General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Disabled Vulnerability Signatures: FTP evasion attack (id:30401)

Hello

Could someone explain me why signature FTP evasion attack (id:30401) was disabled in thread update version 453?

This signature wasn't replaced by new one. Bruteforce attacs on FTP serwers still exist and nothing will change in this case.

With rega

...

Resolved! Using Local DB and LDAP for Global Protect

Hi All,

Is it possible to have Local and LDAP users authenticate to the Global Protect Client.

In the GP configuration, I can only choose one Authentication Profile, which is chosen for Local DB.

I tried to configure another GP Portal but I could not us

...

Update routing table based on PING results

Does anyone know if the PA supports dynamically updating the routing table on a PA FW based on PING results? Some vendors refer to this as IP SLA.

thanks

Daniel

Best practices for HA PANs and switch stack

For this scenario, assume a simple setup. Two firewalls in HA and two switches in a stack. Also assume the firewalls are in active/passive. Consider the below setup, each firewall has one physical link to separate switch members of the stack.

In this

...

Resolved! Mask MAC on interface

Does the PAN allow you to clone or mask the MAC address on an interface to one of your choosing?

Voip external server

I'm experiencing an issue with a connection to an external voip server.

Directly attached to a PA-500 ethernet port there is a patton (fxo voip appliance).

Now, I'm allowing any traffic to outside, any application.

When I surf from that interface I can

...

Global Protect - Split Tunnel

Is it possible with global protect and split tunnel setup to have policies applied for url filtering to the local client so that sites can be blocked in split tunnel mode?

show vpn flow: Should "tunnel mtu" be renamed to "suggested tunel mtu"?

Hello,

Can you answer these questions regarding the tunel mtu that appears in the output below?

cstankevitz@PA-500-Local> show vpn flow tunnel-id 27

tunnel Sterling

id: 27

type: IPSec

gateway i

...

Ipsec VPN traffic issue

why we are getting CISCOVPN traffic flow on VPN. please suggest.

Global Protect Client, portal error message: Client Certificate Error

We have upgraded 5 of our BranchOffice firewalls from 6.02 to 6.03 yesterday. All updates went fine except one:

We are going to get an issue as soon as we want to connect via Global Protect to the Gateway. The window "Client Certificate Error" pop

...

Can Throughput Information be Pulled via SNMP for Aggregate Interfaces?

SNMP can be used to get packets per second and bytes per second information for individual interfaces but not for an aggregate interface. Statistics from the individual ports need to be added manually in order to get the throughput of all the interfa

...

Resolved! What difference are between 'user eq' and 'user in' in filter of traffic logs?

Hello,

What difference are between 'user eq' and 'user in' in filter of traffic logs?

I want to see output which is filtered by partial user-ID not full user-ID.

For example, There are as below user-IDs.

SA10001

SA10002

UQ20001

UQ20002

.......

I want to filte

...

PPPoE issue

Hi Support Team.

I have problem with PPPoE on Palo Alto PA 3050

I config with true User and Password.

my ISP reset MAC already.

But PPPoE still failure.

Pls help me.

Thanks

PAN 5050 HA

How do I cable up a pair of PALO 5050's for HA?

Scheduled Reports generate differently.

I have a number of reports we use to generate usage information, such as the top 100 applications used over 24 hours sorted by bytes.

If I run this report manually with RUN NOW, it generates perfectly and everything is sorted like it should be.

If we s

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Resolved! Disabled Vulnerability Signatures: FTP evasion attack (id:30401)

Resolved! Using Local DB and LDAP for Global Protect

Update routing table based on PING results

Best practices for HA PANs and switch stack

Resolved! Mask MAC on interface

Voip external server

Global Protect - Split Tunnel

show vpn flow: Should "tunnel mtu" be renamed to "suggested tunel mtu"?

Ipsec VPN traffic issue

Global Protect Client, portal error message: Client Certificate Error

Can Throughput Information be Pulled via SNMP for Aggregate Interfaces?

Resolved! What difference are between 'user eq' and 'user in' in filter of traffic logs?

PPPoE issue

PAN 5050 HA

Scheduled Reports generate differently.

ECCN and HTS Codes Needed

TCP fast open and Palo Alto

FW Ha Cluster disconnected from Panorama

maximum number of bgp routes for VM-series

Flexible vCPU VM Firewall interfaces are down

Re: GlobalProtect 6.3.3

Re: Flexible vCPU VM Firewall interfaces are down

Re: Data center providing dual ports already in VRRP - my topology?

Re: PAN-OS Release Frequency

Re: Alerts for dynamic updates

Unlock your full community experience!

General Topics

Rules and Best Practices

Resolved! Disabled Vulnerability Signatures: FTP evasion attack (id:30401)

Resolved! Using Local DB and LDAP for Global Protect

Resolved! Mask MAC on interface

Resolved! What difference are between 'user eq' and 'user in' in filter of traffic logs?