General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

VM series promiscuous issue?

Hi,Just messing about with a VM-100 and three other VM's on vSphere 5.5...All setup for layer 3.Ubuntu1 <> VM100 <> Vyatta <> Ubuntu2Three vSwitches, promiscuous mode on reject Ubuntu1 to VM100 10.x.x.x/24 networkVM100 to Vyatta 172.16.x.x/24 networkVyatta to Ubuntu2 192.168.x.x/24 networkPolicy all setup, default routes on all...

Resolved! GlobalProtect client updates

Hi all we are a bit behind on the GlobalProtect client for our users (currently on 2.0.0). I assume the update is not incremental. In other words, if I download the most current version (2.0.3) onto our PA-500, our users should get prompted to install which will upgrade them straight from to 2.0.0. to 2.0.3 Is that correct? Also what is with the...

Captive portal and Android cookies: How are cookies stored that are delivered from captive portal?

First, some background. We have captive portal configured and we have a "BYOD" wireless network. We have the cookie lifetime in Palo Alto set to one week.For our Android users, it seems that once they get redirected to the captive portal and authenticate, if they get out of the web browser app and let their phone sleep, they lose the cookie that...

Resolved! Custom App-ID for the World Cup

Will Palo Alto be creating a custom App-ID for the World Cup streaming media this year? I am based in the UK.Regards,James.

Resolved! World Cup 2014

Has anyone found a "simple" way to block the majority of this type of traffic/streaming?I recall there being a discussion before regarding the Olympics but it may have been at one of our local PA information sessions --- something like a new App-Id.

Global Protect Portal with Certificate Profile - client certificate required after upgrading to 6.0

Hi,We are running Global Protect with pre-logon. The GP Portal needs to allow users to login from "clean" computers without machine certificates, and at the same time allow pre-logon user(and other users) to authenticate with machine certificate. This has in 5.0 been done by using a certificate profile with the username field set to "none".This ...

HA deployment with IPsec tunnel

Hello Guys ,I have two PaloAltos' deployed in HA ( active - passive mode ) and have an IPSec tunnel configured. I have noticed that when the primary PAN ( active ) fail-over to the Secondary PAN, the IPsec tunnel does come up and need to manually start the IPsec ( via CLI ). Do you have a way when Secondary PAN become active the IPsec Tunnel com...

About custom vulnerability signature

Hello,My customer made vulnerability signature in FW. But FW doesn't detect this signature.Customer Vulnerability Signaturecontext : http-req-message-bodypattern : eval\(gzinflate\(str_rot13\(base64_decodeI am searching this but I don't know.So I need your assistance for it.I have read Creating_Custom_Signatures-RevA.pdf document This docume...

Check Point R77 URL policy migration

Hello,I was trying to search for examples or good documentation for migrating check point URL policy to PAN. Does anyone have any suggestions? One of the specific examples I'm having issues with: CP has an option to select Internet as a destination (all traffic leading to external interfaces). ie : SIP: userABC DIP: internet APP: applicat...

Resolved! Can a Panorama re-forward log to another one?

hi, All,We know the new function in v6.0 that a Panorama can re-forward the traffic log of some devices (ex. PA-200s) to another syslog server. But can it re-forward to another Panorama? If yes, How can I do?

PAN-OS 5.0.12 vs PAN-OS 6.0.2

Hello All, I wanted to ask the community and the support engineers about the recommendation for PAN-OS for a new installation.Given PAN-OS 6.0.2 came out about a month ago, can anybody comment on the stability of this version? Anybody upgradedto it, but had to revert back? Thanks,- Andrew.

Resolved! User-id-agent Upgrade to 6.0.3

Hi,We are planing on upgrading from 5.0.8 to 6.0.2, and we are currently user user-id agents on our DCs; do we need to also upgrade the user-id agent to 6.0 or the old one would still work?Thank you

About DNS amplification attack issue

Dear Sir,We have a customer for education envirument and they suffered a lot of DNS amplification attacks.Last 7 days session count is 688 Million and 220G Bytes for DNS traffic.We try to drop the "Threat ID 36027 DNS Amplication Attack Query " and "Threat ID 36029 DNS Amplication Attack Response",But we only drop the ID 36027 signature once.We ...

Resolved! Export Custom Report Templates

Is there a way to export Custom Report Templates from the PA FW config?Thanks,Jeff

Factory default on PA-3020

Hi, I am trying to factory default a PA-3020 series firewall but the terminal is not responding after getting into the maint section. I sits in the "continue" section there and I cant manuver. What is to be done to go to "factory reset" section in the maint section?

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!