General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

I've noticed an incomplate request to 111.111.111.111

Hi Guys,

On PAN's Monitor tab i've noticed that one of our hosts(user's computers) send periodically some packets to 111.111.111.111 and receive any packets.on Application tab it stays incomplete!what is the shit?Did anyone have the problem like this?

...

Is there a similar service like IP SLA so the firewall can change default routes as a result of a certain condition

I was just curious...if I have 2 internet feeds but am not peering - I use ip/SLA to guanratee service. If a ping to 4.2.2.2 fails, it drops the current default route and the other default route with the higher AD is the active default route.

Is ther

...

DNS not DNS? Strange UDP 53?

I am seeing a huge amount of traffic outbound from my DNS server that seems to be being dropped by the firewall. Its being dropped because my application rule says "allow DNS server to talk DNS to the internet", it doesn't match that (because its not

...

Resolved! AD Group for Authentication

Let's say I have 150 users in an AD group and I need to give them all login access to my Palo Alto device farm. How do I do that?

Inconsistent documentation on zone protection

Hello,

Palo Alto's documentation is inconsistent on the behavior of flood protection when it is applied by a zone protection policy.

1) "Threat Prevention Deployment Tech Note - Version 2.0 RevA", page 44 says that the zone protection based flood prote

...

Resolved! Source and Destination NAT at the same time

Hallo

Before going to my question, please assume the following scenario:

There is a Non-Palo Alto Firewall in internet (lets call it FW-Extern). There is another Non Palo Alto Firewall inside my network (lets call it FW-intern). The FW-Extern initiates

...

Pa VPN IPsec

Hi,

i have a question regarding the VPN IPsec on Paloalto , is palotlo must be in front end when configuring the PA

Regards,

Sarah

Resolved! URL filtering - incosistency with online BrightCloud database

Hello.

A while ago website www.rk-celje.si was recognised as malware-site. But in last couple of months the website seems to be clean and online BrightCloud lookup (URL/IP Lookup | Webroot BrightCloud) recognises it as 'Trustworthy' and categorizes it

...

i created a policy to allow 1099 and 9002 for many servers. but it is working for few servers only not for all and few 1099 is working but not 9002.

Resolved! Sophos HIP Requirement for GlobalProtect

Trying to add Sophos End Point Security and Control as a HIP requirement to be installed for users connecting with GlobalProtect. Sophos End Point Security and Control is not showing up as a vendor in the list. Sophos Antivirus is in the list but is

...

Resolved! IPS - new signature's action set to default instead of the action specified in rule

Hello.

I have a general IPS profile with a rule (named block-crit,high) which includes all signatures with severity 'critical' and 'high'. Action for the rule is set to 'block'. I have automatic updates on for IPS signatures. Yesterday a new signature

...

Scansafe to PANDB URL Category Mapping

Hi All,

I'm searching for the mapping between Scansafe and PANDB URL categories.

Scansafe categories to be found here:

Web Filtering Categories - Cisco

Thanks for any input you can provide.

Stijn

Response Pages Customized not working

Hi,

i have customized a response page for application blocking. I have uploaded my customized page in "shared" and enabled But i try to access to any app not allowed like facebook and the page is not being showed...

my PANOS is 6.0.4

thanks

opaque: "Disk usage exceeds limit, 98 percent in use, cleaning filesystem"

Hi Guys,

What should i do? who can help me?

Thanks in advance

Global Protect DHCP

What setting in the GP gateway determines how long a DHCP address is reserved for?

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

I've noticed an incomplate request to 111.111.111.111

Is there a similar service like IP SLA so the firewall can change default routes as a result of a certain condition

DNS not DNS? Strange UDP 53?

Resolved! AD Group for Authentication

Inconsistent documentation on zone protection

Resolved! Source and Destination NAT at the same time

Pa VPN IPsec

Resolved! URL filtering - incosistency with online BrightCloud database

i created a policy to allow 1099 and 9002 for many servers. but it is working for few servers only not for all and few 1099 is working but not 9002.

Resolved! Sophos HIP Requirement for GlobalProtect

Resolved! IPS - new signature's action set to default instead of the action specified in rule

Scansafe to PANDB URL Category Mapping

Response Pages Customized not working

opaque: "Disk usage exceeds limit, 98 percent in use, cleaning filesystem"

Global Protect DHCP

Template- Variable CSV greyed out

Can't find the "Republic of Kosovo" in the "Firewall Region Code Legend"

Device - certificate based authentication

Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

Wildcard URL for Non-HTTP/HTTPS traffic

Re: Allow all web addresses with .gov and .edu extensions

Re: Wildcard URL for Non-HTTP/HTTPS traffic

Re: Howto delete sub-interace from cli

Re: SSL Inspection issues with GlobalProtect users

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Unlock your full community experience!

Resolved! AD Group for Authentication

Resolved! Source and Destination NAT at the same time

Resolved! URL filtering - incosistency with online BrightCloud database

Resolved! Sophos HIP Requirement for GlobalProtect

Resolved! IPS - new signature's action set to default instead of the action specified in rule