General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Resolved! How do I add additional log storage to VM Series?

Hi All,Well ive searched and everything seems to be related to Panorama.I created a VM series firewall and left all as default, now ive filled up the log. Ive been searching and found someone mention to add a 2nd disk but ive done and reset the VM but to no joy so possibly it was only for panorama.So what is the process? Do i need to turn the V...

Resolved! GlobalProtect Licence

Greetings,I've just upgraded to 6.0.2 and when I commit any changes I receive this error""No GlobalProtect portal licensevsys1portal "portal-tunnel"config"default user-config"modify gateways cutoff time will not take affect.Any ideas as to why this would happen after the upgrade and not previously?How would one resolve this?Thanks in advance.

Monitor NXDOMAIN Unknown Answers (Failures)

Does anyone know if it is possible to monitor for NXDOMAIN Unknown Answers (Failures) with PanOS 5.0 ?Would it be a custom signature/application that needs to be created?

PA500 says virus - virus total says no

We have a bunch of files that we created that we need to upload via ftp to a remote server through the PA. The files trip the virus detector in the PA. Here's a syslog entry with some identifying information changed:2014-06-16T15:22:31+10:00 10.84.1.33 [user warning] 22:31,000XXXXXXX,THREAT,virus,1,2014/06/16 15:22:25,10.84.20.250,50.28.93.0,0....

VM series promiscuous issue?

Hi,Just messing about with a VM-100 and three other VM's on vSphere 5.5...All setup for layer 3.Ubuntu1 <> VM100 <> Vyatta <> Ubuntu2Three vSwitches, promiscuous mode on reject Ubuntu1 to VM100 10.x.x.x/24 networkVM100 to Vyatta 172.16.x.x/24 networkVyatta to Ubuntu2 192.168.x.x/24 networkPolicy all setup, default routes on all...

Resolved! GlobalProtect client updates

Hi all we are a bit behind on the GlobalProtect client for our users (currently on 2.0.0). I assume the update is not incremental. In other words, if I download the most current version (2.0.3) onto our PA-500, our users should get prompted to install which will upgrade them straight from to 2.0.0. to 2.0.3 Is that correct? Also what is with the...

Captive portal and Android cookies: How are cookies stored that are delivered from captive portal?

First, some background. We have captive portal configured and we have a "BYOD" wireless network. We have the cookie lifetime in Palo Alto set to one week.For our Android users, it seems that once they get redirected to the captive portal and authenticate, if they get out of the web browser app and let their phone sleep, they lose the cookie that...

Resolved! Custom App-ID for the World Cup

Will Palo Alto be creating a custom App-ID for the World Cup streaming media this year? I am based in the UK.Regards,James.

Resolved! World Cup 2014

Has anyone found a "simple" way to block the majority of this type of traffic/streaming?I recall there being a discussion before regarding the Olympics but it may have been at one of our local PA information sessions --- something like a new App-Id.

Global Protect Portal with Certificate Profile - client certificate required after upgrading to 6.0

Hi,We are running Global Protect with pre-logon. The GP Portal needs to allow users to login from "clean" computers without machine certificates, and at the same time allow pre-logon user(and other users) to authenticate with machine certificate. This has in 5.0 been done by using a certificate profile with the username field set to "none".This ...

HA deployment with IPsec tunnel

Hello Guys ,I have two PaloAltos' deployed in HA ( active - passive mode ) and have an IPSec tunnel configured. I have noticed that when the primary PAN ( active ) fail-over to the Secondary PAN, the IPsec tunnel does come up and need to manually start the IPsec ( via CLI ). Do you have a way when Secondary PAN become active the IPsec Tunnel com...

About custom vulnerability signature

Hello,My customer made vulnerability signature in FW. But FW doesn't detect this signature.Customer Vulnerability Signaturecontext : http-req-message-bodypattern : eval\(gzinflate\(str_rot13\(base64_decodeI am searching this but I don't know.So I need your assistance for it.I have read Creating_Custom_Signatures-RevA.pdf document This docume...

Check Point R77 URL policy migration

Hello,I was trying to search for examples or good documentation for migrating check point URL policy to PAN. Does anyone have any suggestions? One of the specific examples I'm having issues with: CP has an option to select Internet as a destination (all traffic leading to external interfaces). ie : SIP: userABC DIP: internet APP: applicat...

Resolved! Can a Panorama re-forward log to another one?

hi, All,We know the new function in v6.0 that a Panorama can re-forward the traffic log of some devices (ex. PA-200s) to another syslog server. But can it re-forward to another Panorama? If yes, How can I do?

PAN-OS 5.0.12 vs PAN-OS 6.0.2

Hello All, I wanted to ask the community and the support engineers about the recommendation for PAN-OS for a new installation.Given PAN-OS 6.0.2 came out about a month ago, can anybody comment on the stability of this version? Anybody upgradedto it, but had to revert back? Thanks,- Andrew.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!