General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! DNS in global protect vpn

Hello Experts

In global protect configuration, I provided the DNS IP. After VPN connect, I have two DNS, Physical card DNS and global protect vpn provided DNS. My question is that what DNS would be used for DNS queries for internet and for traffic th

...

Resolved! Filtering the security rules by rule number

Hello Experts

Is there any option to filter or find the security policy through rule number? It seems there is no filter for rule number.

Appreciated your support

Resolved! Best Security Firewall review

Ok, I heard that palo alto does have a service that will review a firewall configs to make sure the Best Practices and Security Practices are being down. If this is true what is the service call and has anyone use this service ?

Resolved! IP for portal and gateway in global protect

Hello Experts

Can I use different IP for portal and gateway other than IP assigned to external interface of firewall? Should I need to assign this IP also to external interface of firewall or no need?

Regrds,

GR

Panorama Audit Logs

Hello Experts

I am using Panorama to push configs to firewalls. But the problem is that there are alot of users, doing configuration but in audit logs of Panorama, it is showing config by <user> thats it. I would like to see what actual changes/comma

...

Wildfire .docx

Hi,

i am testing wildfire at the moment for forwarding .doc, .docx and EXE Files to the wildfire cloud.

This is my rule:

But it seems, that only .doc and .exe Files are forwared to the cloud (first Forward but then upload skip because the cl

...

How To Get the the Config of a Virtual Systems (VSYS)

Hello all!

I am new to Palo Alto FWs and have a simple question.

We have a PA-5050 and one of the users has been assigned a "Virtual Administror" role to a specific VSYS. The Administrator type is "Dynamic". This user was trying to get a dump/copy o

...

Resolved! Traffic processing when user information may be outdated

Hello!

Could you please expalin what's the default traffic policy when new authentication agent/AD DC info is unavailable for some reason.

Does the user-based rules get automatically turned off or someting?

Does the traffic which gets under user-based f

...

Resolved! policy muliple search syntax

I have a large list of IP addresses that I need to search on. I am not necessarily interested in if these systems are getting traffic, but moreso interested if they are present in any policies.

Is there a way to search for multiple host/net objects

...

Qos policy and order of precedence

Hi,

If a qos profile class 3 set limit 10 and no quarantee set . And a qos policy created and it kept on top of the policy list .

Lets say there are other classes also set like below

qos policy

1 ) 10.0.100.10 class 3

2 ) 10.0.101.11 class 2

...

UserID agent version

Old

Firewall and Panorama - live update design an architecture

I wanted to get a consensus from the community how do you design the firewall architecture to procure updates on the hourly, quarter hourly frequency nessistated by Next Gen firewalls.

Do you deploy a bastion host which panorama can reach out and ge

...

Resolved! Copying firewall rules from one firewall to toher

Hello Experts

We have communication between DC and there are four three firewalls in between. So for bidirectional policy, I need to create same two rules on fw1, two rules on fw2 and two rules on fw3 (the only difference is offouce zone names and po

...

Implementing PA-500 Firewall along side of Cisco ASA

Hi there,

We currently have a Cisco ASA 5512 in place, and we're planinng on implementing a PA-500 for web and app filtering. Has any one in the community ever done this before? If so, I'd greatly appreciate some advice.

Thank you

Resolved! IP address for NAT

Hello Experts

I was checking confiugration on my PA firewall and I foud for every source and destination NAT, the public IP for NAT with /32 was assigned to external interface of firewall. In my opinion there is no need to assign public IP /32 to ext

...

Discussions