General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Routing through virtual systems

Hello,

I have such situation that I need to make routing through virtual system. I added a network diagram below.

Maybe you guys can help me in this situation.

I want that traffic from Vsys2 can access GW_default as it can Vsys1. Also I want to control

...

Resolved! Connecting two L2 segments via PAN?

I am trying to connect two separate Layer2 segments using the same VLAN ID 569 and same IP subnet 10.10.69.0/24.

The firewall has:

ae1 (mode layer2) with members ethernet1/1 and ethernet1/2

ae2 (mode layer2) with members ethernet1/5 and ethernet1/6

VLAN

...

GlobalProtect algorithms

Hi,

Does anyone know what kind of algorithms being used with GlobalProtect and how much a administrator can control this?

/kristian

Resolved! What are the available variables for response pages?

What are the available substitution keywords for the response pages? Do they differ by page?

I am trying to incorporate an email with all the pertinent information to be sent to our internal systems. Unfortunately, the keywords that I have found for

...

Static IP assgin to VPN user?

Dears,

I have PA-500 firewall. Now our VPN users getting random IP address. Can I assign static IP address to specific client?

Does anyone know the licensing scheme of PAN? Any document for based license? What will happen if they don't renew any of the license? will the box still works with outdated signatures? Hope you could share any document about the licensing rul

...

LifeSize

Anybody by chance have a signature for LifeSize? I added it to the applications list with just the ports used and generic categories but without a signature but it doesn't seem to be working. I thought before I dug into making my own signature I woul

...

Resolved! not-resolved URL catagories

Hello all,

Last week I did the upgrade on my PA 2020 box from 4.18 to the latest 5.0.1 version. Today is the first day that most of the staff are back in and I have noticed that a lot of people are requesting websites to be unblocked. Having looked at

...

How to tune wildfire rules

I am on a PA2050 using 4.1.12 in Device/Setup/Wildfire I have Wildfire enabled. In Objects / Security Profiles / File Blocking I have rules that "ALERT" and "FORWARD" on certain file types.

My rule base for USERS connecting to the INTERNET consists o

...

Resolved! missing block-url response page

Hi all,

I have a very common security rule permitting all traffic in for 80, 8080 and 443 ports, no matter the application

The attached URL security profile denies all url categories except for one (custom).

Now I've noticed not to be able to get the ex

...

Resolved! Connection Problem with Polycom VSX7000

Hello All,

I am having issues with video conferencing when using our Polycom VSX7000 which was working fine previously with our Checkpoint Firewall. When we switch over to PA-2020. We start having issues.

We are able to dial out to connect with remote

...

Security Policy Organization

Anyone have any good tricks to organizing an ever-growing list of security policies? We have quite a few especially with inspecting internal to internal traffic. The firewall uses a top down approach to inspection, so I wanted to see if there was a

...

Resolved! differentiate between IE and FF

Hi,

is it and when how is it possible to make a difference between a source which is using IE (company-standard) or firefox. I want to deny firefox-traffic.

We use v5.0.3

Cheers Klaus

SSL Sites bypass URL Category block

Good Day Guys and Gals

I need ideas on the following issue please! I have a block on all Social networking sites for the company. The Policy works great when the user tries to access http://plus.google.com, but when they use SSL (https://plus.google.c

...

Resolved! Multiple IP addresses on an interface

I know that I can add a second IP to my outside interface by using a /32 instead of /24 like the first one has. My question comes in with routing. My default route shows a 0.0.0.0/0 going out ethernet1/1. Since this interface has 2 IPs what IP doe

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Routing through virtual systems

Resolved! Connecting two L2 segments via PAN?

GlobalProtect algorithms

Resolved! What are the available variables for response pages?

Static IP assgin to VPN user?

Resolved! Licensing scheme

LifeSize

Resolved! not-resolved URL catagories

How to tune wildfire rules

Resolved! missing block-url response page

Resolved! Connection Problem with Polycom VSX7000

Security Policy Organization

Resolved! differentiate between IE and FF

SSL Sites bypass URL Category block

Resolved! Multiple IP addresses on an interface

Understanding some counters from pow performance during high CPU troubleshooting

Code Recommendations

Global protect VPN server certificate error

Can a systems integrator benefit from taking the PCNSE exam?

Replace SFP Process

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Re: Allow all web addresses with .gov and .edu extensions

Re: Unable to Upgrade from 11.1.3 to 11.1.13

Re: Where does it show which Agent Config applied to a specific users' Global Protect session

Re: High availability Links on different locations

Unlock your full community experience!

Resolved! Connecting two L2 segments via PAN?

Resolved! What are the available variables for response pages?

Resolved! Licensing scheme

Resolved! not-resolved URL catagories

Resolved! missing block-url response page

Resolved! Connection Problem with Polycom VSX7000

Resolved! differentiate between IE and FF

Resolved! Multiple IP addresses on an interface