General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! .yml file: PA device password in clear text

Hi Luigi,

.yml file for DagPush node in /opt/minemeld/local/config shows password of the device in clear text. It should be at least hashed.

Thanks

Regards,

Bertrand

Resolved! VMware ESXi 6.0 and PA VMs

Is VMware ESXi with vSphere 6.0 supported?

The technical documentation for the 6.1 virtual appliances states: "VMware ESXi with vSphere 5.0, 5.1, and 5.5 for VM-Series running PAN-OS 6.1."

And the 7.0 documentation states: "VMware ESXi with vSphere 5.1

...

Resolved! NAT and Security Policies, PBF Failover and Symmetric Return - Dual ISP

This is two parts:

1) I configured Destination NAT rules and corresponding Security Policies to allow inbound access to servers on private LAN. These all utilize the Primary ISP public IP address. If I want these internal servers accessible over the

...

Resolved! OSPF pocket in an EIGRP network

I am putting a PA firewall in our datacenter and am looking to have the firewall advertise the protected subnets out to the rest of the network. However, the rest of the network uses EIGRP, so the datacenter switch and the PA firewall will need to b

...

Blocking youtube

How can I properly block youtube, because it's bypassing a PA-3050 on port 443 (https://)?

Resolved! Policies >> Security

Unsure quite how to phrase my question. Under Policies >> Security:

I have a Rule way at the top for McAfee ePO; tcp; port 8443.

Settings that I have set are:

Source Zone: Trust Source: IP address for a specific internal host

Destination Zone: Un

...

Resolved! PAN response to: Attacking Next-Generation Firewalls: Breaking PAN-OS ?

So are there any response available from PAN regarding the topic which you can read below?

Like when are updates scheduled to be released, any mitigations you can perform before updates are available etc?

Or are they already disclosed (and fixed)

...

Some Users not Mapping in User-ID

Hi All,

I'm currently experiencing some issues with user-id mapping. Some users are not being mapped to IP addresses.

Current setup: I have 3 domain controllers - all have Service Accounts with correct privileges. They are also showing as 'Connecte

...

Did Factory Reset a PA-200 and system now automatically reboots in Maintenance Mode

Hi all, maybe someone can help me with this.

Just did a factory reset on a PA-200 via maintenance mode (via console) and now system reboots automatically in maintenance mode.

I followed instruction from here:

https://live.paloaltonetworks.com/t5/Mana

...

Resolved! Applications On Non-Standard Ports

It's perfectly possible I'm being unusually dumb here, but I can't see an elegant way of allowing application usage on non-standard ports - for example ssh on tcp/32777. The obvious way of doing it is to allow a rule that allows appid:ssh on service:

...

visualize custom regions on traffic/threat map

Is it possilbe to show custom regions with gps coordinations on the threat/traffic map with the correct gps coordinates?

We have set custom regions for departments with private subnets and gps coordinations.

In the traffic or threat map we can only se

...

NAT question when migrating config.

Converting config from Nortel Connectivty switch to PA200.

3 interfaces

untrust - public ip - 202.3.41.0/28

trust:private ip - 10.10.10.0/24.

dmz-203.4.42.96/28

There is one to one mapping of few untrust ip to trust ips( to access trust ips from ou

...

Moving a VSYS from one PA device to another

Hello

Question here , how can we move a VSYS from one device to another ? please note that in this scenario we cannot backup everything a restore on target since target is running other things that need to be running .

Any ideas ? what are important th

...

Microsoft Remote desktop service server with captive portal on PA200.

Hi

PA200 PANOS-7.03

Working Production Config:

I have captive portal working with local users. User are in 4 groups (1 to 4) . There are 4 url profiles(1 to 4) associated with 4 local user groups. When user tries to go to any site via browser he get

...

Resolved! Global Protect Traffic is being blocked to Trust Zone, after 10-15 minutes i set up the client.

I have an issue with my Global Protect Client when i set up to my PAN Firewall.

Version Client Global Protect 2.3.3-5

Version PAN 6.0.8

I have Zone Global Protect that all my users-clients GP are defined, I connect through the Untrust Interface that

...

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! .yml file: PA device password in clear text

Resolved! VMware ESXi 6.0 and PA VMs

Resolved! NAT and Security Policies, PBF Failover and Symmetric Return - Dual ISP

Resolved! OSPF pocket in an EIGRP network

Blocking youtube

Resolved! Policies >> Security

Resolved! PAN response to: Attacking Next-Generation Firewalls: Breaking PAN-OS ?

Some Users not Mapping in User-ID

Did Factory Reset a PA-200 and system now automatically reboots in Maintenance Mode

Resolved! Applications On Non-Standard Ports

visualize custom regions on traffic/threat map

NAT question when migrating config.

Moving a VSYS from one PA device to another

Microsoft Remote desktop service server with captive portal on PA200.

Resolved! Global Protect Traffic is being blocked to Trust Zone, after 10-15 minutes i set up the client.

Upgrade from version 10.2.7-h8 to 10.2.11-h2

IPSec setup with certificate

UNABLE TO PING MANAGEMENT INTERFACE FROM LAN

Site flagged as GRAYWARE Please Help!!

HA State is "not sycned" even though Sync Task is completed on Peer (Passive) Gerät)

Re: User ID agent not starting.

🚀 Join us at Palo Alto Networks Headquarters for Ignite - November 14, 2024 🚀

Re: Sofware Upgrade broken? "An active license is required for this feature"

Re: Cannot see Dynamic IP lists

Recommended PAN-OS version

Unlock your full community experience!

Resolved! .yml file: PA device password in clear text

Resolved! VMware ESXi 6.0 and PA VMs

Resolved! NAT and Security Policies, PBF Failover and Symmetric Return - Dual ISP

Resolved! OSPF pocket in an EIGRP network

Resolved! Policies >> Security

Resolved! PAN response to: Attacking Next-Generation Firewalls: Breaking PAN-OS ?

Resolved! Applications On Non-Standard Ports

Resolved! Global Protect Traffic is being blocked to Trust Zone, after 10-15 minutes i set up the client.