General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Application Blocking

Dear PAN Discussion Forum,

I come to you in dire need of assistance. There is a battle going on within my network realm. A battle that we are losing. Some of my people have been mislead by downloading the Torch Browser application, and are now infecte

...

Resolved! Blocking Facebook for a group of USERS

Hello To All,

We've a PA-500 which is linked to the AD. The idea is to block Facebook for a group of users.

The thing is when those users will be logged (login and password), the AD update the PA-500.

To block facebook for those users, What should be do

...

Android VPN Split Tunneling

Hi,

I have problems with Splti tuneling and Android devices using preinstalled VPN Android client. There is a workaround to solve it ?

Regards, Jorge Goya.

Resolved! Upgrade cluste A/P and panorama

Hi, we have to upgrade a cluster active/passive and a panorama of this cluster. which are the steps to do these upgrades???

1)upgrade the cluster like usual and then upgrade Panorama???

2) first update the Panorama and then the cluster????

advices...

tha

...

Resolved! PaloAlto firewall is sending system alert

Dear All,

PaloAlto firewall is sending system alert saying "PAN-DB url filtering has expired" . But the i am using only "Bright cloud" url filtering license.

Please suggest.

Regards

Satish

Upgrade 5.0 to 6.1

Firewall device has two disk partitions:

Partition 1 => 5.0.X

Partition 2 => 5.0.Y (current active version)

When you install now 6.0.X, it will overwrite 5.0.X

So after reboot Partition 1 will be active. Then you install the next update to 6.1.X, this wi

...

Configuring Prelogon for GlobalProtect

I'm having a heck of a time getting prelogon working for global protect. I have spoke with both Palo Alto support, as well as a vendor that is a Palo Alto partner. Neither were really able to answer my questions.

Here is what I have today. Two Palo

...

Change HA from A/A to A/P - techniques and known issues?

I have two PA-500's in Active/Active.

We do not need to have them in A/A (in hindsight, it was a mistake) because we do not use asynchronous routing or meet the other typical A/A criteria. I think we are paying for that mistake, as you'll read below.

W

...

Resolved! User-ID for DNS

We have a server that has no body logged into it and all the DNS traffic from that server is showing as a certain user sending the traffic. Is there anyway to exclude this server from User-ID or another way to remove the user from this traffic?

Resolved! GlobalProtect User Information

Hi,

Is there a way to see Global Protect tunnel statistics in either Panorama or the firewall itself? I'm looking for bytes in, bytes out, packet in, packet out statistics. The statistics are viewable from the client side if you open up the Global P

...

Resolved! Cleaning up rules

So, I, like a number of people, converted from Cisco to PAN. We had a consultant in to help with the conversion, and he was assisting with the rule cleanup. However, a) a lot of rules came straight across as it was time-critical, so they are servic

...

How can I see the session information (interface and ip details) of dropped packets because of ip spoof protection?

thanks,

Emma

Resolved! Restart daemons/services

Is there a way to manually restart daemons and services in the CLI?

I have a box with sslvpn configured. The sslvpn suddenly stopped working and the portal page doesn't load. I double checked the config and the traffic logs show the traffic as being a

...

Error: Certificate failed to load: invalid certificate chain

Hi there,

I generated a CSR with PAN-OS 6.1.3 and submitted it to our Microsoft AD CA with subordinate CA template. After uploading the certificate it shows up under the root CA certificate of our domain. But when commiting the changes I get an "Error

...

How to forward traffic (URL) to a syslog server?

The $misc variable can only be used for Threats?

How to register the URL in syslog server?

CEF Key Name: request

Full Name: requestURL

Data Type: string

Length: 1024

Meaning: URL or filename for threat logs

Palo Alto Networks Value Field: $misc

from PANOS_6

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free