General Topics

Join Us in Welcoming LIVEcommunity's 2024-25 Cyber Elite Experts!

LIVEcommunity is pleased to announce the 2024-25 Cyber Elite Program!

LIVEcommunity's Cyber Elite Program recognizes community experts who demonstrate excellence in participation and contributions to other members and Palo Alto Networks customers

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

GlobalProtect access to local LAN devices

I am fairly new to Palo Alto devices. We are in the process of testing the GlobalProtect client and have set it up without split-tunneling.

I have confirmed this works for web browsing (get the PA NAT address), but we are still able to get to all lo

...

Resolved! Global Protect client working simultaneously on Mac OSX & Windows OS under Parallels

Has anyone tested the Global Protect client on a Mac running WIndows OS under Parallels or VMware Fusion? Will the client connect to the GP Gateway under both OSs simultaneously?

control SSL ciphers

Hello all,

Is it possible to deny/block inbound SSL flows - based on the SSL cipher parameter ? For example, deny SSL if the cipher is 128 bits ?

Maybe with a custom signature ?

Does anyone have an idea ?

Thanks you for your help,

Regards,

PanOS 5 application dependancy

Hi,

I have a question about the new PanOS 5 feature that's supposed to handle application dependancies automatically (or better). Do I need to enable this somewhere or configure it? I am running 5.0 and when commiting, it still reminds me about applic

...

Resolved! URL Filtering by group if user lives in multiple groups

Does anyone know of an elegant way to handle the following:

We'd like to use Active Directory groups to be able to allow some users access to certain URL categories that we block for most users. We have a default URL filtering profile that is the most

...

Resolved! URL filtering in PAN-OS5

Is there any information on this anywhere (ie the new PAN database, not Brightcloud)

Is there a list of categories, and how do they map onto the Brightcloud categories?

How can I lookup what category a URL is in, and request a change if required?

debug dataplane packet-diag causes PA5050 to stop working? PAN-OS 4.1.7

Hi,

today i tried to debug a packet flow via the "debug dataplane packet-diag" command.

I did that by using this guide.

Unfortunately this causes our PA5050 Active/Passive Cluster to complete stop working for a few minutes. :smileyangry:

Is this a known

...

Issues again with Brightcloud Services

On the 12th of November 2012, I am having issues again with Brightcloud not resolving websites from the cloud dB. This has happened in the month of October 2012 as well. The Brightcloud services cannot receive data as well. All connections look ab

...

Multiple Captive Portal Settings

I know on top of my head that multiple captive portal profiles are not possible. But was just wondering if there is or I might have missed something on how we can acheive this.

I want to set a captive portal for Group A to have 60mins of session and

...

Resolved! Filtering on "decrypted"

Is it possible to set a filter in traffic log (or others) to only show SSL decrypted traffic ?

SSL VPN WITH CITRIX XENAPP

Hi Guys

Does anyone try to integrate citrix xenapp with ssl vpn ?

It`s possible ?

Best Regards

Thiago Lima!

Resolved! Policy migration question...

I am migrating from a port-based firewall to the PA and I want to put the application for all policies that cover inbound services instead of the ports. I plan on temporarily doing a V-wire on the internet connection before the cutover to gather the

...

Resolved! Cisco Telepresence test failing due to SDP being rewritten

We ran http://test.callway.com on our network to test Cisco WebEx Telepresence and it fails due to the following:

Issue

Your firewall is altering SIP messages and interfering with the proper operation of WebEx Telepresence.

What does this mean?

Your call

...

Resolved! Passive Mode in IPSec

Hello~ Guys~

I'd like to know Passive Mode in IPsec.

Anybody Help ME~~~

Thanks in advance.

Have a nice day~~~

Do PAN devices support blocking Countries by IPv6?

Hi,

I know PA support countries as source & destination address by IPv4.

How about IPv6 address?

Tomi