This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

PA-5220 and Netflow

I have a PA-5220 and I am trying to configure a Netflow export out to my solarwinds server which is located at a remote site across a VPN tunnel. I am aware that I cannot use the MGMT interface to export netwflow with this particular device, but I am not all that thrilled about using any of the other interfaces, nor do I want to create a whole n...

Rule Counters on HA Pair With Transfered Sessions

Let us say you have a firewall pair configured and rules configured and one day you fail them over - or they fail over. The primary is rebooted. When the primary comes back up all sessions are transferred back and everything is fine. Except, as I understand it, the only time rule counters are reset is after a reboot (or the backplane is restarte...

Knobdy by L0 Member
  • 4086 Views
  • 3 replies
  • 0 Likes

VPN dissconnect part II

So other than the time out settings for the GP client. Is there limit set somewhere that tells it to disconnect a client for dropped, insufficient or any other packet settings

jdprovine by L4 Transporter
  • 6935 Views
  • 18 replies
  • 0 Likes

What is the Agent User Override Key used for in GlobalProtect

In the GlobalProtect Portal config(under the Agent tab), there's a setting for "Agent User Override Key". I'm finding conflicting information on what this might be used for. The firewall's help file says this field is used for disabling GlobalProtect with a Ticket...."after a user attempts to disable GlobalProtect, the endpoint displays an 8-ch...

AgentUserOverrideKey.PNG
jambulo by L4 Transporter
  • 18457 Views
  • 5 replies
  • 1 Likes

Global Protect not using new DNS servers

Greetings!We recently migrated to a new DNS server in our internal network; With this, we also updated the configurations on the firewall configuration, and on the GP setup to reflect this. We have the PAN giving IP's to GP clients directly (not relayed), and whenever someone connects to the FW, they are getting the old DNS servers, not the new ...

TAXII or STIX generic miners?

Is it possible to have TAXII or STIX generic miners for internal custom feeds? We are exploring the data sharing between different vendors for our internal environment and instead of waiting for the vendor to come up with the integration, rely on external standard feed. If yes then how? Thanks in advance!

Resolved! Connection aborted error when 'running' miner job

I'm seeing error indicators for 3/4Miner nodes. The error is ('Connection aborted.', gaierror(-2, 'Name or service not known')) I would suspect this is not desireable and would like some direction how to fix that? This is a new installation which has been handed over to me so it's basically an out of the box configuration. I see that ther...

Miner.PNG

GlobalProtect Data File will not install

Greetings, I upgraded to PAN-OS 8.1 / GP 4.1 in order to take advantage of the new interface. This is a new deployment and I didn't want to roll out the old interface to the users. Everything went smoothly except for HIP/OPSWAT v4. I followed the instructions...but every time one of my firewalls ( i have three) tries to update the data file I ...

Resolved! Query on multi Gateway in GP

Hello, We are running PAN-OS 8.0.7 and require a second external gateway to connect a POS server (which can run the GlobalProtect client fine). The configuration has been done and the client successfully authenticates but for some reason the Agent configuration which would instruct the client to connect to the POS gateway is not being selected -...

Farzana by L4 Transporter
  • 3553 Views
  • 3 replies
  • 0 Likes

GlobalProtect connection error "Could not connect to portal"

Hello, We have 1 colleague is facing VPN connection issue, the VPN client is 4.0.3, PA OS is 8.0.3. His certificates is valid and his colleague's VPN is working well, the same domain, the same VPN client version. From his PC, is able to resolve the FQDN of portal. When he opens portal from broswer, his is able to download the agent after input A...

qd_056 by L2 Linker
  • 10586 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect with MFA/Dual Authentication

I've been looking up and down and can't seem to find a solution. I'm trying to authenticate to the GlobalProtect gateway or portal via Radius (which is tied back to AD) then to DUO for MFA. The user should point to the portal/gateway, receive a username/password prompt, authenticate via Radius, then receive a text message from DUO (or call) and ...

How to Block specific HTTPS Sites?

Hello, I'm struggling to block some internal https sites. I have to block various sites/urls of a server from a specific zone, while I have to keep some others open The urls look like:https://servername.suff.dom:8443/aaa/bbb/ccc/ddd/eeeee_ff_application1 Now I have to block application1 to application 4, while keeping 5 to xx open. Btw I dont kn...

PhLang by L1 Bithead
  • 3654 Views
  • 5 replies
  • 0 Likes

Replacing PA500 with PA220

Currently have a PA500 (in virtual wire mode). Ordered a replacement PA220. I followed the instructions on connecting to the new unit and assigning a new IP address. It too is in Virtual wire mode. I need to understand how to transfer my configuration to the new unit. Also need to understand how to connect the device to the production network wi...

jharlow by L3 Networker
  • 3728 Views
  • 3 replies
  • 0 Likes

Authentication Tab Error

Hi After upgrading to 8.1 version, I can not see the Authentication and User-ID tabsthis happens only with my user authentication tab

Screenshot_1.png
Frazão by L1 Bithead
  • 2211 Views
  • 1 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks