General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

 

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! 

 

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 78 Views
  • 0 replies
  • 0 Likes

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 788 Views
  • 0 replies
  • 0 Likes

GlobalProtect install restrictions

Hi all


I was wondering if there was a way to restrict who can install the GlobalProtect client ?

 

As an example, at the moment if any user launches the gateway page can download and install the client on their own computer albeit they need an active ac

...

djh3003 by L0 Member
  • 2650 Views
  • 4 replies
  • 0 Likes

SSL decryption error

I had configured SSL decryption on PaloAlto VM-50 before 6-7 months ago. There was working normally till today. Today some users get below error when they want to enter site. There is shown “decrypt-cert-validation” message on PaloAlto traffic logs.

...

image005.jpg
Radmin_85 by L4 Transporter
  • 4657 Views
  • 4 replies
  • 0 Likes

Help with IPSEC VPN with overlapping subnets

I'm working with a vendor to setup an IPSEC VPN but we have an overlapping host address. My side has a PA500 and their side is a Sonicwall.

 

Palo Alto Side:

 

Source server: 192.168.100.20

Their Server: 192.168.100.85

 

My server NAT address: 10.0.0.20

Thei

...

High memory usage PA 3020

Hi, can someone help me? I have PA-3020, about 900 security policies, about 50 vpn tunnels (low traffic), I noticed high memory usage , What could be the reason for this? How can i relaease this?

 

soft: 7.1.4-h2

 

Cpu(s):  0.5%us,  0.5%sy,  0.0%ni, 98.8

...

Unused Services

Is there a way to tell if a service is being used? I am trying to verify that the services the migration tool lists as unused can be deleted. It might be enough to go by what the migration tool says but I usually like to verify it a couple different

...

jdprovine by L4 Transporter
  • 3920 Views
  • 3 replies
  • 0 Likes

Resolved! Oversize Microsoft RADIUS Response Packets

Oversized MS NPS radius response for EAP authentication request is dropped from the Firewall.
Is there any solution on this? Customer do not want to make any adjustment or modification from the server end.

 

 

Apart from enabling Jumbo frames and "adjust

...

Resolved! Global Protect Access routes for Office 356

Hi Guys,

 

I am struggling to find a solution for one request that I have from customer. We have VM-300 with PanOS-7.1.6 and customer wants to enable Global Protect for remote access users. The tricky part is that for the split-tunneling configuration

...

The dreaded any

I got a health check report and according to it I have a least one any in every single rule I have on my firewall. I was just curious if anyone  has been able to have at least one or more rules with no any's at all. 

jdprovine by L4 Transporter
  • 6990 Views
  • 14 replies
  • 1 Likes

Resolved! Logs Retention on MineMeld

Hello,

 

I want to change the log retention on MineMeld.

It looks that the default configuration is 7 days. I was not able to find where to change this parameter.

Can you please help?

Resolved! Source NAT subnet from wrong interface

Hi, So im having difficult with a source nat to Internet.. My goal is to route traffic between two vlans in my cisco 2960x switch and let palo handle the rest.. The problem is that the source net arrives to the palo on the wrong interface (well its e

...

Site to Site vpn with Dhcp server at remote site

Hi,

 

I have a site to site ipsec vpn between 2 PA devices. Lets call them Site A and Site B and at Site A I have a Cisco router acting as a dhcp server. I'm trying to have all the client at Site B get their dhcp address and scope options from the cisc

...

strobins by L1 Bithead
  • 5177 Views
  • 5 replies
  • 0 Likes

Traffic steering to wrong sub interface

Tearing my hair out here so any help appreciated.

This is a VM firewall, VM-300 ver 8.0.3-h4.

 

I have created new subinterfaces for three VLANs, one of which is a guest VLAN (111) which has its own vSwitch, port group, sub-interface and zone. However,

...

Firewall 00 - Logs.PNG
Firewall 01 - Policies.PNG
Firewall 02 - Interfaces.PNG
Firewall 03 - Objects.PNG
  • 23994 Posts
  • 115 Subscriptions
Top Solution Authors
Top Liked Authors
Labels