General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Shutting down/disabling subinterfaces

I am very new to the PANOS world so I will apologize in advance if this is obvious, however my search of documentation and knowledebase did not yield anything. I have been looking for a way to administratively shut down sub interfaces. Is this possib

...

Forced VPN Connection with GlobalProtect

Is it possible to force a VPN Connection so the client can only use wifi or ethernet if he is in the office or has a active VPN Connection?

Sending Before Change and After Change details in Panorama to Syslog

I've been testing the logging of change events to a syslog server from Panorama. Syslog events indicate a change made by a person and the general section of the change without giving any specific details of what was changed. Looking in Panorama in

...

Resolved! Two Virtual Routers

Hello,

When I configure two virtual routers on a PA-5060, how do I get them to see each others’ routes?

Do I need to configure some kind of virtual internal circuit between the two routers?

Thanks!

Resolved! commit confirmed X on PaloAlto firewall ?

Hello All,

I am a newbie to PA firewalls but have some experience with JunOS firewalls. I like the "commit confirmed XX" command on JunOS because it will revert a change after XX minutes if for some reason I get locked out. A good example is when c

...

Resolved! QoS on Tagged VLAN Sub-interface

Hi there,

I try to implement QoS on Tagged VLAN sub-interface. Found some configuration on main interface but not sub-interface one.

Any suggestion? ^^

Thank you

Resolved! BGP Graceful restart in an Active/Passive cluster?

All,

Quick query, we are in the process of implementing a HA cluster that will be BGP peering with several upstream routers, both route import and export, and in trying to reduce the interruption due to a failover we are looking to implement the Grac

...

PBF with NAT, how does it works?

Hi Guys

According to document , if there's destination NAT , there'll be second routing lookup to decide outbound zone & interface. But I'm very confused when there's routing and PBF together, In the second routing lookup, how does PBF rule work? Does

...

Join the Fuel User Spark Event on March 19: Dealing with Threats !

Join us at the Fuel User Group Spark Event on March 19!

Get ready to ignite your cybersecurity knowledge and connect with industry experts at our upcoming Spark event hosted by the Fuel User Group. Whether you're a seasoned professional or just

...

Secondary IP and DHCP

Greetings,

Say we have an interface that is configred the following way:

e1/2.240

Tag: 240

IPv4 Address (two addresses on the interface):

-10.10.100.1/24

-192.168.100.1/24

Now, if that interface is configured as a DHCP relay, which network is it going to se

...

nslookup on the management port ?

I would like to check a few DNS issues I'm seeing on the management port.

I had hoped to find nslookup in the CLI, but it isn't there.

Is there something equivalent ?

Thanks.

Resolved! About address object with FQDN and apply it to security policy.

If I have a FQDN "abc.com" that have two DNS records 10.0.0.1 and 10.0.0.2.

Then I create a address object with FQDN type, and the value is "abc.com"

When I use this object into security policy, how does it working? Does it become 10.0.0.1 or 10.0.0.2

...

Resolved! HOW TO CONFIGURE .1q - VLAN TRUNK

Hi guys ,

I have a lots of doubts about how to configure .1q vlan TAG / TRUNK on PALO ALTO FIREWALL.

It`s possible to work with layer 3 interface ?
I don`t found any documents here.

Does anyone have something to help me.

Nbest Regards

THiago LIma.

Avaya 9611G/4610SW VPN to PA-500

Has anyone had success connecting Avaya IP phones via VPN to PA devices? I am able to complete IKE Phase 1 authentication, but fail Phase 2 due to local/remote proxy IDs not found:

'IKE phase-2 negotiation failed when processing proxy ID. cannot fin

...

User mapping - IdleTimout and MaxTimeout architecture with GlobalProtect only (no User ID agents)

We have a setup for up to 2.000 employees. Every employee has the GlobalProtect installed, but we are not using any User ID agent.

We have only one portal configured, for both internal and external (vpn) connections.

On both gateways (internal and exte

...