General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! webgui login custom logo

Hi,

Is there a way to move custom logo of login page from the middle of the page to top left or etc... ?

Thanks

Resolved! High CPU on the dataplane

Hi there
Ive setup a system where i have our data server on the trusted area, our partners are on a untrusted lan area and have access to a few of our data shares.

If the copy files using smb the datplane goes up to 98%, ive used an application overide

...

Disable SSH password authentication?

After I have loaded public keys for administrators on my PA Devices, is there a way to disable SSH password based authentication?

Thanks!

GlobalProtect - Linux VPNC self-signed cert

Hi all,

Any one knows whether we can just use self-signed cert in Linux VPNC without using the Pre-Shared Secret Authentication? Or it is a must to use the Pre-Shared Secret Authentication?

Than

Resolved! Dropbox rules

Hi Guys,

I have had an issue arise that seems to be related to Dropbox using Amazon's S3 storage. We have had need to allow certain users access to dropbox to upload files to clients and between sites with slow connections. And in the beginning I crea

...

When I connect PA 3020(5.0.4) the upload and download speed degrades severely?

Currently we are running Cisco ASA firewall which is connected to the ISP. When the ASA is connected we get an upload and download speed of 100MBX100MB.

Whenever I connect the PA 3020 the upload speed falls to 10Mbps and download speed to 70Mbps. Has

...

CLI FTP Export Log URL Issue

I'm trying to run a report on user activity via the webfilter for a particular user. I would use the GUI but the the GUI is only allowing me the last 500 hits (via a custom report). If I go to the actual monitor and try to export I get a server 500 e

...

Resolved! permitting/denying asymetric TCP flows at the VYSY level?

Can "set deviceconfig setting session tcp-reject-non-syn no" or similar somehow be configured at just the VSYS level? ( I know it functions at the device level)

So as to provide some VSYS's the ability to process asymetric flows and others not.

Regard

...

Resolved! V5.0.4 HA Group1: Running configuration not synchronized after retries

This message appears (email, and SNMP trap) pretty much anytime I run a "commit" on the box. It appears cosmetic, as the GUI on both boxes show them being in synch. (possible latency/delay issues during synchsynch causing this mis-fire?)

I noted this

...

Running mutiple OSPF instances on on virtual router ?

Hi,

Can we run multiple OSPF instances on one virtual router ?

In cisco we can run two OSPF processes for example ,

router ospf 100

router ospf 150

Kind Regards,

Sunil

User mapped via CLI but no through Web-UI

Hello all:

I am trying to configure an user in a security policy but when I write the first 4 letters of his username it doesn't appear (screenshoot attached). However, it does appear throug CLI:

admin@PA1(active)> show user ip-user-mapping all | match

...

Resolved! untrusted webbrowsing

Hi there

Ive set up the firewall with a trusted lan for staff and untrusted lan for visitors.

I don want the visitor lan to access the staff lan, however the first rule created was to allow webbrowsing, i cloned it and added the visitor source addess t

...

zip file blocking is also blocking docx files

The organization policy is to block ZIP file types.

We are having problems with docx file type which they are a ZIP file but in the file blocking profile I can see Paloalto should know how to recognize docx files but we still get drops

i would like to

...

File Types and Md5 Hashes

I write SIEM content (Mostly Arcsight and Q1), I have found PAN to be very effective in identifying adverse traffic. One thing that would be great, that in addition to recognizing the file type such as "file Microsoft PE File(52060)" which is useful

...

Another PA bypass

Found this one recently:

http://www.what2code.net/?p=150

http://www.youtube.com/watch?v=wPHeAkv8BaE

Where dns is being used to tunnel ssh traffic through and of course there will be ways to bypass things but how is/will PA address this latest finding?

(a

...

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help