General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

how to block UNKNOWN url category

how to block UNKNOWN url category on PA 5050.

tddmwwnnowxo.com is unknow url category so PA URL DB allowed into my network. How to block unknown category.

If we block unknown category will it affect any new urls which is not register in PA URL DB

DNS Proxy

Hi,

Can someone post and example of how they set up their dns proxy?

How can I be notified of failed hardware via email, snmp or syslog?

Hello everyone,

We have experienced a FAN failure on our PA-500 and had the red led for the fan and a red fault led (but no idea for how long) - As we wasn't notified of this hardware failure. So my question is how can I set the Palo up to notify me

...

Can I block files by signature?

I had a client ask if I could block files by hash. Without additional information -- such as what protocol, application, host, user-agent, etc. -- it wouldn't be possible to do this with a threat signature, so how else could it be done?

Cheers,

Corey

m

...

Resolved! Panorama doubts.

It is possible to edit a rule placed on the firewall through the panorama, because I can not edit rules coming panorama, directly on the firewall.

How to drop new SSL sessions when limit is reached in 6.1.X?

We'd like to drop any new SSL sessions if the system has reached the SSL Decrypted Session Limit.

This page, How to Implement and Test SSL Decryption, says to run:

> set deviceconfig setting ssl-decrypt deny-setup-failure yes

but it doesn't seem to be t

...

How to Avoid Remote SSH Scan

Hello

I have a lot of events "deny" followed by other "allow"; All of these to port 22 (SSH) from remote host to several IP(s) in my Untrust and DMZ Zone.

<14>Jun 24 04:01:17 fw2orgt 1,2015/06/24 04:01:16,0003C102047,TRAFFIC,drop,0,2015/06/24 04:01:16,

...

Local user passwords problems with GP after upgrade PAN OS

Hi, I've just migrate from PAN OS 5.0.10 to 6.0.7 and GlobalProtect users have got problems with login. They had the password saved on their GP agent, but connection was refused and users were blocked due to intensive login attempts. We're using loca

...

Resolved! Reset an interface to initial state of Not configured

Hi,

just starting up with my first PaloAlto device, and have a simple question for which I don't seem to find a solution in the documentation. By default, the interfaces of a new firewall are are unconfigured, i.e. the GUI shows their status as "not c

...

Resolved! Zone protection email notification?

Hello

I would like to get email notifications when Host Sweep/TCP Scan and other events related to the zone protection is triggered.

Any way to forward them to email?

Resolved! Does or when will Palo Alto support IKEv2?

I am just trying to confirm if Palo Alto supports IKEv2 at this time.

Thanks

Resolved! ECMP

Hi - is it possible to do ECMP (equal cost multi-path routing) using static routes? If not - is it possible to achieve ECMP using OSPF on the PA4050. We have a need to load balance the default route out of a PA4050 over multiple L3 gig interfaces (th

...

PA blocks spyware - identify compromised computer

Hi there,

we're running the following setup:

trusted zone | DC zone | Internet

Client/Proxy/some old DNS Server| DNS Server| Internet

I see that the PA is blocking malware traffic (app DNS). But the attacker is either the proxy, asking the DNS in the DC

...

Resolved! is it support ECMP protocol ??

Hi all.

Is it support ECMP protocol from PAN??

I can’t find whether ecmp protocol support from datasheet and knowledge base.

does PA has any other similar protocol if not support ecmp??

Please refer to below URL for ECMP.

http://en.wikipedia.org/wiki/E

...

Resolved! How to configure ECMP Equal Cost Multi-Path Between Palo Alto And Cisco

Is it Possible to achieve ECMP between a cisco router and a PA-2000 series running PAN-OS 4.1.7

If Yes Can somebody point me to the right direction.

Thank You