General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

PANOS 71.2 GLOBAL PROTECT 3.0.2 Gateway Protocol error. Check server certificate

Hello,

I'm using GP 3.0.2 on a Win7 PC (PAN OS 7.1.2).

I'm getting error 'Gateway x.y.z: Protocol error. Check server certificate.' error message.

I have already reinstalled the client on my computer. Same error message.

My colleguea, using WIN 10

...

Cipher suites decryption 7.1

Hi guys,

Configuring inbound SSL inspection on 7.1, decryption does not work with the newly supported cipher suites shown in the document below.

https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Articles/PAN-OS-7-1-Supported-ciphers/ta-p/71969

On

...

Virtual System licensing question

Hi guys,

I have never installed a virtual system so I am wondering how licenses for the Antivirus, URL filter etc are applied, are these applied to the base firewall or do we need to get a license for each virtual firewall hosted on the virtual sys

...

SSL decrpytion and TeamViewer

I was wondering if TeamViewer uses certificate pinning so I tried to decrypt it. I've set a simple decrypt rule to decrypt everything from one IP going to internet. But the rule doesn't seem to work for TeamViewer. All SSL sessions are decrypted but

...

How to Remove Configuration Lock

Hi,

How can we remove the configuration done on PAN by other admin, which has not been yet committed, but shows up on the configuration locks?

Best regards,

B.

No User ID in traffic logs (unless I filter soruce user afterwards) and User activity report blank

Has any one expereinced any issue to where the ACC shows source user-id but when ser report is ran its blank? Equallu I do not se user name in Traffic logs but when I filter by source user the name shows up. I tried restarting agent and everything

...

Dangers of creating a permiscuous IPSec VPN ( responder only) VPN

We have a business partner that wants to create an IPSec VPN tunnel with our PA-5050 using pre-shared keys, but they don't want to provide a Public IP address for us to peer with. Their other clients configure the remote peer address of 0.0.0.0 basi

...

What Firewall Change Management software is working with a PAN ?

Hi,

Is there anyone that can tell me which Firewall Change Management ( Skybox, Tufin, Algosec,.... ) is REALLY working with a PAN ?

Most of them claim they can do it, until you test it... nothing works...

Some of them announce PAN support for next year

...

Resolved! DAGPusher and DAG

Luigi,

Can you confirm DAGPusher name should match tag for DAG in PAN-OS? I can't have the DAG updated with Minemeld indicators

Thanks

Bertrand

Resolved! application incomplete no internet access

Hi Guys,

We are seeing the traffic for the new subnet we added recently are coming as incomplete and need some help to troubleshoot this.

Cheers,

Mykhaylo

incomplete traffic no internet access.jpg

palo alto vm

Can somebody help me with the network adapter settings for palo alto vm?

Resolved! Site-To-Site VPN to VMWare VShield Edge?

Greetings all.

We're in pre-deployment for our firewall and I'm attempting to get an Site-To-Site VPN tunnel set up to our VShield Edge setup in the cloud. I have a tunnel established but we can't seem to get anything across it.

Troubleshooting

...

Resolved! Per port session TTL

Hi,

Am I correct when I state that a PAN firewall cannot set different timeouts per used port?

Fortigates and Junipers seem to have this option, where they can set their defaults and specify -if required, for certain ports.

On a PAN device, I don't thi

...

PAN OS 7.1.2

Just updated the FW to PAN OS 7.1.2. The UI looks very mordern !

The ACC page has been re-designed , looks better, is there any way to customise the panes ?

Single AD Forest Multiple Domains with Group Mapping & Global Protect

Does anyone have any best practives on how to configure Multi-Domain authentication with Global Protect? I see how to map/sync groups in multiple domains in my forest, but not entirely sure the process for the Global Protect end. Right now I am usi

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free