This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! OpenConnect client with a Global Protect plugin

Hello,

 

We found that only 1 factor authentication is required when connecting to the VPN using OpenConnect client with a Global Protect plugin, it appears that it bypasses the portal authentication and only requires the gateway authentication. We hav

...

Farzana by L4 Transporter
  • 19694 Views
  • 2 replies
  • 1 Likes

Licence NFR PaloAlto

Hello

 

I just receive my PA-850, i made the registration of the device in support section, but after this registration, i can't see the licences for the new device :

Threat Prevention
BrightCloud URL Filtering
PAN-DB URL Filtering
GlobalProtect Gateway
Glo
...

nfr palo.jpg

Resolved! Log Forwarding for Flood event

I'm familiar with the process of setting up a log forwarding profile and attaching it to a security rule.  But how would this work for alerting on a flood event?  In a flood the attacker IP is 0.0.0.0 and the victim IP is 0.0.0.0.  This won't match a

...

Global Protect on macs using active directory logins

Hi

 

We use ad accounts for users to login to the macs (arrange of MacOS versions), but from a certain day we been told that users need to use global protect to VPN in our sister company to use certain resources, mainly email.

 

Once global protect is on

...

slinxy by L0 Member
  • 1418 Views
  • 1 replies
  • 0 Likes

Application Risk level

What happens when you change an application risk number from a 5 to a 1? Does this just change the read out of your risk level or does it change the way the firewall acts on the application?

jdprovine by L4 Transporter
  • 3462 Views
  • 4 replies
  • 0 Likes

Schedules expired

Hi Community

 

I see when the schedule policy has expired the rule continue as a enable rule but It doesn´t work because the rule has expired,

Can you tell me how I can find the expired schedules?, is it possible to configure somehow when the rule has e

...

ftrimino by L0 Member
  • 2968 Views
  • 3 replies
  • 0 Likes

Blocking Bittorrent

Hi Everyone,

 

Is there a way to limit the sessions on bittorrent with Palo Alto ?

 

You can only enable a session limiter based on a service, but not on an application i think?

 

Anyone has some suggestions ?

 

Goal-> Limit bittorrent traffic. Users

...

Resolved! Source User Missing. Device has User Mappings.

I'm sure this is probably a rookie mistake, but I have to ask...

 

I've set up our Meraki access points to syslog to my PA500 firewall.  I'm successfully getting user-id to IP address mappings (I can see them in the output of "show user ip-user-mapping

...

Resolved! QoS: why is it capped at 1 Gbps?

Is it a physical limitation, or a software limitation?

 

The PA-3020 has gigabit ports, which can be combined into aggregate interfaces that support multi-gigabit combined throughput.  However, it you enable QoS on an aggregate interface, no matter how

...

fjwcash by L4 Transporter
  • 3380 Views
  • 2 replies
  • 0 Likes

Google Hangouts audio-video detecting as STUN

I am noticing an issue were clients are using Google Hangouts, but the APP-ID is detecting the session as STUN over UDP/TCP port 19302-19309, instead of the APP-ID signature of google-hangouts-audio-video.  Has anyone else noticed this behavior?

 

The

...

log snapshot.JPG

Resolved! Deleting Aggregate Interface

Good Morning,

 

can someone verify that the following command is correct for removing an aggregate-ethernet interface?

 

          delete network interface aggregate-ethernet ae1 layer3 units ae1.82

 

I am a litte leary of implementing this command due to

...

global protect multiple portal issue

We want to configure Portal level redundancy in Global protect .If we bind 2 IPs of 2 different location firewalls to our portal address then how does clinent interpret the DNS resolution .after how much time client will try on another system 

NIRAVK9 by L1 Bithead
  • 5676 Views
  • 13 replies
  • 0 Likes

ASK: GP with 2 network access

Hi All,

Anyone have tried to create 2 network access within PAN-GP on PANOS 6.1?

So, basically I want to create 2 PAN-GP Profile, one with split-tunnel, another one without split tunnel.

 

Already read some article, said that I'll need PAN-GP license and

...

  • 23707 Posts
  • 103 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks