This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4105 Views
  • 0 replies
  • 0 Likes

Resolved! Spotify traffic showing up as an incomplete application

I have to allow certain streaming music apps (Spotify, Pandora, etc.) though my PA and I've been trying to see how that bandwidth looks like first before I allow it and throw it in a QoS ploicy for the rest of my company. I created a rule to allow the Spotify application outbound for just myself and created QoS policy on the PA that would limit ...

Globalprotect auth certificate profile

Hi, Question on global protect authentication certificate profiles. On our gateways, I've had a certificate profile configured to prevent non-company devices from connecting. Has worked great, no real issues. However, this was only configured on the gateway, no the portal authentication. I'm trying to resolve an issue where bad actors ar...

Resolved! Palo Alto VM GCP not using ssh key and forcing password authentication

I have tried multiple BYOL images in Google Cloud and re-generate SSH keys. It keeps asking to authenticate the admin user with no known passwords. It's ignoring the keys I guess. Is there something missing from my config when I deploy via Terraform? ebug1: Found key in /Users/arthurgreenwald/.ssh/known_hosts:1 debug3: send packet: type ...

IPsec to Azure with a DHCP WAN IP + SDWAN + GlobalProtect

I tried to go down this rabbit hole once with no success. The IPsec tunnel to Azure should be fairly easy, it's what I already have configured that complicates it... I currently have a PA-220 with (2) WAN connections [both DHCP] and currently using SD-WAN. Currently running PANOS- 10.1.8 I have a GlobalProtect portal/gateway running on 1 of...

Resolved! Starlink Failover: Fast Download Almost NO Upload Speed

I have a weird problem setting up Starlink as a failover ISP. Download speed is blazing fast, but upload speed through the NGF is almost non-existent, 0-1 mbps. When I connect to the Starlink router directly, I get download speeds of 50bmps so I know it's not the ISP's fault. A troubleshooting ping test from the PA NGF web GUI, yields 50-...

Migrating from PA-5250 to PA-5410

Hello folks, i need to migrate from PA-5250 to PA-5410, the old devices are managed via panorama using stack and stack template, the new devices are reachable with no configuration other than the management. What is the best way to move the configuration from the PA-5250 to the new PA-5410 with less effort? Can i just add the 5410 in the exist...

PA.jpg
MAerre by L2 Linker
  • 6574 Views
  • 11 replies
  • 0 Likes

Captive Portal SSO browser-challenge issue

Hi, We would like to deploy captive portal instead of using userid. We would also configure it so that the user does not have to login or get a login page. However, the browser-challenge seems to fail and then the user gets redirected to the default web form. Is it even possible to configure captive portal to authenticate the user without ...

rbrainar by L0 Member
  • 946 Views
  • 1 replies
  • 0 Likes

Doubt configuration HA Paloalto-Aruba

Hello to all I have a pair of FW PA-460 active-passive. When we perform Failover I lose 40 seconds the network to the internet. i have only HA1 connected on a pair of SW aruba. I suspect it may be an Aruba or Paloalto configuration issue. Any idea? Best regards.

Alpalo by L4 Transporter
  • 3933 Views
  • 6 replies
  • 0 Likes

Resolved! mail and dns server

Hello friends , I am runnng pv-vm on kvm , which has no license presently ,(version 9.0.4) baiscally this setup is understand palo alto firewall i have domain /fqdn (want to run all a mx ns server to run locally ) i have setup a web ,mail and ftp and dns server ,web server and ftp server working but need some help/understanting on mail and d...

shrikant by L2 Linker
  • 3809 Views
  • 5 replies
  • 0 Likes

Meraki behind PA - Unfriedly NAT

Hello community, another person with the problem. I know, I know. Finding a solution to this problem is obviously not easy. I have a problem with a Meraki cluster behind a PA cluster.The problem is the familiar “Unfriendly NAT”.I just can't figure out how to configure the PA so that it works. Countless articles on the internet don't help eit...

Resolved! Internet Bandwidth comsumed, who?

Hello Team, Firstly, thank you all for your cooperation. I have an issue that is I have my internet connection fully utilized most of the time. is there a way or work arround to find out which host IP is utilizing the bandwidth, knowing that I am not running the SD-Wan. software version 11.1.2-h3 TIA,

End users selects DENY on the MFA prompt on the phone still are able to connect to GlobalProtect agents

I need some advices on this GP VPN Client with MFA issue: End users selects DENY on the MFA prompt on the phone still are able to connect to GlobalProtect agents The current auth environment is that users use Active Directory in Azure for MFA and use Radius to authentication process in Globalprotect.

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks