General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Resolved! Deploying LSVPN ( Large Scale VPN) with NAT !!!

I'm newcomer with Palo Alto. I have project to deploy PA using LSVPN . But there is a problem because The Internet Link from ISP & MPLS must Via Router Cisco.But I wonder , when using Router at Border , that means you must NAT Public IP to Private IP of PA. So when deploy LSVPN, Traffic is encryped , that mean Router cann't NAT . So how to s...

Resolved! GlobalProtect certificates

In my company we have AD and our internal CA. I want to use our internal CA for GlobalProtect. What I have done so far: I've import our root CA to PA500 (PANOS 5.0.3). I've generated web server certificate and imported it in PA500 I've created GP gateway and portal.When I try to submit changes it says "invalid certificate chain".We h...

Monitoring and Blocking eMail

Hello,I want to know how I can do the following questions:1.- How can I block in gmail application the access to all the mails like this xxxx@gmail.com, but allow the access to emalis like this xxxx@domain.ec that also are associated with Gmail.2.- How to monitor the users who access to public mails and know what are the access account and the d...

Resolved! Global Protect Usage Report

I have created a custom report to track all VPN users by subnet.. I parsed it to user and total bytes.. however, I can only get maximum 500 lines.. we have 1000 GP users, anyway around this?

Resolved! FIPS mode IPSec cipher suite subset

When you enable FIPS mode on the firewall, what are the subsets of cipher suites available that the admin guide is referring to?Admin guide - "When configuring IPSec, a subset of the normally available cipher suites is available."

Mail server getting blocked when downloading files

I have an exchange server that is getting block-continues for file types that are not being explicitly blocked...pdf, jpg, etc.It has no way to continue.....I believe it must be some default behavior I am not aware of in the AV or AS profiles?Where are these actions defined?I had to move the exchange server(name= domain\barracuda_ldap) into an E...

Resolved! Unable to connect Global protect portal,..

Hi All,I am able to download GP client software, But using the same credential not able to connect to portal, giving error : portal error - unable to connect to portal. Only through one machine i am able to connect to portal using same credentials what i have used for others.Thank you,.Regards,Gururaj

Resolved! Tunnel Interface IP Address

Can somebody explain to me the need for the tunnel interface IP address? Apparently a VPN tunnel requires a tunnel interface configured with an IP address when using dynamic routing. Is that a dynamic gateway the PA is connecting to or the PA is using a dynamic IP? Also, does this IP address have to live on the same network as the local network?...

Resolved! what is standard port of ms-dtc app-id?

Hello.I checked that ms-dtc standard port is tcp 139 on applipedia. I created couple of security rule for ms-dtc app-id and one was applied application-default at service column and other was applied specific service port tcp-49210, tcp-49217, tcp-49291.Unfortunately PAN warned shadowing rule for above security rules. I believe that ms-dtc app-i...

Resolved! Why the User-ID Agent status of passive device on HA mode shows not-conn:idle?

Hello there.I have a question related to a User-ID Agent.My PA-5050 is configured with HA mode (Active-Passive).Couple of devices are connected User-ID Agent.There are user agent connection status on the both of devices.Active Device Name Host Port Vsys State Ver Usage---------------------------------------...

Resolved! SNMP request failed

Hi, I try to request to PA-5020 with S.O. 1.4.7 some snmp traps for extract certain information about fo temp, cpu used, max sessions, etcetera.But when i try to extract the information since my snmp tool called snmpcheck the result is "Request Failed"I try too extract the snmp traps with the graph tool called MRTG but the result is the same, "R...

Juniper ScreenOS VPN to PANOS

I have a Juniper firewall with ScreenOS 6.2 that I am attempting to build a LAN to LAN VPN tunnel to a PAN firewall with 4.1.10.A quick overview of my setup. We have to frequently setup networks that are "mobile" for company meetings or whatever. We essentially take a network in a box and plug the Juniper into the internet. Because of this the J...

Resolved! Optical transcievers question (PAN-XFR-SR)

Hello!What is the MMF core size supported by the PAN-XFR-SR modules?Thanks!

Is it possible to enable DHCP-Server on Management Interface?

Hi, I would like to know, if there is a way to enable DHCP-Server on management interface? We are using another interface for management so we could enable DHCP-Server on the dedicated management interface. In case of need we can establish a physical connection between the management interface and a laptop.

Dynamic updates download but not install on HA

We've got an HA pair of 5050s. They both have a job to download and install dynamic updates at 12:00 AM.I've seen occasions where one of the boxes will download but not install the update. They are also set to push a version of the update to the HA peer.I"m wondering if having them check at the same time and try to push to each other is not id...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!