General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Inbound NAT with DHCP

Hi,Is it possible to do a inbound NAT when the outside/untrust interface is a DHCP client?Here is the NAT rule i`m trying to commit, but thats not working.../kristian

Migrate subinterface config to another interface

Hi,here is a sample of my configuration.I have trunk link (from a cisco device) to the 1/6 interface, where i configured several subinterfaces.You can see that we have the 1/6.3 in the Virtual Router vr-recette in the Virtual System Recette.And after that I have 1/6.206, 1/6.207,1/6.208 in the Virtual Router vr-sante in the Virtual System Sante....

Policy Based Forwarding for Application "Ping"

Hello,i want to make a policy for "Policy Based Forwarding" to route only ping traffic to a different router. Is this possible?I testet a rule with a service "tcp/udp Port 0" -> Don't workI tested another rule with an application "icmp" -> Don't workFor testing suppose i create anoher rule with service "any" and application "any": This rul...

Resolved! Url report based on total spent time

Is there any way to get a report that how many min/hour spent in a every url(such as www.hotmail.com) for each user.Thanks.

Resolved! Has anyone managed to get global protect pre-logon to work???

Has anyone managed to get global protect pre-logon to work? specifically, with a remote users laptop.When the laptop is booted up, at the logon prompt before entering username and password details, do you get a pre-logon connection?

Resolved! When not to use agentless user-id ?

Hi,For big environments it is advised to use user-id agent.How will we be sure ?is there a comparison for this.User number, DC number , ??? any number ? etc...When we should install agent software ?Thanks.

Restricting Application Port

I would like to create a custom App for SMTP submission. All I really want to do is restrict the "smtp" App to use 587/tcp only. It's usual "default ports" action is to allow 25/tcp or 587/tcp.I just tried to create a Custom App based on "smtp," but have the only default port be "tcp/587." As I seemed to vaguely recall the other times I've tried...

Resolved! Split internal and external DNS lookups

I am wanting to split internal and external DNS lookups on my PAN appliance to cut down on some traffic hitting our internal DNS servers. I think I can use a DNS Proxy to specify where the resolution occurs and what interface. Does anyone have experience in splitting DNS lookups in this fashion?

Resolved! System Alert:Failure to check wildfire content upgrade

In last two days, I started getting system alerts that says "SYSTEM ALERT : high : Failed to check WildFire content upgrade info due to generic communication error" and another that says "SYSTEM ALERT : high : HA Group 1: Anti-Virus version does not match" from PA-3020 HA pairs. the HA alerts comes always at 1:31am. The system's health seems ok...

Resolved! zabbix

Hi,anyone has a document configuring an already installed Zabbix snmp for PaloAlto device ?Thanks.

Delete Antivirus Dynamic Update

Hello,I tried threats & antivirus license on a PA 4020.My license was end, so I deleted it using CLI -> works fineBut how to delete antivirus dynamic update package ?? I can't by using web, I tried with CLI : delete anti-virus update (but the pack is not listed).I'm on PANOS 4.1.11Thanks,Franck.

Can PAN device publish client certificates?

I made 5 users into LocalDB, and I configured GlobalProtect Portal & Gateway.It works fine so far.Now I want to generate 5 client certificates for each user and use Client Cert Profile and Local DB as two factor auth. when I connect to GP.My PANOS is 5.0. Is it possible to publish client certs?I could confirm I can configure CA under Device ...

Best 3rd party VPN Client?

Ive got some power users demanding a different VPN client than GlobalProtect.Has anyone setup a 3rd party VPN client (preferrably Windows built-in or something GPL'ed)? Did it 'just work' or did you have to tweek it a bit?I tried windows 7 built in with no luck.Im running PA 4020 on 4.1.7thanks!

Resolved! Master key

Hi,should we change Master key after a new installation for security purposes ?Or not configuring this will cause any security weakness ?

Resolved! Monitor vpn interfaces

Hi,According other discution I know that monitoring for tunnel interfaces through snmp is currently not possible. Would like to know if someone have done something to monitor them through the API ans can agree to share with us ....V.

Discussions