General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Create Certificate CA for server RADUIS

Dear engineers.

I could help I have the following questions:

reviewing this document.

https://live.paloaltonetworks.com/t5/Configuration-Articles/Captive-Portal-Using-Transparent-or-Redirect-Mode-in-Vwire/ta-p/66125

My question is how I certificate, try

...

Resolved! Dual ISP Branch Office with PA HA (2 PA with HA Configured

I see examples of using 2 ISPs with one PA. I also see that senario with Global Connect, Lad Balancing and IPSec Tunnels. However, I do not see where it states these types of senario's can be used in a PA-200 HA senario. Can anyone shead some light o

...

Resolved! Palo Alto Configuration Using CLI

Hello,

My question is as follows:

If I make changes (ruleset, objects, etc.) from the command line, how do I get those changes to show up in the GUI? What if by chance someone else is working in the GUI; what happens to my changes if a save and commi

...

Resolved! PAN 0S 7.1.1 Mode active/passive Still Display Not Synchronized

Hello

After Upgrading To 7.1.1 The 2 devices PA-500 mode Active/Passive. The display keep Not Synchronized.

The command -show job id x- for HA sync display OK (no warnings).

The command -show high-availability state-synchronization- show all synchron

...

Revert back a 6 OS from 7 OS

Has anyone had to revert back from an upgrade? Especial from 7 OS from a 6 OS? If so how did you do it and how easy was it? I am preparing to move from 6.1.10 to 7.06 and I want to make sure that I cover every possible scenario. Luckily I have a sec

...

Resolved! Incomplete application matching app-id rule

I have a rule matching for ms-update app-id, but when looking at logs I see sessions hitting the rule that have an imcomplete application.

How is this possible?

about ssl decryption error

Hi there,

recently we have implemented ssl decryption in our network , But Chrome comes up with "ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION"

Resolved! VPNC + PAN-OS 7.1

Does anyone use vpnc (As in the linux ipsec client) with xauth connecting to a PA?

We have a bunch o' PA's which we are in the middle of upgrading to 7.1 however once an upgrade from 7.0.6 to 7.1 is done, VPNC will no longer connect. Downgrading ba

...

New to the Palo Alto platform and have a migration question

I am fairly new to the company I work for and have inherited a network that has two ISP's with two firewalls. One firewall is an older ASA and the other is a small Sonicwall.

I have pretty good experience with the ASA platform. However, the Sonic

...

What's the best way to permit app on non-standard port?

For instance, web browsing on port 8080. I don't want to just set the service as I also want to use port 80 and there are other apps in the rule and I'd like to use app-default as the service.

I defined a custom app with web-browsing as the parent

...

Resolved! DNS Sinkhole question

Can DNS Sinkhole be done with Vwire configuration or does it need to be Layer 3?

Behaviour app override

Hi, we are having an issue using app override.

1) We have created a custom app for Oracle (without timeout). Using these ports: tcp1521-1541.

This is the config

This is the app override policy:

This is the security policy (app any and ports

...

Clearing Traffic Log

Running 7.0.6 on 7050's I cleared traffic logs and lost connectivity to management sever and took about 30 min after restart of mgmt sever for traffic logs to reappear . Is this normal. Which log file has info on managemt disconnect files/reason info

...

system alert high opaque: websrvr: Exited

After we upgraded from 7.0.6 to 7.1.2 in one go we started receiving this error message. Does anyone know what causes this ?

We are running active/active on 3050's

domain: 1
receive_time: 2016/06/02 10:25:41
serial: 001701002580
seqno: 2017446
action

...

Feed of one EC2 Availability Zone

Is it possible to filter down the Amazon EC2 feed to specific availability zones (just us-east-1 or eu-west-1)?

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free