This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Resolved! Global Protect question

Hi So I recently went through a POC with a HA pair of PA-3060. Setup a Portal. Now it seems like my vendor/pa forgot to add the any GP licensing. So by my read, I can do single gateway setup. Is there some doco on how to setup a client with no portal ?

PAN 5050 Migration to PAN 5220

We are planning a migration from hardware 5050 to 5220. The PANOS migration will be from 6.1.16 to 8.0.2 (oe whatever 8.x version installed on the new 5220 hardware). I am looking for advise for the upgrade process.

Active Directory Authentication for GlobalProtect issue

Hi ! Currently, I am using GlobalProtect in my network.Also, I am configuring an Active Directory Server, and I would like to use AD users to connect to GlobalProtect (currently I'm using local users / groups in the firewall). Computers are not in the domain yet. I have followed this tutorial : https://live.paloaltonetworks.com/t5/Configuration-...

Server LDAP.PNG
Group Mapping 1.PNG
Group Mapping 2.PNG
Auth Profile.PNG

GlobalProtect Clients fall back to SSL

Hi, Our GP Clients initially try to establish a connection over IPSec, but fall back to SSL every time. I can see the IPSEC traffic coming in and being allowed and do not know how to find why the tunnel is not establishing over IPSec. Any ideas on how to troubleshoot this? Or suggestions? Thanks,Shannon

SARowe_NZ by L3 Networker
  • 3998 Views
  • 2 replies
  • 0 Likes

Resolved! Force Safe Search without SSL decryption

We are a K-12 school district. SSL decryption is not in the cards, at least for the time being. From what I read, enabling safe search enforcement in URL filtering profile will not work properly without having implemented SSL decryption If that's correct, is a DNS proxy the way to go, as described here: https://support.google.com/websearch/ans...

Resolved! GlobalProtect App Dynamic Configuration misses informaion for 'mfa-enabled'.

I was trying some different settings out on my Global Protect portal app config and now when I commit from panorama I get these warnings:Details:. Config 'fw-portal-agent':. GlobalProtect App Dynamic Configuration misses informaion for 'mfa-enabled'.. GlobalProtect App Dynamic Configuration misses informaion for 'mfa-listening-port'.. GlobalProt...

Setting up Panorama as a log collector

Hi I have tried reading and following some of the manuals and well.... argh. So I have 1 HA cluster of PA-3060 and 1 VM panorama. I have upped the spec of the vm - to allow me to change into panorama mode. I have added a 100G SCSI drive sdb added it as a log disk (can't remember what I did for that) What I have done ison Panorama VM panorma / ma...

Global protect - multiple gateway on one IP

Hello, I just migrated from cisco ASA to Palo Alto. Before, i used Cisco VPN Client (IPSec) and i managed to access to a network or host, or services by username. One security profile by local user.For this fonctionnality, i used just 1 Public IP and 1 Private IP.Is it possible to use many security profiles ( Resources Access ) by Global protec...

Resolved! Wireless and PA200 homelab access

Hi Iam trying to find a good solution to my home and homelab network. i put together a drawing of the current layout.How can i access mye homelab 10.0.0.0/24 via my wireless 192.168.1.0/24 when i am home?and how can i access my home 192.168.1.0/24 and homelab 10.0.0.0/24 from vpn client when i am not home ?do i need a subinterface (the "PA" box ...

Untitled 1.jpg

Resolved! Cannot Uninstall or repair Global Protect vpn client on Windows

Hi: This morning I received the ugrade version prompt for the VPN client I mindlessly clicked yes but didn't reboot and kept working... During the day I did a reboot of the laptop and received an error prompt about MFC120.dll missing. I already tried uninstalling and repair and both options don't work. - Is there a manual way to uninstall GP VP...

sansari by L1 Bithead
  • 20044 Views
  • 5 replies
  • 0 Likes

Resolved! Global protect company pc and user pc

Hi I have a working GP setup. I have setup the agent to be always on, prelogon and auto login when the user logs in. No I want to use the same setup to allow users at home to setup their PC so they can connect, I do want to use the global protect agentm but I don't want it on all the time Can I do this with the same gateway / portal setup ? And ...

Does PANOS support NTPv4 ?

Answer: PAN-OS devices can update their own clocks (as clients passively consuming the time, not servers giving out the time) using NTPv4.Outside of time syncing PAN-OS also supports autokey and symmetric key (introduced in PAN-OS v6.1 as part of the Authenticated NTP feature).

dhshah by L3 Networker
  • 3403 Views
  • 2 replies
  • 0 Likes

Resolved! Link monitoring characteristics?

Hi Folks, We have configured HA recently and trying to understand the features of Link monitoring. We are considering Link monitoring only first since we want to consider our local firewall port health first. We configured a Link monitoring group on interfaces 1/1 and 1/2 set to any.Does this mean that the hardware port (1/1,1/2) has to go down ...

OMatlock by L4 Transporter
  • 9717 Views
  • 8 replies
  • 0 Likes
  • 24381 Posts
  • 123 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks