other Side gives me ike phase where DH Group is 15.

 

On PA I only can choose Group 1—768 bits, Group 2—1024 bits (default), Group 5—1536 bits, Group 14—2048 bits, Group 19—256-bit ell

...

PPTP VPN can not be connected to external devices

I have built a VPN server in company domain and I have tried to connect it in the domain computer. Now I need it can be connected to external computer. I have search many information in Internet to know how to do this setting in firewall. But it stil

...

Jacky.Yi by L0 Member
  • 2675 Views
  • 2 replies
  • 0 Likes

Resolved! Radius authentication for Global Protect

Hi community!

 

I have encountered a "problem" with our Global Protect authentication while we were doing some maintenance works.

We have an Authentication Profile with 3 RADIUS servers for authenticating the users, and the number of retries is set to 5

...

Feature request thoughts - around nat selection

Hi

 

I have 2 NAT pools, actually 4, cause for HA each pool is doubled - does that make sense.

 

1 pool is on a.b.c.13 and the second is on a.b.c.113.

 

All good. what I would like to do is say

 

going out internet interface from src group "out via non prod"

...

DNS Proxy in Active Active cluster setup

Hi

 

I am looking to setup 2 IP address I want to use for DNS proxy  - I was planning on having each ip as a HA VIP - in fail over mode - 1 priotised to one node and the other to the other node

 

Then I tried to setup the DNS proxy -  can't attach it to

...

Routing issues LDAP AD server profiles

Hi, Im trying to set up Group mapping and foudn an interesting issue that I wabnted to put out here see if theres any ideas that can help us out. This is the situation:

 

Hardware

  • ethernet1/12 is trunk with subinterfaces
  • ethernet1/12.2 vlan 2 tagged subi
...

rcaduser by L0 Member
  • 2443 Views
  • 2 replies
  • 0 Likes

PA220 routing issue

I have three PA220s, let's call them

 

PA220-A

PA220-B

PA220-C

 

They are connected in the following manner:

 

PA220-A ---- PA220-B ----- PA220-C

 

All three have an Inside and Outside Interface. All the Outside interfaces are connected via a Layer2 network. M

...

Old spyware signatures are not sinkholed

I have dns sinkhole in place but the issue here is firewall is not stopping dns resolutions of old spyware(previous dynamic update version) sihgnatures/domains at dns level. Palo threat databse shows the domain as malware but no sinkhole action is ta

...

Syslog - Collecting Internal DNS

Hey Everyone,

 

I noticed my Syslog box isn't receiving internal DNS information from the Palo.  I originally thought the URL log type would capture internal information (yes i'm aware what URL stands for, but I could hope).  However that doesn't seem

...

Agentless User-ID "Not Connected"

PAN-OS 8.0.9

Server 2008-R2

 

I am in the process of investigating the setup of User-ID, utilising our test network which has a VM500

 

I am starting using the Agentless option. ( The production site has 500 users, mostly Citrix Terminal Sessions but also

...

  • 24217 Posts
  • 117 Subscriptions
Top Liked Authors
Labels