General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Layer 2 Bridge and ARP Table.

Hi All; Quick post to help anyone looking for the answer to this. If you are randomly seeing slowness every few days from the network and eventually have to reboot your perimeter router or the firewall, it may be that your ARP table is full. When setting up layer 2 on the firewall in some cases a VLAN can be bridged across two physical interfa...

Resolved! Unable to Export CSR from Panorama?

Hi,I just generated two CSRs on Panorama, and I am unable to export them. When I try, I get an errors.txt file that says "Failed to prepare CSR <CertName> for export". I've worked around this by committing the configuration to the devices, and then exporting directly from the firewalls. I'm just wondering why I am unable to do so directly ...

Resolved! Tracking application change in a session

Does anyone know if it's somehow possible to track application changes in a session?Let's say an application in a session first is identified as web-browsing, then facebook, and finally facebook-chat. Maybe not a realistic example, but you get the point Is there any way I can see that in the traffic logs, or through any other cli commands?

I am not able to ping from my external interface ip (Public ip) to any other public ip,..

Hi All,I am not able to ping from my external interface ip (Public ip) to any other public ip,..Any extra features needs to be enabled?Thank you,Gururaj

Resolved! PA-2020 Software Upgrade

Does anyone have experience when upgrading from version 4.1.6 to version 5.0.0? I am wondering (outside of the release notes) if anyone has seen bugs.Thanks

Resolved! Any way to disable split tunnelling for my vpn clients ?

Hi all,Just wanna know if there is an issue to disable split tunneling for my vpn clients. I want that ALL the traffic goes through the vpn tunnel, and nowhere else.Regards,Karl

Resolved! Palo Alto Support Contracts

I recently purchased a firewall with a 1 year support contract. I received it three months ago and haven't had time to deal with it. When is the official start date of my support contract? Do I have a certain amount of time to register the box before it's invalid? I know if I register and activate the box the support contract starts immediately ...

Resolved! active / passive setup(connected switch/router arp cache timeout)

I was starting to setup an active/passive system and once the HA was enabled, I lost connection to and from the internet. I found it was an ARP cache on my router. Now if my PA's failover the outside IP will startup and issue a new MAC for that IP and re-arp on router? I was looking at my arp cache timeouts, I though I might have to tweek thi...

Resolved! User ID Agent Ignore

I have user id agent 4.1.6-5 on PAN OS 5.0.1.Is it possible to tell the agent to ignore certain IP addresses, I know how to do with the users by using the ignore list text file.

Clearing snmpd.log due to log overflow

I recently upgraded to PAN 5.0.1. I am now receiving the following alert - Clearing snmpd.log due to log overflow. I have been trying to get more information on this alert but have been unsuccessful. I am concerned with what the log overflow is referring to. Do I need to tweak my default configuration for log retention in the 5.X code. Is th...

Resolved! MAC address spoofing

Does someone know if it is possible to spoof/change the mac-addresses from a VM PAN 100? Our ESXI Vendor won't enable Promiscuous Mode, so we don't have data through our Ethernet ports. I guess maybe, when I can spoof the MAC address, it might be working.

UDP Packet size

Does anyone know if the maximum permitted UDP packet size follow the MTU setting? or is there a specific setting for this?I need to understand if the PA automatically allows UDP packet sizes over 512 bytesThanksRod

Resolved! GlobalProtect portal corrupt.

Running an 2050 Active Passive HA pair.Yesterday I noticed that I couldn't login with the Globalprotect client. After some investigation I noticed that I could log in on the Globalprotect Portal web page, but after the login the page which offers the client downloads would not show up and the connection was reset after a timeout of ~30 seconds.I...

OSPF

Hi,Can anyone please help me with ospf issue iam facing.I have attached the OSPF config of Palo Alto and downstream SRX 100 devices.Iam unable to get the OSPF routes in Palo alto device. ThanksRaju

Resolved! How to generate a CSR from a Self Generated Palo Certificate

Hi There,I am struggling to generate the CSR for a self generated certificate on a Palo firewall (this is the first time I am doing it). I did look into all the documents in the knowledge base and they seemed to be very confusing. I have generated two certificates (one for captive portal and the second for SSL-VPN) using the Palo's Generate op...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Layer 2 Bridge and ARP Table.

Resolved! Unable to Export CSR from Panorama?

Resolved! Tracking application change in a session