General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Traffic Monitor Filter Basics

PURPOSEThe purpose of this document is to demonstrate several methods of filtering and looking for specific types of traffic on the Palo Alto Firewalls. They are broken down into different areas such as host, zone, port, date/time, categories. At the end I have placed just a couple of examples of combining the various search filters together for...

How to Configure Email Alerts with Authenticated User

I have a PA-3020 with 7.0.1 installed. is there anyway to email with Office365 email address? I tried from command line and got the below error. "Client was not authenticated to send anonymous mail during MAIL FROM"

Resolved! Report-based Logging Without Interfering With Policies

Hi PANland, I'm back with another implementation question th So PAN devices log when you tell them to, but for their reports feature it seems that with or without logs they will keep unmutable counters of very basic information that has to be parsed anyway to make it through the firewall (ie. application, source, etc.). Here’s my situation: I’...

Resolved! How do I identify which PC made a suspicious DNS query?

Hello I have setup the Anti-Spyware Profile in our firewall and I have a lot of threat logs of type spyware suspicious DNS queries from a domain controller machine and this is cleansed. Monitor > Logs > Threat list As you can see I have configured the sinkhole method. But I woluld like to know how could I identify which PC are making t...

Response Page on Internet Zone

Hello Community, our customer has a Cluster of PA-3020 with PANOS 7.0.2. We have enabled Application Block Page and the Internal users can view it properly. Customer has a rule to permit Web-browsing traffic from Internet to DMZ. When users try to show the web page published by the server on the rule, he view the Application Block Page that...

Resolved! SSL Decryption - log for SSL certificate errors?

Hi all, We are using PANOS URL Filtering and SSL Decryption, and we reject a variety of SSL certificate problems such as expired certificates, SHA-1 signing, etc. When one of our users hits one of these web sites, they get a "block" page. This invariably leads them to submit a request to have the site unblocked, without any additional inform...

Resolved! shell request failed on channel 0

Trying to do an SCP copy to a server, but I can't get past "shell request failed on channel 0". Using Solarwinds, and it says Authenticated user "username" from IP "ipaddress", but it always fails from the firewall. Any ideas?

Custom Vulnerability Signature. Is this limitation correct or is a fail?

Hello I've been trying to create a custom vulnerability and I have encountered this limitation:Currently in Threat Database Vault 529 version there are 50 signatures for PHP. I'm trying to add all PHP signatures and this message appears when it exceeds 17 signatures. 😞Is this limitation correct or is a fail? 😞 A few days ago we suffer multipl...

I want to know some details about a specific threat signature.

Hello everyone I have this threat signature.: "NUCLEAR Exploit Detection Kit (38268)" , and I'm researching on what date was it created?I need to know which version of the threats database was included and released this signature? I would greatly appreciate any help. Regards, dicu