This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4126 Views
  • 0 replies
  • 0 Likes

Active Directory Authentication for GlobalProtect issue

Hi ! Currently, I am using GlobalProtect in my network.Also, I am configuring an Active Directory Server, and I would like to use AD users to connect to GlobalProtect (currently I'm using local users / groups in the firewall). Computers are not in the domain yet. I have followed this tutorial : https://live.paloaltonetworks.com/t5/Configuration-...

Server LDAP.PNG
Group Mapping 1.PNG
Group Mapping 2.PNG
Auth Profile.PNG

GlobalProtect Clients fall back to SSL

Hi, Our GP Clients initially try to establish a connection over IPSec, but fall back to SSL every time. I can see the IPSEC traffic coming in and being allowed and do not know how to find why the tunnel is not establishing over IPSec. Any ideas on how to troubleshoot this? Or suggestions? Thanks,Shannon

SARowe_NZ by L3 Networker
  • 3928 Views
  • 2 replies
  • 0 Likes

Resolved! Force Safe Search without SSL decryption

We are a K-12 school district. SSL decryption is not in the cards, at least for the time being. From what I read, enabling safe search enforcement in URL filtering profile will not work properly without having implemented SSL decryption If that's correct, is a DNS proxy the way to go, as described here: https://support.google.com/websearch/ans...

Resolved! GlobalProtect App Dynamic Configuration misses informaion for 'mfa-enabled'.

I was trying some different settings out on my Global Protect portal app config and now when I commit from panorama I get these warnings:Details:. Config 'fw-portal-agent':. GlobalProtect App Dynamic Configuration misses informaion for 'mfa-enabled'.. GlobalProtect App Dynamic Configuration misses informaion for 'mfa-listening-port'.. GlobalProt...

Setting up Panorama as a log collector

Hi I have tried reading and following some of the manuals and well.... argh. So I have 1 HA cluster of PA-3060 and 1 VM panorama. I have upped the spec of the vm - to allow me to change into panorama mode. I have added a 100G SCSI drive sdb added it as a log disk (can't remember what I did for that) What I have done ison Panorama VM panorma / ma...

Global protect - multiple gateway on one IP

Hello, I just migrated from cisco ASA to Palo Alto. Before, i used Cisco VPN Client (IPSec) and i managed to access to a network or host, or services by username. One security profile by local user.For this fonctionnality, i used just 1 Public IP and 1 Private IP.Is it possible to use many security profiles ( Resources Access ) by Global protec...

Resolved! Wireless and PA200 homelab access

Hi Iam trying to find a good solution to my home and homelab network. i put together a drawing of the current layout.How can i access mye homelab 10.0.0.0/24 via my wireless 192.168.1.0/24 when i am home?and how can i access my home 192.168.1.0/24 and homelab 10.0.0.0/24 from vpn client when i am not home ?do i need a subinterface (the "PA" box ...

Untitled 1.jpg

Resolved! Cannot Uninstall or repair Global Protect vpn client on Windows

Hi: This morning I received the ugrade version prompt for the VPN client I mindlessly clicked yes but didn't reboot and kept working... During the day I did a reboot of the laptop and received an error prompt about MFC120.dll missing. I already tried uninstalling and repair and both options don't work. - Is there a manual way to uninstall GP VP...

sansari by L1 Bithead
  • 19748 Views
  • 5 replies
  • 0 Likes

Resolved! Global protect company pc and user pc

Hi I have a working GP setup. I have setup the agent to be always on, prelogon and auto login when the user logs in. No I want to use the same setup to allow users at home to setup their PC so they can connect, I do want to use the global protect agentm but I don't want it on all the time Can I do this with the same gateway / portal setup ? And ...

Does PANOS support NTPv4 ?

Answer: PAN-OS devices can update their own clocks (as clients passively consuming the time, not servers giving out the time) using NTPv4.Outside of time syncing PAN-OS also supports autokey and symmetric key (introduced in PAN-OS v6.1 as part of the Authenticated NTP feature).

dhshah by L3 Networker
  • 3333 Views
  • 2 replies
  • 0 Likes

Resolved! Link monitoring characteristics?

Hi Folks, We have configured HA recently and trying to understand the features of Link monitoring. We are considering Link monitoring only first since we want to consider our local firewall port health first. We configured a Link monitoring group on interfaces 1/1 and 1/2 set to any.Does this mean that the hardware port (1/1,1/2) has to go down ...

OMatlock by L4 Transporter
  • 9462 Views
  • 8 replies
  • 0 Likes

Group Mapping error

Hi Guys, After setting up an LDAP profile i am trying to map over the groups.When i go through the process of expanding the domain i get this error: "op command for client useridd timed out as client is not available" Does anyone know what could be causing this error. P.s. I am using an FQDN instead of an IP address for the LDAP server if that m...

TAOR200 by L0 Member
  • 5643 Views
  • 1 replies
  • 0 Likes

LSVPN Tunnel Recovery

I've set up my first LSVPN deployment and everything has gone without a hitch. The only issue I ran into, we were doing an upgrade of PAN-OS on the gateway and satellites. Satellites all went fine, but my gateway bombed out (first time its happened to me). We were in an HA pair, but I had duplicate IPs on the network once the passive box rebo...

dan731028 by L3 Networker
  • 3098 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks