General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Assigning DNS A-record to GlobalProtect Client?

Hello PA Community!

 

We migrated to laptops and GlobalProtect always-on pre-login VPN solution several months back. We are currently at a point where around 50% of our clients haven't talked to WSUS in quite some time because their DNS records are get

...

ihealey by L1 Bithead
  • 5284 Views
  • 2 replies
  • 0 Likes

GlobalProtect Client for Mac Sierra not working

We discovered a issue with new Mac machines pre-installed with MacOS Sierra 10.13.3 or higher and GlobalProtect 4.1.  If you already have GlobalProtect 4.1 installed prior to upgrading to MacOS Sierra everything works fine.   If you install GlobalPro

...

deshazom by L0 Member
  • 2483 Views
  • 0 replies
  • 2 Likes

GlobalProtect Client for Mac Sierra not working

We discovered a issue with new Mac machines pre-installed with MacOS Sierra 10.13.3 or higher and GlobalProtect 4.1.  If you already have GlobalProtect 4.1 installed prior to upgrading to MacOS Sierra everything works fine.   If you install GlobalPro

...

deshazom by L0 Member
  • 1628 Views
  • 0 replies
  • 0 Likes

Commands to edit BGP AS Number from CLI

How can I edit the AS number on a PA firewall from the CLI?

i need to change it in a production environment without access to the webUI

 

in the gui this would be | Network tab | Virtual Router | Select VR name "MPLS in my case" | BGP tab | and change t

...

USer-ID cache timeout calculation

I am losing user-ip-mapping occasionally. I believe this is because of incorrect timeouts.How to calculate the ideal user-id cache  timeout for 1200 users.? I am using windows based user-id agent.

Using Windows server as intermediate CA

Hello. If anyone has any guidance, we will forever be in your debt 

 

Our set up is this. We are trying to setup GP with multi-factor authentication. 

 

We have a Windows root CA which is not domain joined

We have a Windows intermediate CA

We have a PA(ob

...

Global Protect 4.1 remember userid and password

I am testing version 4.1 of the Global Protect client and everytime I reboot, the client prompts me for the userid and password.  It did work fine on 4.0.6, but not this version.  I verified that remember userid and password was set to on in the Port

...

PA-5220 and Netflow

I have a PA-5220 and I am trying to configure a Netflow export out to my solarwinds server which is located at a remote site across a VPN tunnel.

 

I am aware that I cannot use the MGMT interface to export netwflow with this particular device, but I am

...

Rule Counters on HA Pair With Transfered Sessions

Let us say you have a firewall pair configured and rules configured and one day you fail them over - or they fail over. The primary is rebooted. When the primary comes back up all sessions are transferred back and everything is fine. Except, as I und

...

Knobdy by L0 Member
  • 2621 Views
  • 3 replies
  • 0 Likes

VPN dissconnect part II

So other than the time out settings for the GP client.  Is there limit set somewhere that tells it to disconnect a client for dropped, insufficient or any other packet settings

jdprovine by L4 Transporter
  • 3916 Views
  • 18 replies
  • 0 Likes

Global Protect not using new DNS servers

Greetings!

We recently migrated to a new DNS server in our internal network; With this, we also updated the configurations on the firewall configuration, and on the GP setup to reflect this. We have the PAN giving IP's to GP clients directly (not rela

...

TAXII or STIX generic miners?

Is it possible to have TAXII or STIX generic miners for internal custom feeds? We are exploring the data sharing between different vendors for our internal environment and instead of waiting for the vendor to come up with the integration, rely on ext

...

Resolved! Connection aborted error when 'running' miner job

I'm seeing error indicators for 3/4Miner nodes.  The error is ('Connection aborted.', gaierror(-2, 'Name or service not known'))

 

I would suspect this is not desireable and would like some direction how to fix that?  This is a new installation which

...

Miner.PNG
  • 24202 Posts
  • 101 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels