General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Error : "Commit failed. see management server log file (msg.log) for details"

Hello, I try to "commit" Palo Alto firewall and the occurs the following error: "Commit failed . see management server log file (msg.log) for details"Can you help me ? thanks in advanced

Resolved! Global Protect Upgrade Process

Currently on v1.1.6 and want to upgrade to latest. Can I go directly to v2.0? (I will make sure the certificates match)

Resolved! New to Palo Alto - Append Policy Question

Good day all, I am new to Palo Alto so this question might actually seem rather trivial.Most of my peers configure from the GUI and are not very familiar with the Command line. I am more comfortable with the command line so I am trying to do configurations that way. If I want to add a source entity to an existing rulebase security rule do I ju...

Resolved! Simple FW Setup

I have a PA-200 that I'm trying to set up in a simple lab environment. Eth1 is configured as a layer 3 interface with a public IP on it and Eth2 is configured as a layer 3 interface with an internal IP address on it. Eth2 is configured to hand out DHCP requests to internal client, which happens successfully and the internal clients can also ping...

Resolved! how to recognize a difference between IE and FF without user-agent-string

Hi all,does anybody know wether there is a possibility to recognize Firefox not using user-agent-string. Because some FF-user take the user-agent-string to appear as IE.The company don't want this for safety-reasons due to the addons. ThxCheers Klaus

Resolved! Security rules when ISP is caching?

In looking at outbound traffic I can see quite a bit to a network range owned by my ISP. I'm guessing that it's a cache. The application traffic seems to be what one would expect to be efficiently cached (ms-update, symantec-av-update, http-video, etc).How do you write rules for that? Or is it that, say, Microsoft is taking an ms-update request ...

Migration from Juniper to Palos

Hi all,We're in the process of migrating from Juniper ScreenOS devices onto our new Palos and I have some questions about ALGs and service timeouts.On our Junipers, there were a couple of ALGs that we had to turn off due to them mangling the application they were supposed to handle. The most prevalent of this was the SQL ALG, which seemed to ha...

TCP 135 traffic coming from firewall IP to internet ip's?

We received notice from our ISP of flagged traffic coming from our firewall's internal ip address to many internet ip's via tcp 135. User ID is turned off on the public facing security zones. We are on PanOS 6.0.0Anyone else seen this? I set a security policy blocking internet bound tcp 135 traffic from our firewall's management ip. Odd stuff.

Are the Services for URL filtering/Threat/Antivirus the same across all devices?

I'm looking at replacing my older PA boxes and see many improvements in the physical capabilities of the newer devices. As I was looking at the full range, I was wondering if the services for each device is different. Are the URL Filtering, Threat Prevention, and Antivirus services the same for each box? Are they different compared to the devic...

PAN Bandwidth Monitoring & Reporting

Hello,is there a way to generate a bandwidth usage charts from the web GUI or CLI (in Mbps)? I need to be able to show what applications are consuming bandwidth at certain times during the day.The current usage reports in Network Monitor tool only show throughput per time unit (e.g. hourly total), which is not as intuitive as a bandwidth usage g...

Resolved! ftp and PAN-OS 6.0 problem

Hi Team!I have a problem with ftp application in PAN-OS 6.0 after upgrading from 5.9.Passive ftp is stop working correctly. Temporary resolved by creating an application override rule.Any ideas?Thank you

Troubleshoot sending iCloud email

I have just installed a PA 3020 and it's great. I'm still pretty new to the device though and need some help troubleshooting iCloud email. I can receive iCloud email on all devices. I can send iCloud email from a browser. But I can't send email from any mobile devices (iPad, iPhones). It just hangs on "sending...". This was all working last week...

Internet Edge Placement

Hi all,We are in the process of re-designing our network topology and I have a question regarding the placement of our Internet firewall: - place the PA firewall directly on the Internet (with default gateway pointing directly to the ISP's gateway)- place the PA (using private address) behind an Internet edge router owned by us which is pointing...

Upgrade to 5.0.11 = High Amount of Global Protect Failed Auths

We upgraded one of our 5020's from 4.1.13 to 5.0.11 about 2 weeks ago. Ever since then, we have been seeing an unusually high number of failed auths from Global Protect. Has anyone else experienced this?The attached graph was made in Excel. I used this filter in PA ( eventid eq globalprotectgateway-auth-fail ) and ( receive_time geq '2014/02/...

Shared Policy Zone Check

The Shared Policy option in Panorama is most useful, however I have found an issue with it which I think could be resolved in one of two ways, what I need to know is do either of these two ways exist?ScenarioWhen using the Panorama Shared Policy to push single policy to three different FW layers I need to include the Source and Destination Zone ...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!