General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! PA-500 6.1.4 Policy and URL filtering

Hi,

I have very big problem with my firewall. I have a few URL filtering rules which I block some of sites.

Example:

1. Allow social network(linkedin) block youtube -> name AllowSN

2. Allow youtube block social network(linkedin) -> name AllowYT

3 an

...

PA 500 stop sending reports automatically by email

Hello,

After upgrading two cluster of PA500 to 7.0.1, customized reports cannot be sent automatically using email.

Using the 'Test send email' is working so it's not an issue with the config. The device stop sending the reports after 18 days...

Regard

...

VLAN with Palo Alto Networks PA-500

Hello,

We need to set up a VLANS in the office with the PA-500 but we don't like to change our address. It's possible to configure a VLANs with MAC address or protocole with PA-500?

Thanks

Custom Vulnerability Signature. Is this limitation correct or is a fail?

Hello

I've been trying to create a custom vulnerability and I have encountered this limitation:

Currently in Threat Database Vault 529 version there are 50 signatures for PHP.

I'm trying to add all PHP signatures and this message appears when it excee

...

Is it possible to configure dynamic load balancing using Routing protocols for below shown topology?

Hi All,

Is it possible to configure dynamic load balancing using Routing protocols which are supported by PaloAlto?

Requirement : We have total 16 MB line ( 8 MB from Aircel ISP and 8 MB rom TATA ISP ). We are looking to balance the load on both isp

...

IPSec VPN issue

Hi All,

We have configured IPSec VPN between PAN and AWS.

When i iniate the tunnel, IPSec and IKE SA installed successfully as a initiator.

then, IKE protocol IPSec SA delete message sent to peer. SPI:0x...

After a second, IPSec key deleted. Del

...

HA Upgrade

I found this link on the knowledge base

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Upgrade-a-High-Availability-HA-Pair/ta-p/57081

Has anyone used this method or any other method that they would like to share. I am currently at 6.

...

Resolved! LDAP Server Update DHCP from GlobalProtect

Hi all,

As you may know: When a client is connected on GlobalProtect, they are assigned a dynamic IPv4 Address, not static.

In my situation, I have about 100 GlobalProtect clients. When the client connects for the first time, they are require

...

How to trigger a message when a particular DENY rule was hit?

Hello,

is it possible to trigger a message (whatever), when user hit a deny rule?

Roman

Resolved! Report User activity and Custom not show apps and traffic info

Hi, we are generating user activity reports and custom reports, and in the TRAFFIC colum and APPs colum we cant see anything. We PA is not taking/showing this kind of info in reports????

Version is PA 5.0.11

Getting .merged-running-config.xml from a version 7.0.2 firewall?

After upgrading a Panorama-managed firewall from 6.1.x to 7.0.2, a generated techsupport file no longer contains the .merged-running-config.xml as described in doc-7904. I need to obtain the merged configuration from a firewall managed by Panorama,

...

Resolved! VPN s2s with Juniper ScreenOS with multiple networks on PA side

Hello

I have to connect by ipsec vpn PA200 PANOS6.1.6 with NS5GT 6.2.0r15 ScreenOS.

Problem that I have is that clients behind NS must have access to two LANs on PA and to internet throuth tunnel.

LAN_A———

LAN_B——— PaloAlto……….tunel_IPSec………………Netscree

...

SSL Decryption Woes

Hi,

I am not able to get to https://platinum.netnames.com/ with SSL decryption on, on PAN 7.0.1 / PA-3020 (IE11 / FF40 == TLS failure). Also, speed seems capped to 3Mbit/s with some CDNs (S3 AWS). Am I missing something?

thanks.

Nested groups problem

Hello all,

3 domain and single forest.

(root domain) named as domainA and domainB and domainC

we created 3 LDAP profile for each domain.

we can see members from all domains.

we can see groups for each domain also.

But problem is, if we create a group n

...

TCP Echo Service on an interface

Hi all,

Is it possible to get an interface to respond to the TCP Echo Service on Port 7 via a management profile or some other way?

I don't mean a ICMP echo request (Ping) but what's described here

https://en.wikipedia.org/wiki/Echo_Protocol

ht

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Resolved! PA-500 6.1.4 Policy and URL filtering

PA 500 stop sending reports automatically by email

VLAN with Palo Alto Networks PA-500

Custom Vulnerability Signature. Is this limitation correct or is a fail?

Is it possible to configure dynamic load balancing using Routing protocols for below shown topology?

IPSec VPN issue

HA Upgrade

Resolved! LDAP Server Update DHCP from GlobalProtect

How to trigger a message when a particular DENY rule was hit?

Resolved! Report User activity and Custom not show apps and traffic info

Getting .merged-running-config.xml from a version 7.0.2 firewall?

Resolved! VPN s2s with Juniper ScreenOS with multiple networks on PA side

SSL Decryption Woes

Nested groups problem

TCP Echo Service on an interface

IKEV2 w Cert - Wildcard peer for DN does not work.

Transferring assets from one CSP Tenant account to another

Proper "outside" interface configuration

Configuring Palo Firewall into an IDS

A question about ECMP

Re: MFA external provider question

Re: GlobalProtect 6.3.3

Re: SPARE device usage

Re: Upgrade path to 11.2.5 from 11.0.0 on a PA-410

Re: Global Protect application blank screen

Unlock your full community experience!

General Topics

Rules and Best Practices

Resolved! PA-500 6.1.4 Policy and URL filtering

Resolved! LDAP Server Update DHCP from GlobalProtect

Resolved! Report User activity and Custom not show apps and traffic info

Resolved! VPN s2s with Juniper ScreenOS with multiple networks on PA side