General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! NAT for ldap

I need to configure my PAN to allow LDAP and port 636 inbound from 10 specific IP addresses for authentication with a software company. Can't figure out how to do this correctly.

How to create custom vulnerability signature for SIP packets?

Hi,

we are trying to create custom vulnerability signature for triggering on the specific string in the udp packet payload with destination port 5060. Unfortunately there is no context for SIP. We used "Pattern Match" and chose "unknown -req-udp-pay

...

Resolved! Spoofed IP address zone protection of vwire

Dear,

We have created a zone protection profile with protection against "Spoofed IP address".

We have put this protection profile on a vwire interface.

Question:

What will happen since a vwire interface has no IPs?

Will this "feature" be ignored, or what

...

Load Balancing L3 and VW

Is possible create a Load Balancing with a L3 interface and VW Interface?

Resolved! Reset Password

Hello,

I forgot the admin password, How I can to reset it,

Suspicious DNS Query's

Hello,

We are running version 5.0.6 for a few weeks now and looks very good.

We see now also in our threat detection the following threat "Suspicious DNS Query : ......" and this is blocked.

This is very cool to block at dns level spyware and malware bu

...

Cant login to PA-VM300 via ssh or HTTPS

Can anyone help me here.. I recently installed a PA-VM300 and all efforts to login via https/ssh has proved abortive. I had to work my way via CLI to connect via http.

Also everytime i click on commit on the PA-VM300, I get logged off , and always ne

...

Resolved! Can I look ACC of some devices in Panorama?

Hello

There are Device-A , Device-B and Device-C FWs.

All FWs forward all logs to Panorama.

I want to look ACC included only Device-A and Device-B in Panorama.

Is it possible?

Thanks

Resolved! Client certificate and LDAP authenticate on Global Protect

Hello

I have a question.

My customer want to use Global Protect.

He want 2-factor authentication.

User authentication client certificate on 1-factor.

And then user authentication ID/PW to Active Directory by LDAP on 2-factor.

I have searched and seen below

...

Resolved! Are there way that fw forward url & data filtering logs to ESM system by syslog??

Hello,

I know there are not log type of url & data filtering on syslog server profile.

But my customer want to receive two logs to ESM system by syslog.

Are there ways?

Please let me know it if there are.

And I have a question.

Panorama is received this lo

...

Resolved! Help setting up internet connection

Hi there

We're in the process of cutting over to a new internet connection and I'm trying to get our PA 2050 configured to handle to new IP range but I'm a bit stuck. We've been assigned the 111.69.54.112/28 subnet with 111.69.54.113 being the default

...

Log Type Unknown

How do I figure out what the log type I have is when its showing me "unknown" for the current type?

*edit* Sorry they are assumed for the IDS/IPS

Global Protect Welcome Page with ActiveX

Hi Guys,

is it possible to customize the welcome page of Global Protect with ActiveX scripts? I need this to run Active Directory login scripts automtically after a connect with Global Protect.

Cheers

Dirk

GlobalProtect client pre-/post-connect commands?

Hello,

Do someone know, if i can set pre- or post-connect commands at the GlobalProtect client?

Background:

i want to start a service after a successful VPN connect via DOS command (sc.exe).

thanks

regards

Robert

Global Protect too many outstanding keep alive

Hello guy's

did Someone see this kind off message in global protect agent log on windows device.

message :too many outstanding keep alive

and just after this message a logout is innitiated

the VPN session is mount conntected and after less than 2 min a

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! NAT for ldap

How to create custom vulnerability signature for SIP packets?

Resolved! Spoofed IP address zone protection of vwire

Load Balancing L3 and VW

Resolved! Reset Password

Suspicious DNS Query's

Cant login to PA-VM300 via ssh or HTTPS

Resolved! Can I look ACC of some devices in Panorama?

Resolved! Client certificate and LDAP authenticate on Global Protect

Resolved! Are there way that fw forward url & data filtering logs to ESM system by syslog??

Resolved! Help setting up internet connection

Log Type Unknown

Global Protect Welcome Page with ActiveX

GlobalProtect client pre-/post-connect commands?

Global Protect too many outstanding keep alive

Template- Variable CSV greyed out

Can't find the "Republic of Kosovo" in the "Firewall Region Code Legend"

Device - certificate based authentication

Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

Wildcard URL for Non-HTTP/HTTPS traffic

Re: Allow all web addresses with .gov and .edu extensions

Re: Wildcard URL for Non-HTTP/HTTPS traffic

Re: Howto delete sub-interace from cli

Re: SSL Inspection issues with GlobalProtect users

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Unlock your full community experience!

Resolved! NAT for ldap

Resolved! Spoofed IP address zone protection of vwire

Resolved! Reset Password

Resolved! Can I look ACC of some devices in Panorama?

Resolved! Client certificate and LDAP authenticate on Global Protect

Resolved! Are there way that fw forward url & data filtering logs to ESM system by syslog??

Resolved! Help setting up internet connection