General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Any guides to setup Global Protect always on(user-logon) when using Radius with RSA ?

We are using a mixed 7.0.x environment for PAN-OS and are using GP v. 3.0.2 and I want to test out using the always-on(user-logon) or (pre-logon) feature with Global Protect so that when our users take their laptops home, they must sign into globa

...

IPSEC interoperability - PAN-VM-200 to CISCO ASA 5505

Good Day

First - Do you need a IPSEC license for a PAN-VM?

Second - Can I follow the PAN guide for - "IPSEC interoperaability between Palo Alto Firewalls and CISCO ASA"? The reason I ask is the guide show conifguration between a PAN-5060 and a AS

...

Software versions

Why are for example the software version 7.1.3 (29.6.2016) ready for download and update before 7.0.9 (1.8.2016)? When I look at the Software-option under Device when I am about to update my PA-3020, I get confused when I see for example version 7.1.

...

Does Global Protect maintain a list of MS patches

Does Global Protect maintain a list of MS patches or does it only look for the patches that you list in the HIP object? If it does maintain a list were can you see the list?

ISP Load balancing with ECMP

I have the Following Scenario on a PA-200

[ISP1]

Zone = Untrust

Eth1/1 = 192.168.7.110/24

Modem GW = 192.168.7.1/24

[ISP2]

Zone= Untrust

Eth1/2 = 192.168.5.110/24

Modem GW = 192.168.5.1/24

[Local LAN]

Zone=Trust

Eth1/3 = 10.1.1.1/24

Running DNS-Proxy and DHCP

...

How to filter rule by subnet

Hi there,

I'm trying to filter the rules via subnet. Is this possible ? I've tried copying (addr in '10.10.10.0/24') from a working log filter search and that doesn't seem to work. There's no filter builder like the log search box so i can just u

...

Resolved! Benifit of Target Tab in security policy on Panorama.

Hi Guys.

Good day!
I would like to know that what is the benifit of target tab on Panorama.

For eg.

I create a shared policy. Now I push it to firewalls I choose using device group while commit.

Now I create shared policy and choose target (never d

...

Max number of supported tunnel VPN client to site on PA-200

Hello,

I must configure a simultaneous access VPN client to site for 60 users on the PA-200. But this firewall support only 25 tunnels vpn (datasheet PA-200). It's possible to have an extension of the number of vpn tunnel on the PA-200?

Resolved! Application Groups - how to transfer list of applications?

Hello

I have two groups in Application Groups, every one has over 60 applications on lists.

I need to recreate the same settings on another PA device - how to do it?

Regards

Slawek

Resolved! Parent Application Subtypes automatically allowed?

Hi All,

In a security policy, if I allow Application "ipsec" with service as "application-default" then will the firewall also allow

- ipsec-esp

- ipsec-esp-udp

- ipsec-ah

- ike ?

If you see applipedia, and if you search "ipsec" then you see the above me

...

Management server failed to send phase 1 to client dhcpd

My HA is not in sync because I am getting above error message.

Are there like basic troublehsooting steps/docs which I can do?

Resolved! Cannot find pan_packet_diag.log on PA VM

Hello,

I am new to this forum so please bear with me. I would like to use debug log feature on my PA VM. I am able to turn the logging on with the following commands:

debug dataplane packet-diag set log

debug dataplane packet-diag set log feature flow

...

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Any guides to setup Global Protect always on(user-logon) when using Radius with RSA ?

IPSEC interoperability - PAN-VM-200 to CISCO ASA 5505

Software versions

Does Global Protect maintain a list of MS patches

ISP Load balancing with ECMP

How to filter rule by subnet

Resolved! Benifit of Target Tab in security policy on Panorama.

Max number of supported tunnel VPN client to site on PA-200

Resolved! Application Groups - how to transfer list of applications?

Resolved! Parent Application Subtypes automatically allowed?

Issue after Internet Upgrade

Service settings in a NAT

Error Checking credentials - Gateway Timed out

Management server failed to send phase 1 to client dhcpd

Resolved! Cannot find pan_packet_diag.log on PA VM

GlobalProtect SAML Authentication Complete

how to generate an AWS Redis Auth code ?

How to validate Redis connection from vm-series on AWS ?

global counter tcp_case_2

IKEV2 w Cert - Wildcard peer for DN does not work.

Re: GlobalProtect 6.3.3

Re: GlobalProtect 6.3.3

Re: Support PAN-OS Software Release Guidance

Re: MFA external provider question

Re: GlobalProtect 6.3.3

Unlock your full community experience!

General Topics

Rules and Best Practices

Resolved! Benifit of Target Tab in security policy on Panorama.

Resolved! Application Groups - how to transfer list of applications?

Resolved! Parent Application Subtypes automatically allowed?

Resolved! Cannot find pan_packet_diag.log on PA VM