This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

GP with HIP feature doesn´t work after upgrading Kaspersky to version 11

I´m using a HIP profile to check if antivirus real time protection is enabled in the PC, everything was working properly until upgrading Kaspersky from version 10 to 11. I cannot connect with GP anymore. Does anyone have the same issue? "resubmit host profile" in the agent didn´t work I´m running Pan-OS 7.1.16 adn GP agent 3.1.6

Carracido by L4 Transporter
  • 3970 Views
  • 2 replies
  • 0 Likes

Missing ikemgr.log

I wanted to delete the ikemgr.log.old, however, I deleted the ikemgr.logNow no vpn logging is available anymore. I already restarted the management plane. No luck.Does somebody know what to do?

Gerben by L0 Member
  • 3803 Views
  • 3 replies
  • 0 Likes

Resolved! adding more than one UIA agent on firewall?

Hi Techies, I have a small doubt whether I can add more than one UIA server in my firewall in the sense that they should behave kind of active passive . Requirement is something like that I want to secure user id functionality on firewall so that if one of my UIA gets down , then firewall should contact other UIA server for that.... Let me know ...

Any Any Rule

Many times I have seen that engineers used to allow any rule during troubleshooting and forget to remove which creates problem in audit and compliance check, is there any option so that engineers should configure rule with any in source/destination/port/application fields. Thanks in advance,sumIT

SumitB by L1 Bithead
  • 2388 Views
  • 2 replies
  • 0 Likes

Controling East-West traffic without NSX

Hello,In a "Supported Deployments on VMware vSphere Hypervisor (ESXi)" section of the documentation (https://www.paloaltonetworks.com/documentation/71/virtualization/virtualization/set-up-a-vm-series-firewall-on-an-esxi-server/supported-deployments-on-vmware-vsphere-hypervisor-esxi#_92501) for VM series it is mentioned that VM Firewall can be de...

Resolved! Slow downloads from Non-US sources

Short version: large downloads from Non-US sources are slow. The file I'm attempting to download is the ISO found here from Bacula: https://www.baculasystems.com/dl/KickStart/bacula-enterprise-trial-kickstart.iso I have a sister firewall at another location with basically dupilicate config on the firewall and the file downloaded at more the exp...

Nathan.S by L3 Networker
  • 3848 Views
  • 3 replies
  • 0 Likes

Resolved! Panorama 8.0 Managing Firewalls on PANOS 7.1

We are looking at upgrading Panorama to V8.0 to give us the ablity of perform individual commits, the firewalls will remain on V7.1 for the time being.Because V8.0 has so many new features what would happen if an admin configures a feature not supported on V7.1?Is the commit to Panorama going to fail? or is the commit to the FW going to fail?is ...

Global Protect disconnect issue

3000 series FW, software 6.0.1, GP 2.0.1 -- GP continually disconnects/reconnects.. tried reinstalling client, rebooting, etc.. happens with some users at random times..then the issue will magically go away. Anyone else experience?

rrau by L3 Networker
  • 9409 Views
  • 8 replies
  • 0 Likes

Resolved! User-ID and GlobalProtect User Access

Currently I have 2 HA'd 3020 on 8.0.0 code. I have SSL vpn setup using globalprotect with LDAP. Also having implemented User-id for policy access. All this is working. My problem is, when users access the network over globalprotect. Those users miss the rules created based on the "domain\user" and are only seen as "user". Now if the user accesse...

k.truex by L1 Bithead
  • 2777 Views
  • 1 replies
  • 0 Likes

Resolved! Query on GlobalProtect SSL VPN

Hello, I’ve got a single public IP address, which is used for GlobalProtect SSL VPN. I also want use this single public IP address to allow inbound static NAT to a SSL web server on my LAN. Using GP 4.0.5 When I do this, the GlobalProtect SSL VPN client stops working and starts redirecting the traffic to the SSL web server. Is there a way aroun...

Farzana by L4 Transporter
  • 2860 Views
  • 1 replies
  • 0 Likes

Resolved! Panorama 8.0 Commit changes

We recently upgraded our Panorama M-100 to 8.0.9. After doing so, we now see these commit options: I've always been very weary of centralized firewall management after seeing a coworker push a bad config before to multiple devices. I'm a bit hesitant to click on anything that "pushes" to devices without being able to preview the configuration ...

2018-05-29-panorama-commit.PNG

Resolved! Destination vs Source Nat

I have a pretty good understanding of the difference between SRC and DST Nat, but there is one area that I could use some clarification on. With SRC NAT, I understand that by selecting BI-Directional, it allows an IP to be translated to an outside address and that Bi-Directional created an implied policy so that someone on the outside could init...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks