General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

attacking site and PAN

Hello

Few days ago I discovered site with some information about VMware Update Manager. I had a problem with it and I was searching for solution.

This site is www.bourgelat.net/cannot-patch-definitions-vmware-19988

I have PA with all licences but PAN so

...

Opt-out page for HTTP ?

We would like to have a web response page that is presented to the user when the user launches their browser for the first time that asks them if they abide by the AUP rules. Basically same concept as the https opt-out page. Is this possible? If so,

...

Resolved! Can't clear session from CLI

Running PANOS 6.0.1. I can't seem to clear a session from the CLI. Just tested on a PA-500 running 6.0.0-b42 and I have the same problem.

Anyone knows if this is a bug?

admin@PA-vm> show session all filter destination 212.x.x.x

-------------------------

...

Disable an IPSec Tunnel

I want to disable an IPSec VPN. I have currently blocked traffic both directions to the tunnel by using a Security Policies, but there should be a way to disable the tunnel in the IPSec configuration (or alternatively, disable the tunnel interface).

...

Resolved! PA-5020 reboots to maintnance mode. No hardware problems... svc: failed to register lockdv1 RPC service (errno 97)

Hello, All!

After unpacking and installing PA5020 in HA Active/Active we could not set up a basic nat - in dataplane packet dump there was an error smth like "Cant create session" after nat and sec.policy applied. NAT and security rules were fine.

Afte

...

Decryption: sec_error_reused_issuer_and_serial

Hey all,

I am having problems with decryption. The PA decrypts https websites, but when I surf to that website a few hours later, I receive the following error in firefox:

I haven't tried yet in IE or Chrome. I have this problem for various websites, n

...

Panorama - Want/Need to move log records from Internal Mount Point to External NFS Mount Point

Question:

Can the log records in the panorama internal storage mount point be migrated (through some process) to the external (NFS) storage?

Thanks

Art

Threats alert

Hello Team,

I have configured the panorama threat alert for one of our firewall and its working fine. Alerts has been configured for High and Critical .

we are getting so many alert from one IP (10.32.100.238) , one of vulnerabilities management device

...

VPNs down when COMMIT the firewall

Hi,

when I commit the firewall all vpns was down

I have palo alto PA-500 with software version 5.0.11

Do you help me ?

tks

Paulo Aun

EU - European Union

Is it possible to view the countries that are included in the "EU" object? When new countries are added to the EU, will this object be updated via dynamic updates or by upgrading?

Does anyone have experience with the accuracy of geo ip on palo alto?

Ki

...

Intermittent SSL decryption issues for some, not all.

My Palo Alto Firewall 2050 running 4.1.16. I am having a lot of intermittent SSL decryption issues. I'm not sure what to do with some of these. An example is https://app.plangrid.com.

I can this site when I have made this change and restart

...

Resolved! ftp export log

Anyone know how to translate this show CLI command into the ftp export equivalent?

> show log traffic src in 10.0.0.0

> ftp export log traffic ?? (assuming query would work)

I would prefer not to export all logs only need a subset.

Thanks,

Monica

Resolved! About a session generated by override rule

Hi guys,

A session generated by override rule that can be applied rematch session after commit configuration successfully? Or not? I guess that rematch session would not impact to session generated by application override rule.

Please let me know above

...

Resolved! Apply policy on a vwire interface in passtrough mode

I want to apply a policy on my vwire interface but i have this error:

Operation Commit
Result Failed

DetailsIn VSYS vsys1 from zone VW-MPLS-Trust of type vwire and to zone UNTRUST of type layer3 are incompatible in security rule Application bloc

...

Disable Inspection for Sip ?

In the ASA you can disable SIP Policy Inspection. In the Junipers I think you disable the ALG. How do I do this in the Palo Alto ?

Firewalls often try to apply rules around the way protocols work which can cause them to break. I dont want SIP to be in

...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free