PAN 5050 Migration to PAN 5220
We are planning a migration from hardware 5050 to 5220. The PANOS migration will be from 6.1.16 to 8.0.2 (oe whatever 8.x version installed on the new 5220 hardware). I am looking for advise for the upgrade process.
We are planning a migration from hardware 5050 to 5220. The PANOS migration will be from 6.1.16 to 8.0.2 (oe whatever 8.x version installed on the new 5220 hardware). I am looking for advise for the upgrade process.
Hi ! Currently, I am using GlobalProtect in my network.Also, I am configuring an Active Directory Server, and I would like to use AD users to connect to GlobalProtect (currently I'm using local users / groups in the firewall). Computers are not in the domain yet. I have followed this tutorial : https://live.paloaltonetworks.com/t5/Configuration-...
Hi, Our GP Clients initially try to establish a connection over IPSec, but fall back to SSL every time. I can see the IPSEC traffic coming in and being allowed and do not know how to find why the tunnel is not establishing over IPSec. Any ideas on how to troubleshoot this? Or suggestions? Thanks,Shannon
We are a K-12 school district. SSL decryption is not in the cards, at least for the time being. From what I read, enabling safe search enforcement in URL filtering profile will not work properly without having implemented SSL decryption If that's correct, is a DNS proxy the way to go, as described here: https://support.google.com/websearch/ans...
I was trying some different settings out on my Global Protect portal app config and now when I commit from panorama I get these warnings:Details:. Config 'fw-portal-agent':. GlobalProtect App Dynamic Configuration misses informaion for 'mfa-enabled'.. GlobalProtect App Dynamic Configuration misses informaion for 'mfa-listening-port'.. GlobalProt...
Anyone can share the PA5050 and PA5020 EOS/EOL documents. Thanks
Hi I have tried reading and following some of the manuals and well.... argh. So I have 1 HA cluster of PA-3060 and 1 VM panorama. I have upped the spec of the vm - to allow me to change into panorama mode. I have added a 100G SCSI drive sdb added it as a log disk (can't remember what I did for that) What I have done ison Panorama VM panorma / ma...
Hello, I just migrated from cisco ASA to Palo Alto. Before, i used Cisco VPN Client (IPSec) and i managed to access to a network or host, or services by username. One security profile by local user.For this fonctionnality, i used just 1 Public IP and 1 Private IP.Is it possible to use many security profiles ( Resources Access ) by Global protec...
Hi Iam trying to find a good solution to my home and homelab network. i put together a drawing of the current layout.How can i access mye homelab 10.0.0.0/24 via my wireless 192.168.1.0/24 when i am home?and how can i access my home 192.168.1.0/24 and homelab 10.0.0.0/24 from vpn client when i am not home ?do i need a subinterface (the "PA" box ...
Hi: This morning I received the ugrade version prompt for the VPN client I mindlessly clicked yes but didn't reboot and kept working... During the day I did a reboot of the laptop and received an error prompt about MFC120.dll missing. I already tried uninstalling and repair and both options don't work. - Is there a manual way to uninstall GP VP...
Hi I have a working GP setup. I have setup the agent to be always on, prelogon and auto login when the user logs in. No I want to use the same setup to allow users at home to setup their PC so they can connect, I do want to use the global protect agentm but I don't want it on all the time Can I do this with the same gateway / portal setup ? And ...
I have a long list of URL's in my custom list to exclude from decryption. I can export my URL catagory list, but I don't see any way to import into the SSL Decryption Exclusion list.
Answer: PAN-OS devices can update their own clocks (as clients passively consuming the time, not servers giving out the time) using NTPv4.Outside of time syncing PAN-OS also supports autokey and symmetric key (introduced in PAN-OS v6.1 as part of the Authenticated NTP feature).
Hi Folks, We have configured HA recently and trying to understand the features of Link monitoring. We are considering Link monitoring only first since we want to consider our local firewall port health first. We configured a Link monitoring group on interfaces 1/1 and 1/2 set to any.Does this mean that the hardware port (1/1,1/2) has to go down ...
Hi Guys, After setting up an LDAP profile i am trying to map over the groups.When i go through the process of expanding the domain i get this error: "op command for client useridd timed out as client is not available" Does anyone know what could be causing this error. P.s. I am using an FQDN instead of an IP address for the LDAP server if that m...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |

