General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

HA Questions

Hi all,I have 2 simple questions:Q1: proper procedure to physically move the standby firewall PA3020 connected to primary firewall within the same datacenter (need to power off and move)?Q2: proper procedure to switch the primary to standby and standby to primary firewall?Thanks a lot!!Peter

Resolved! pa200 ha

Im in the process of setting up a pair of pa200 for ha, ive read through the documentation but im not clear on a few things.The PA200, if i do an update on the FW for either software of dynamic updates it uses the management port to do the work.If I configure HA I will need to use the management port and one of the ethernet ports, the other thre...

Adding Multiple IP's to an External Interface

Hi,We have 30 External IP addresses, what's the recommended method of adding more than one IP to an interface?Thanks

NAT Help - Reaching DMZ Server via NAT

Hi,I'm having an issue setting up my DMZ test environment. My set up is basic and is as follows (IP information is an example) --e1/1 - Internet (1.1.1.160/28 - ISP assigned)e1/2 - Internal (10.10.10.0/24)e1/3 - DMZ (10.10.100.0/24)DMZ Web Server (Internal IP 10.10.100.10/24 with NAT rule for external IP mapping of 1.1.1.171)I've set up a NAT p...

Resolved! Radius Vendor Specific Attributes (VSA)

All the Radius Vendor Specific Attributes (VSA) information I've found hasn't been updated. Do we have a new list if attributes available?

Getting User-ID when using 802.1x Wireless

Hi,I was wondering if any of you chaps and/or chapesses have come across a problem getting the correct User-ID information when using wireless authentication.The problem I have is that I have a Palo Alto firewall that happily uses the User-ID Agent from AD/Security Event log to get User-ID information about wired connections to their network. T...

Resolved! Commit error: Server error : vsys -> vsys1 constraints failed : Maximum number of virtual systems reached

Hi All,.while give the commit,..What is this error,.?Server error : vsys -> vsys1 constraints failed : Maximum number of virtual systems reachedEven i have not enabled vsys capability.Regards,Gururaj

Outgoing Packet Capture To Tunnel

Hi all,Is it possible to capture the traffic entering a vpn tunnel? Or can you only capture incoming traffic?Cheers

Resolved! CVE-2013-3893

What is the Vulnerability Signature status?Microsoft Security Advisory (2887505)Vulnerability in Internet Explorer Could Allow Remote Code ExecutionPublished: Tuesday, September 17, 2013https://technet.microsoft.com/en-us/security/advisory/2887505

Active passive to active active mode

I have a pair of PA3020 in active-passive mode within the same datacenter pointing to the same ISP. We are planning to move the standby firewall to the new redundancy site and enable active-active mode pointing to a new redundant ISP. The 2 firewalls will be connected by dark fiber within a few kilometers. What are the best practices and steps t...

forward http request to proxy squid

Hi ,i try to forward my wifi mobile users http request to the proxy squid.i have configured the proxy squid to transparant mode (port 80)To the firewall i have 3 zone : LAN (port 1) , DMZ (port 3) and INTERNET (port2)the wifi mobile users are in zone "LAN" and my proxy squid is in zone "DMZ".When the wifi mobile users want access to internet, t...

L2 trunk and subinterfaces to Cisco

I am trying to configure a L2 trunk from a Cisco 3750 to a Palo 5020I cannot find any info on how to configure the Palo, as the terminology is different to me.As a side note we are also running two 5020's in an Active/Active configurationI have tried configuring it but getting errors saying L2 interfaces not supported in HA active/activeI need t...

Resolved! pass on user-id information

Hi All,Setup- We got 2 PA clusters with a leased line between them, joining two offices of the same company.- Both offices have their own AD, servers, ...- We have GlobalProtect configured on both devices.- We have PanOS User-Id configured (so no agent) on both devices- We have a user based security rule providing a "support" user access to cert...

Re-Generating HA-Keys

I was lazy and just imported a configuration from a a other firewall to create a new firewall.Now i discovered that the HA-Keys are identical (because) I imported the config.Is there any trick to re-generate them or do i have to factory reset and start over the whole config?Thanks for Help

Removing an Object and All Dependencies

Morning,I am doing some firewall cleanup on our panorama. We have quite a few devices and I am forced to go through each device group to verify if something exsists locally or shared. Is there any way through the CLI or Panorama to remove an item and all dependencies? Here is the current process:Enter search term to find the itemClick through...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!