Upgrade Panorama logs to PAN-OS 8.0 (FAQ)

by ‎05-01-2017 02:42 PM - edited ‎05-12-2017 10:13 PM (3,189 Views)

Lots of discussions on the Live Community ask about the new Panorama 8.0 and the logs and log collector upgrades needed after upgrading. There is some confusion about the upgrades. I answer these questions in this blog.


LiveWeek 28 Apr 2017

by ‎04-28-2017 04:51 AM - edited ‎05-17-2017 09:17 AM (1,406 Views)

Fighting vs filtering it out, and a robust recommendation for application filtering. Check out Duo MFA (multi-factor authentication) for trusted access with SSO. Secure the citadel and protect against Shamoon2 and a variant of the IoT/Linux botnet, Tsunami, which we named Amnesia. April LiveWire has arrived! Globetrot with us in 'low cost' digs just in time for Ignite. Discussions, tips & tricks, videos and more. All here in your Live Community.


Tutorial: GlobalProtect Client Certificate Authentication (C is for...)

by ‎04-27-2017 12:28 PM - edited ‎05-17-2017 09:14 AM (973 Views)

Do you use GlobalProtect? Do you want to set up Client Certificate Authentication? 

If so, then you are in luck.  With the latest Video Tutorial, you will see what is needed to get this up and running.


Cert Configurations for GlobalProtect

by ‎04-25-2017 07:41 AM - edited ‎05-11-2017 09:12 AM (1,004 Views)

Ever wondered what solution is best for you ? Do you get lost on all the different certificate options you have in GlobalProtect ? Check out this article which explains all the different certificate options in a nutshell!


What are the recommended applications for internet access?

by ‎04-24-2017 06:38 AM - edited ‎05-11-2017 08:37 AM (1,281 Views)

Last week I was asked by several people what the recommended applications are to allow out to the internet, check out how I solved their conundrum.


Fight ... errr ... Filter it out!

by ‎04-24-2017 02:56 AM - edited ‎05-11-2017 09:09 AM (1,157 Views)

Ever felt like you’re missing out on something super nifty but can’t put your finger on it ? Check out this blog to see if you missed something!


Announcing the Live Community Sentinel Program

by Community Manager on ‎04-21-2017 01:32 PM - last edited on ‎05-11-2017 01:46 PM by (2,204 Views)

It is time to recognize our users!  The Live Community team is very excited to announce the roll out of the Live Community Sentinel program to recognize and reward our most valuable contributors.


Video Tutorial: Duo Multi Factor Authentication (MFA) (D is for...)

by ‎04-20-2017 12:31 PM - edited ‎05-11-2017 07:39 AM (4,364 Views)

This video tutorial shows how to integrate Duo multi-factor authentication to the Palo Alto Networks v8.0+ firewall in an authentication policy for the purposes of Captive Portal or an authentication step-up.


Live Community team at Spark User Summit London

by ‎04-19-2017 03:32 PM - edited ‎05-11-2017 08:34 AM (894 Views)

The Live Community team presented a small segment on best practices at the Spark User Summit event in London. Fnd a link to all the source materials, additional information, tutorial videos and more!


Inter VSYS NAT and how to hide Subnets

by ‎04-13-2017 06:31 AM - edited ‎05-11-2017 08:10 AM (1,122 Views)

Reaper discusses how in some scenarios you may need to split off segments of your network into different VSYS, but still be able to have the segments communicate with each other, but requiring NAT to hide the original IP subnets.


Tips & Tricks: How to configure GlobalProtect and IPv6

by ‎04-11-2017 02:24 PM - edited ‎05-11-2017 10:30 AM (1,148 Views)

If you have been wanting to know how to configure GlobalProtect and IPv6, then you will want to read this.



FYI: Panorama Certificate Expiration! June 16, 2017

by ‎04-10-2017 02:23 PM - edited ‎05-11-2017 07:36 AM (8,603 Views)

Just in case you have not seen the "Customer Notice" at the top of the screen, I wanted to bring your attention to the fact that the certificate Panorama uses to communicate to PAN-OS devices is going to expire!



LiveWeek 12:2017

by Community Manager on ‎04-07-2017 01:26 PM - last edited on ‎05-11-2017 10:19 AM by (991 Views)

50 top reports to get visibility in the network, The NAT saga continues, How to prevent SSH Tunneling while allowing normal SSH sessions, Protect against Shamoon 2, Share your story and win a t-shirt!


Tutorial: SSH Decryption

by on ‎04-06-2017 01:46 PM - last edited Wednesday (2,437 Views)

If you have ever wondered how to set up SSH Decryption, then you are in luck, as we have just published a Video Tutorial on this.


New IoT/Linux Malware Targets DVRs, Forms Botnet

by ‎04-06-2017 01:45 AM - edited ‎05-11-2017 09:07 AM (2,008 Views)

Unit 42 identifies a variant of the IoT/Linux botnet "Tsunami". Read about how the "Amnesia" malware is delivered and distributed within the targeted network.


The NATfather, part II

by ‎04-03-2017 02:36 PM - edited ‎05-11-2017 08:08 AM (1,349 Views)

NAT once again teaches us a lesson: keep your security policy close, but your NAT policy closer.


Do you have something to report?

by ‎04-03-2017 05:25 AM - edited ‎05-11-2017 09:14 AM (782 Views)

Check out this article and you'll be reporting like a boss in no time!


Reporting like a boss!Reporting like a boss!


LiveWeek 11:2017

by ‎03-31-2017 06:41 PM - edited ‎05-11-2017 10:27 AM (1,128 Views)

Detect and prevent malicious Disttrack activity. All the scoop and all the protection for Shamoon 2. Match different URL categories and verify which is used in a security policy. Untrust to untrust zone? There's more to NAT than meets the eye, especially considering the 'zone' factor. More about the pre-logon mode in GlobalProtect. The March issue of the LiveWire newsletter is here, lighting the way to your very own Live Community t-shirt for Ignite.


What's this pre-logon mode in GlobalProtect exactly?

by ‎03-27-2017 05:26 AM - edited ‎05-11-2017 09:05 AM (1,596 Views)

We already discussed on-demand and user-logon modes in GlobalProtect. So what exactly is pre-logon mode and why would you need it?


I'm gonna make him a NAT rule he can't refuse

by ‎03-22-2017 09:13 AM - edited ‎05-11-2017 08:07 AM (1,731 Views)

 Most of the time, your NAT rules will be pretty simple, there's going to be a trust to untrust so your users can go out and surf the web, and then there's the untrust to untrust so your webserver is accessible to the outside.


DotW: URL Categories - match different categories

by ‎03-20-2017 12:55 PM - edited ‎05-11-2017 07:28 AM (521 Views)

This week's discussion of the week talks about what happens when a single URL returns more than one URL category and how to verify which one is used in a security policy.



LiveWeek 10:2017

by Community Manager on ‎03-17-2017 08:30 AM - last edited on ‎05-11-2017 10:24 AM by (971 Views)

March Madness is in full swing - use Custom App-ID to manage it.  Go beyond default response pages.  Set up your log forwarding like a pro!  Learn about GlobalProtect on-demand and get more security with GlobalProtect in user-logon mode.  Step by step demo on how to configure the Panorama access domain to limit administrative access.  Threats and Dynamic Updates for U. 


Azure to PAN VPN (A is for...)

by ‎03-15-2017 11:36 AM - edited ‎05-11-2017 07:27 AM (805 Views)

Do you want to know more about Microsoft Azure and how to configure a VPN to a Palo Alto Networks firewall? If so, please click to read all about it.



There's a key?!

by ‎03-14-2017 04:28 AM - edited ‎05-11-2017 08:06 AM (667 Views)

Every door has a key. Did you know your firewall has one too?


Custom Response Pages

by ‎03-13-2017 04:54 AM - edited ‎05-11-2017 09:04 AM (937 Views)

Don't want no dull or default response page? Find out how to make more dynamic and explanatory response pages!


LiveWeek 9:2017

by on ‎03-10-2017 06:17 PM - last edited on ‎05-11-2017 09:27 AM by (734 Views)

Use things to block stuff. Running into a wall trying to make sense of all the logging? Learn how to set up logging like a pro! Do you want GlobalProtect but still want full control over connecting and disconnecting? GlobalProtect on-demand is exactly what you want. As an administrator, you want to control those naughty users and make sure they follow company policy at all times. Let GlobalProtect with user-logon take care of that for you! T is for Threats and U is for Updates and this is all 4 U!


Make more sense using filtered log forwarding

by ‎03-07-2017 06:17 AM - edited ‎05-11-2017 09:02 AM (791 Views)

Are you running into a wall when trying to make sense of all the logging? Don't be that guy and check out this article to find out how you can set up your log forwarding like a pro!


Blocking stuff with things

by ‎03-06-2017 02:12 AM - edited ‎05-11-2017 08:04 AM (819 Views)

If you need to block a certain type of application but are not sure how, there may be an interesting trick you haven't considered yet.


LiveWeek 8:2017

by on ‎03-05-2017 10:36 PM - last edited on ‎05-11-2017 09:24 AM by (817 Views)

Check out our closed captioned video and Harden Your Configuration while watching...or reading along! A user new to Palo Alto Networks needs to migrate the configuration from a Cisco ASA firewall to Palo Alto Networks. Migrating a configuration can be tricky if you have more than a few rules. If you have copious rules, and thousands of objects, groups, and IP addresses, you'll want to abandon the manual mission and use our tool instead.


LiveWeek 7:2017

by on ‎02-27-2017 10:15 AM - last edited on ‎05-11-2017 09:21 AM by (849 Views)

Our Solutions Engineers are sentries on the watch. Joe helps defeat the threats knocking at your door. Tom wants the door closed and your firewall secured. Kim helps with any trouble committing the latest change, so you're assured your firewall performs as you expect. Get the latest news and views-- straight from our Solutions Engineers -- as they share info, insight, and tips exclusive to the Live Community. Read our blogs, join our discussions and jump on board. Register and become a member now.


Learn more
Ask Questions Get Answers Join the Live Community