General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! Default Behavior of QoS

Hello All,
Quick question on the default behavior of QoS on the firewalls. Do interfaces on the firewall assume the QoS profile of "default" if I don't specify a QoS profile for the interface? The heart of my question is if I change the guarenteed a

...

Difference between soft lifetime and hard life time in IPSEC VPN

Could someone help me understand Difference between soft lifetime and hard life time in IPSEC VPN

6.1+ update stops tagged interfaces from working

I tried updating a PA3050 HA active/passive setup from 6.0.10 to 6.1 to eventually go to 7.
The update works for both devices, everything seems to be working like it should, except for the tagged subinterfaces of the aggregated interfaces. They simply

...

Resolved! IP address not displaying correctly

I created a user account that so that the helpdesk can monitor the traffic and threate logs on the palo alto but not make any changes. But when I open up the traffic and threat detail instead of showing the exact IP address for the source and destina

...

Resolved! Random denial

What would cause traffic that is allowed through one rule to be denied by a rule below it. Shouldn't it just go through the rule allowing it and not even go any further.

Odder even still is that traffic is not always denied sometimes it does pass thro

...

Temporarily Disable SSL Decryption doesn't work since 7.0.1

It seems that the cli command "set system setting ssl-decrypt skip-ssl-decrypt yes" doesn't work on PAN-OS 7.0.1. The decryption wouldn't temporarily disabled, nothing happens!?

Has anyone the same problem?

Resolved! How to configure the blocking period for a bruteforce vulnerability

Is there a way to set the blocking period for the block-ip action for a certain bruteforce vulnerability?

From our logs this seems to be fixed at 5 minutes - I would like to set a longer blocking time for certain bruteforces going on.

Thanks!

Resolved! Android VPN - Autoconnect

Hi,

does globalprotect android app support autoconnect without the need to have a globalprotect mobile security manager ?

Thanks

How to work about multiple User-ID Agent in an appliance ?

Hi,

I have 3 domains in different locations (US, CN, TW) each one have its own User-ID agent.

We deployed PA-3020 in each location and each one had set those 3 User-ID agents in the User-ID Agent configuration.

If a user account belong to US and it lo

...

Resolved! Palo Alto scanning with Nessus

Hello,

Does anyone else out there scan their firewalls with Nessus? Just curious if you have some other definitions defined other than what tenable has listed on their support site. I've tried google but its not helping much.

Thanks in advance!

Safe Search Enforcement - Office Clip Art

I don't know if anybody else has seen this, but we have safe search enforcement turned on (and I don't plan on turning it off) and Microsoft has moved all the clip art to Bing. When you try to add clip art from within MS Word and search for "cat" the

...

How to host on a dynamic ip?

hello,

i have attempted to create a rule that will allow me to host a SSLVPN device on my DMZ but the only way I was able to connect is to place the external IP (static) in the rule. The problem is that i rely on a dynamic ip system and it will change

...

Resolved! Pull AppID descriptions via API

Hello,

is it possible to pull the AppID descriptions from Panarama, firewall device or https://applipedia.paloaltonetworks.com/ in a way to use it in a "firewall change request" system?

Tagged subinterfaces configuration on L3 mode

hello;

we work on our organisation to do the migration of the configuration from another firewall to the palo lato networks PA-500 . With the recent architecture the segmentation of the networks is in the switch . But now , we like to do this segment

...

Resolved! PA doc regarding migration tool instructions for Check Point is missing its attachment

The Migration Tool manual v3.1 says:

“To understand what options we have to active when we migrate from Checkpoint please read this document first: https://live.paloaltonetworks.com/docs/DOC-9418”

But when I go to that doc, it actually has no attachme

...

Discussions