This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4254 Views
  • 0 replies
  • 0 Likes

Custom Application Signatures

Curious if anyone is successfully using the commvault application within their Palo Alto application policies? We tried it and it is not working at all to detect our CommVault application traffic. The details on the application itself seem quite old.

zthiel by L2 Linker
  • 3763 Views
  • 4 replies
  • 0 Likes

speedtest.net giving different results VM vs. PA-220

after switching from a PA VM on an ESX to a PA-220 i noticed a huge decrease in throughput from speedtest.net - with the VM in vwire or l2 mode i am getting rates consistent with native line speed (around 500Mbit/s down and 250Mbit/s upload). With the PA-220 in either vwire or l2 i am seeing a huge decrease in results in the region of 60 Mbit/s ...

stlenger by L1 Bithead
  • 4629 Views
  • 4 replies
  • 0 Likes

Global Protect 4.1 Password Length

Is there a password limit to the new Global Protect client 4.1 for Windows? It seems to stop at 20 characters. It made me chuckle to think that PA was limiting the number of characters we can use.Thanks, Steve

Active/Passive PAs Connected To VPC Nexus 7Ks

This was also posted on the Cisco forum because I'm not sure yet what is the problem's root cause. So I'd appreciate insigt from the Palo experts as well. Below is the problem: Each 7K can ping the active-pal. Active-Pal is connected to 7K A, so Active-Pal’s mac appears on 7K A’s interface. 7K B, again, can also ping Active-Pal. Of course, Acti...

Traffic_Flow.JPG

Resolved! Panorama and Hyper-V

Hello, We’re currently looking at a VMWare to Hyper-V migration. One of our concerns is that it appears our Panorama virtual appliance isn’t supported to run on Hyper-V. Do you know if Palo Alto are adding support for this anytime soon? I notice that they’ve released support for the VM series firewall on Hyper-V, so I assume Panorama support is ...

Farzana by L4 Transporter
  • 9939 Views
  • 8 replies
  • 1 Likes

Assigning DNS A-record to GlobalProtect Client?

Hello PA Community! We migrated to laptops and GlobalProtect always-on pre-login VPN solution several months back. We are currently at a point where around 50% of our clients haven't talked to WSUS in quite some time because their DNS records are getting all mixed up. We have some clients with a DNS A-record on the old trusted DHCP scope, some w...

ihealey by L1 Bithead
  • 7609 Views
  • 2 replies
  • 0 Likes

Commands to edit BGP AS Number from CLI

How can I edit the AS number on a PA firewall from the CLI?i need to change it in a production environment without access to the webUI in the gui this would be | Network tab | Virtual Router | Select VR name "MPLS in my case" | BGP tab | and change the AS Number. also, normally I configure this from Panorama but will only have access to the cons...

USer-ID cache timeout calculation

I am losing user-ip-mapping occasionally. I believe this is because of incorrect timeouts.How to calculate the ideal user-id cache timeout for 1200 users.? I am using windows based user-id agent.

Global Protect 4.1 remember userid and password

I am testing version 4.1 of the Global Protect client and everytime I reboot, the client prompts me for the userid and password. It did work fine on 4.0.6, but not this version. I verified that remember userid and password was set to on in the Portal settings on the firewall.Am I doing something wrong?Thanks, STeve

Resolved! GlobalProtect 4.1 client and multiple portal addresses

Has anyone figured out a way to pre-configure multiple portal addresses in the new 4.1 GlobalProtect client? In my tests, it actually doesn't even seem to honor the registry setting that works for the pre 4.1 client (HKLM\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings) for a single portal address. After installing, it just opens and prompt...

PA-5220 and Netflow

I have a PA-5220 and I am trying to configure a Netflow export out to my solarwinds server which is located at a remote site across a VPN tunnel. I am aware that I cannot use the MGMT interface to export netwflow with this particular device, but I am not all that thrilled about using any of the other interfaces, nor do I want to create a whole n...

Rule Counters on HA Pair With Transfered Sessions

Let us say you have a firewall pair configured and rules configured and one day you fail them over - or they fail over. The primary is rebooted. When the primary comes back up all sessions are transferred back and everything is fine. Except, as I understand it, the only time rule counters are reset is after a reboot (or the backplane is restarte...

Knobdy by L0 Member
  • 4048 Views
  • 3 replies
  • 0 Likes

VPN dissconnect part II

So other than the time out settings for the GP client. Is there limit set somewhere that tells it to disconnect a client for dropped, insufficient or any other packet settings

jdprovine by L4 Transporter
  • 6806 Views
  • 18 replies
  • 0 Likes

What is the Agent User Override Key used for in GlobalProtect

In the GlobalProtect Portal config(under the Agent tab), there's a setting for "Agent User Override Key". I'm finding conflicting information on what this might be used for. The firewall's help file says this field is used for disabling GlobalProtect with a Ticket...."after a user attempts to disable GlobalProtect, the endpoint displays an 8-ch...

AgentUserOverrideKey.PNG
jambulo by L4 Transporter
  • 18288 Views
  • 5 replies
  • 1 Likes

Global Protect not using new DNS servers

Greetings!We recently migrated to a new DNS server in our internal network; With this, we also updated the configurations on the firewall configuration, and on the GP setup to reflect this. We have the PAN giving IP's to GP clients directly (not relayed), and whenever someone connects to the FW, they are getting the old DNS servers, not the new ...

  • 24362 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks