General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Global Protect and two gateway

Hello

I have PA200 without licence for second GP Portal.

I did a second gateway because I thought that this should solve my problem.

I need to let access to some website to my users but with my IP address. Thease people has accounts on radius server. I

...

ICMP reply size in 4.1

Is it possible in 4.1 to limit the size of icmp replies or strip any payload in order to discourage tunneling via ICMP ?

Can I use Radius Accounting or Diameter as source of rules in ISP network?

Hi,

I want to install the PA in my ISP net as transparent bridge, I'm looking for a way to configure the machine to get an IP address & then translate it via Radius acounting / diameter protocol to the user info.

Do you know how it can be done?

How is

...

Resolved! OCSP on SSL decrypt with self signed certificate

When enabling OCSP and having a self signed certificate for SSL decryption

(we push the certificate to all our domain clients)

will OCSP check my self signed certificate against the OCSP responder (and fail because it is unknown)?

Or will it only check

...

Resolved! Problem VPN Split-Tunneling

Hi everybody.

I've got a strange problem related to split tunneling in PAN configuration. The situation is:

- Portal and Gateway configuration in PAN-2050 with PANOS 4.1.7 (same results with 4.1.6 and 4.1.5).

- VPN client Cisco compatible (Windows and L

...

Packet capture of specific Security Rule?

I need to confirm what traffic data (specific DNS Request strings inside the packet) is hitting two specific Security rules, so would like to capture just the traffic that is hitting these rules. Is there any way to do this?

I have run the Packet Capt

...

Netconnect File Extension

When I try to download the latest netconnect install file from the Software Updates web page it downloads without a valid file extension. When I download the file PanVPN-1.3.4 shouldnt it be PanVPN-1.3.4.msi ? I've tried renaming the file...

Resolved! Antivirus Compatibility Mismatch

Hi, i just realised that my two PA (active/passive) have an alert of HA Antivirus Compatibility. I have checked the version in Dynamic Updates and its the same in bot devices. CAn you tell me why this mismatch happens???

I attached an screenshot with

...

Facebook is not displaying its page/images properly when SSL Decryption is enabled

any ideas why ?

*Note: I have a rule allowing ANY destination with ANY application with ANY service, also another rule i tried was with ANY destination with Explicitly a

...

Nested Active Directory Groups

Can it handle nested Active Directory groups?

Security policy with a group which a user is not direct member of. When user tries connection through firewall then it checks the groups within the group (an so on).

Can it be configured how deep the nestin

...

Resolved! Mac OSx & UserID

I have a question. Maybe someone has run across this.

I am using the server monitoring function of Palo

I realize that I can use the user-ID agent and set it to never forget the user mapping, but I am looking for a more accurate way of keeping this map

...

Security Policy's and NAT

Hi,

I Have configured a BYOD wireless ssid that is being forced to the internet via a port on our 2050. I am trying to get the network to be able to contact our mail server for exchange on mobile devices and also to have access to our content server r

...

Resolved! 2 isp 2vr asymmetric

Hi,

2VR 2isp,2 seperate default GW (2 ppoe modems)

PC A ---- internet through ISP 1

we want to RDP TO ISP2's public ip and make destination NAT to PC A

How can we make this work ?

New enforce symmetric return did not work .commit fails with ppoe is not su

...

Destination NAT/PAT clarification

Prior to shooting myself in the foot I want to make sure I'm on the right track.

I have an application where I'd like to take inbound connections directed at a particular port on my untrusted "outside" FW interface and redirect them to the same port o

...

Resolved! Google Mail for Business

Hi all,

Anyone has experience in using SSL decryption with Google Mail for Business? My concerns are the incoming emails will no longer go thru our mail content filtering engine and we don't have adequate tools to prevent data loss in outgoing mails (

...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free