General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! Proxy ID in PAN OS 5.0.8

How many proxys id can be configured for vpn?

Good Technology Issue

Currently, we are experiencing an issue with a product called Good Dynamics version 1.4.31.5. The vendor "Good Technology" is stating that the Palo Alto firewalls are causing an issue with some sort of SSL heartbeat connection. Is there an know iss

...

Resolved! Does vwire mode still send TCP reset after drop packet ?

I can see the traffic status show "reset-server" but I can not receive RST packet for this session on the server.

So I have a question, does vwire mode still send TCP reset after drop packet ?

Thank you.

machine authentication

hello!

we have a need to identify user machines associated with a domain. specifically, we want to create security policies based upon domain membership. is that even possible, and how would we achieve this functionality?

thnx!

configure PA-500 to send report using gmail account

Hi all,

Please I need to configure paloalto PA-500 to send report using a gmail account. please can someone help me.

Best Regrads,

Resolved! SSL Decryption Whitelisting

So, I have just implemented SSL Decryption in our environment and we hit a website that appears to not work properly because of it. (It's sap.com, click on the login link in the upper right.) We don't see any errors in the firewall but the login prom

...

Eval question

Given a flow and properly written policy to allow Facebook and its myriad apps/widgets on port 80/443, other than the admin management overhead (i.e., having to open ports 80 and 443), how is what Palo Alto does different from what Checkpoint does?

Th

...

Counter to identify if device is dropping traffic

Hi Everyone,

I am looking for help to identify the best way to see if my firewall is dropping traffic because it cannot keep up with the amount of traffic going through the interface. I want to make sure my firewall can keep up with the amount of tra

...

OpenSSL Heartbleed bug: CVE-2014-0160

Hi,

Just wondering if any Palo Alto versions are affected by this bug in OpenSSL?

http://heartbleed.com/

Regards

What is the default syslog format in PanOS 5.x?

For all the various log types (config, system, threat, traffic, HIP) what is the default syslog format?

All the fields are available to edit in when creating a custom log, but it would be useful to have the default format defined for reference.

external captive portal

I'm thinking about trying something a little out of the square with user-id and captive portal. Let me start with the context and business goal:

The PAN is deployed as a data centre firewall.
I'd like to use some policies that permit clients access to

...

Global Protect 2-factor Auth & User-ID Mapping

Hi All,

I'm migrating from ASA to Palo Alto including user VPN access (AnyConnect). The setup will be 2 factor authentication with LDAP/Kerberos (not sure which yet) for the portal and OTP via RADIUS for the gateway.

The current setup allows access li

...

Resolved! Deepnet 2-factor Authentication

Hi Everyone,

I have a client that is migrating to Palo Alto firewalls. I'll be implementing Global Protect SSL VPN replacing the existing Cisco Anyconnect.

The client utilizes DeepNet 2-factor authentication for SSL VPN. I was wondering if anyone had

...

Resolved! Creating application groups

Is there a way to create an application group that will dynamically add applications as they are updated?

For example, I want to create a P2P application group that gets denied. Can I create a filter that says any application that is classified as P2P

...

Eval question

Given a flow and properly written policy to allow Facebook and its myriad apps/widgets on port 80/443, other than the admin management overhead (i.e., having to open ports 80 and 443), how is what Palo Alto does different from what Checkpoint does?

Th

...

Discussions