General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! Unable to boot PA-200

Hello,

wondering if anyone is able to assit how to fix this issue. I am unable to boot PA-200 into normal operation.

Nothng is happenig after reload; it sits on console and not turning on a login prompt.

Appreciate your asisstance.

Skipping PCIe po

...

Resolved! Imported Check Point config shows objects and nats, but no rules - Migration tool v3.1.1

I'm importing a Check Point config into the Migration tool, v3.1.1

I see the imported objects and nat's ok, but the rules page is empty and says "no data to display" in the bottom right.

I chose the files objects_5_0.C, rulebasename.pf, rulebases_5_0

...

Using expect script to automate building firewall templates in Panorama

Hi Community,

I have been struggling with this for weeks, and have tried various means, including setting the Panorama CLI parameters. However, I always get random results, which ends up either the cmdline was entered prematurely or truncated. A supp

...

What is the "Any" URL Filter Category

I am seeing a handlful of Blocked URLs, with a Category of "Any".

Just wondering what that is and why I might be getting them.

Is it the same as "Unknown"?

I do not have a URL Filter Category named Any.

Thanks

Integrated User-ID Agent vs. Windows Service?

We're running 5.1 right now and plan on upgrading to 6.1 over the next couple of days.

Historically we've used the Windows User Agent on two of our domain controllers, but today I switched to the on-board Integrated User-ID Agent and set it up, and ot

...

Is SSL decryption will increase the number of sessions?

Hi Team,

My doubt is that,..doing SSL decryption will increase the number of sessions?

example : if i access gmail there will be one tunnel established to the server (gmail) inside which text chat, video chat, other apps will be there.

Now if i enable

...

Resolved! URL filtering

Who is using URL filtering? Is it worth the added cost? Is there any way to do it without the license?

Global Protect not connecting

Hi Community,

For the past 2 days PA's globalProtect is really becoming a headache for me. PA is becoming pain for me on these days.

It won't connect, stated as not connected, sometimes it stuck at "Connecting", and if that's the lucky hour, it will co

...

<deleted>

Resolved! DNS sinkhole log action ons DNS rule

https://live.paloaltonetworks.com/t5/Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891 explains how to configure DNS Sinkholing.

In step 3 the anti-spyware profile is added to the security rule that allows DNS traffic.

Does logging (at session end) ne

...

Resolved! Best Practice for insufficient-data

Hi all,

What are you doing with traffic identify as "insufficient-data"?

I know we are supposed to do pcap and trying to identify if then create custom app but ... on real life 

Although you have created a rule for denying all, insufficient-data stil

...

Except Specific IPs from port scan detection / Zone Protection

I have a highly regulated environment with multiple internal security zones. We need to be able to run our vulnerability scanning solution against servers in separate zones on a routine basis.

It was simple to exempt the scanner's IP from the Threat P

...

NAT DIPP fallbacks

Hi there

Im seeing NAT DIPP fallbacks quite a lot relating to a NAT rule, theres does not appear anything not working so im wondering if its somehting that im not noticing work. Ocasionally it feels more sluggish that it should when browsing web pag

...

Resolved! PANOS6.0.5 Inbuilt CA can't generate a certificate with UPN (user principal name) attribute?

PANOS 6.05 inbuilt PAN certificate authority doesnt seem to have the ability to generate a certificate with subjectalternate value for UPN (user principal name e.g user@domain.local ).

This is the standard way that Microsoft embeds usernames (UPN fo

...

Runtime bandwidth shows more than maximum egress

Hi ,

Runtime bandwidth shows more than maximum egress value ? . What could be the reason

Thanks

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! Unable to boot PA-200

Resolved! Imported Check Point config shows objects and nats, but no rules - Migration tool v3.1.1

Using expect script to automate building firewall templates in Panorama

What is the "Any" URL Filter Category

Integrated User-ID Agent vs. Windows Service?

Is SSL decryption will increase the number of sessions?

Resolved! URL filtering

Global Protect not connecting

<deleted>

Resolved! DNS sinkhole log action ons DNS rule

Resolved! Best Practice for insufficient-data

Except Specific IPs from port scan detection / Zone Protection

NAT DIPP fallbacks

Resolved! PANOS6.0.5 Inbuilt CA can't generate a certificate with UPN (user principal name) attribute?

Runtime bandwidth shows more than maximum egress

SSO Palo Alto Support Portal

IPv6 on public interface

Template- Variable CSV greyed out

Can't find the "Republic of Kosovo" in the "Firewall Region Code Legend"

Device - certificate based authentication

Re: Allow all web addresses with .gov and .edu extensions

Re: Wildcard URL for Non-HTTP/HTTPS traffic

Re: Howto delete sub-interace from cli

Re: SSL Inspection issues with GlobalProtect users

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Unlock your full community experience!

Resolved! Unable to boot PA-200

Resolved! Imported Check Point config shows objects and nats, but no rules - Migration tool v3.1.1

Resolved! URL filtering

Resolved! DNS sinkhole log action ons DNS rule

Resolved! Best Practice for insufficient-data

Resolved! PANOS6.0.5 Inbuilt CA can't generate a certificate with UPN (user principal name) attribute?