General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

How to drop new SSL sessions when limit is reached in 6.1.X?

We'd like to drop any new SSL sessions if the system has reached the SSL Decrypted Session Limit.

This page, How to Implement and Test SSL Decryption, says to run:

> set deviceconfig setting ssl-decrypt deny-setup-failure yes

but it doesn't seem to be t

...

How to Avoid Remote SSH Scan

Hello

I have a lot of events "deny" followed by other "allow"; All of these to port 22 (SSH) from remote host to several IP(s) in my Untrust and DMZ Zone.

<14>Jun 24 04:01:17 fw2orgt 1,2015/06/24 04:01:16,0003C102047,TRAFFIC,drop,0,2015/06/24 04:01:16,

...

Local user passwords problems with GP after upgrade PAN OS

Hi, I've just migrate from PAN OS 5.0.10 to 6.0.7 and GlobalProtect users have got problems with login. They had the password saved on their GP agent, but connection was refused and users were blocked due to intensive login attempts. We're using loca

...

Resolved! Reset an interface to initial state of Not configured

Hi,

just starting up with my first PaloAlto device, and have a simple question for which I don't seem to find a solution in the documentation. By default, the interfaces of a new firewall are are unconfigured, i.e. the GUI shows their status as "not c

...

Resolved! Zone protection email notification?

Hello

I would like to get email notifications when Host Sweep/TCP Scan and other events related to the zone protection is triggered.

Any way to forward them to email?

Resolved! Does or when will Palo Alto support IKEv2?

I am just trying to confirm if Palo Alto supports IKEv2 at this time.

Thanks

Resolved! ECMP

Hi - is it possible to do ECMP (equal cost multi-path routing) using static routes? If not - is it possible to achieve ECMP using OSPF on the PA4050. We have a need to load balance the default route out of a PA4050 over multiple L3 gig interfaces (th

...

PA blocks spyware - identify compromised computer

Hi there,

we're running the following setup:

trusted zone | DC zone | Internet

Client/Proxy/some old DNS Server| DNS Server| Internet

I see that the PA is blocking malware traffic (app DNS). But the attacker is either the proxy, asking the DNS in the DC

...

Resolved! is it support ECMP protocol ??

Hi all.

Is it support ECMP protocol from PAN??

I can’t find whether ecmp protocol support from datasheet and knowledge base.

does PA has any other similar protocol if not support ecmp??

Please refer to below URL for ECMP.

http://en.wikipedia.org/wiki/E

...

Resolved! How to configure ECMP Equal Cost Multi-Path Between Palo Alto And Cisco

Is it Possible to achieve ECMP between a cisco router and a PA-2000 series running PAN-OS 4.1.7

If Yes Can somebody point me to the right direction.

Thank You

802.1q tagged sub-interfaces on PA-500 v6.1 not working

I'm trying to consolidate multiple Layer3 interfaces into a single Layer3 interface using subinterfaces and VLAN tagging, but it's not working.

I'm hoping someone can point out the error in my configuration.

The current working configuration:

FIREWALL
et

...

Gp Configuration

Hello Friends,

We want to configure our Remote VPN (Global Protect ) on two ISP and we should be able to manually switch the gateway at client end and no Lic is required for that?. Please suggest.

Regards

Satish

HTTP Header - Logging NTLM Username

My PA firewall inspects traffic between my users and proxy server. The proxy server provides NTLM authentication. Is there a way of logging the NTLM authenticated username within the http headers?

Replace a device (s/n) in Panorama Policy with an RMA s/n

Hello -

Wondering if anyone has come across this issue. We recently had to RMA one of our firewalls and we have a fairly extensive / complicated policy set in Panorama which consists of the following:

Shared Pre Rules targeted to specific firewalls

...

Resolved! GlobalProtect Agent Question

I am configuring GlobalProtect and have a question concerning the Agent software. For security reasons, I configured GlobalProtect in "On Demand" mode for Remote Customers and do not allow the customers to view the Advanced View or save their logon

...