General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Administrator account issue

PA-5050 device with software version 4.1.6.In all my devices except one, I was able to create a new Administrator account (Superuser) with password and log on with the account to administer the device. The problem device allows me to create a new account like the others, but I get an "Invalid Username or password" error when I attempt to log on...

Resolved! Is it possible to group countries?

I want to be able to use a set of countries for some specific rules. Is there any way to create a group with countries?

Global Protect 1.2.2-14 winhttpObj, error! ipaddress

Hi,I keep getting this error when trying to connect with global protect, this pc is on the internal network. I should get the massage 'Connected Internal'...any ideas. I have included the log below and highlighted the line.(T3776) 04/24/13 09:46:14:861 Info (2249): winhttpObj, HandleHttpsRequest, cmdStr = (T3776) 04/24/13 09:46:14:861 Info (2268...

Shutting down/disabling subinterfaces

I am very new to the PANOS world so I will apologize in advance if this is obvious, however my search of documentation and knowledebase did not yield anything. I have been looking for a way to administratively shut down sub interfaces. Is this possible? While it's easy enough to shutdown a physical interface by assigning it's link-state we're no...

Sending Before Change and After Change details in Panorama to Syslog

I've been testing the logging of change events to a syslog server from Panorama. Syslog events indicate a change made by a person and the general section of the change without giving any specific details of what was changed. Looking in Panorama in the Monitor tab I can see the change event and some details that are sent to syslog, but the deta...

Resolved! Is it possible to generate "email" alert when any user reaches the defined bandwidth threshold?

Hi All,Is it possible to generate "email" alert when any user reaches the defined bandwidth threshold?Eg: Defined bandwidth threshold is 1 MB, if any user reach or exceeds the defined bandwidth threshold then the device should trigger a email alert to administrator. Note : I don't want to restrict any user to 1MB, but need onle alert if he excee...

Scheduled Log Export Failure

I have Scheduled Log Export but it's failing. The system log reads "Failed exporting traffic log via ftp (last-calendar-day)".If I run the export command via CLI, it runs successfully.>ftp export log traffic start-time equal 2012/11/28@00:00:00 end-time equal 2012/11/28@23:59:59 to anonymous@hostnameAny ideas on why the Scheduled Log Export ...

Resolved! Two Virtual Routers

Hello,When I configure two virtual routers on a PA-5060, how do I get them to see each others’ routes?Do I need to configure some kind of virtual internal circuit between the two routers?Thanks!

Resolved! commit confirmed X on PaloAlto firewall ?

Hello All, I am a newbie to PA firewalls but have some experience with JunOS firewalls. I like the "commit confirmed XX" command on JunOS because it will revert a change after XX minutes if for some reason I get locked out. A good example is when changing speed/duplex on an edge firewall that I may get locked out of. Is there an equivalent com...

Resolved! Difference between apps and contents

Dear PAN community,When a new 'Applications and Threats' signature is release there are typically two versions that have the same Version name (e.g. 350-1658) but then differ in the File Name and Features description.As a current example, Applications and Threats Version 350-1658 was released on 2013/01/15 and there are two of them, one with Fil...

Palo Alto and Aruba Clearpass integration

Can someone please point me in the direction of any documentation for integrating PA firewalls with Aruba Clearpass. Understand Clearpass has a direct path into the API without the need for any programming?

Resolved! Howto delete sub-interace from cli

Hi,I`m trying to delete a sub-interface from CLI but cant seem to find the correct command, i managed to remove the IP address and tag but not the entire sub-interface.admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.20 Server error : ethernet1/4.20 cannot be deleted because of references from:import -> net...

Destination NAT Mismatch error

Hi I'm configuring a new PA-500 and have it working for source NAT going from Tusted to Internet. Now I want to create a destination NAT rule to allow traffic in to a web server located on the trusted net. I have created a rule almost exactly as it shows in the Admin guide but I'm getting the error - “nat rule “Incoming Web”: Mismatch destinatio...

Resolved! QoS on Tagged VLAN Sub-interface

Hi there,I try to implement QoS on Tagged VLAN sub-interface. Found some configuration on main interface but not sub-interface one.Any suggestion? ^^Thank you

Does anyone have any experiences or "gotchas" they'd like to share when they've implemented Riverbed Steelhead appliances behind PA firewalls?

I see that there's a 'riverbed-rios' app listed in Applipedia, which gives me some hope.Specifically what I am concerned about is discussed here (with configuration examples for PIX/ASAs):http://www.dslreports.com/faq/16494The Riverbed appliances we have take advantage of TCP option 76 for autodiscovering other Steelhead appliances that are in-p...