General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Interface "attack" counters

Hi,

With the command "show counter interface ethernet1/X" i see several counters related to different kinds of "attacks".

land attacks ping-of-death attacks teardrop attacks ip spoof attacks ...

How to get the client's IP address with x-forwarder-for in PAN.

How to get the client's IP address with x-forwarder-for in PAN, I need to create something to caputure this part of HTTP header?

Thanks.

Patricia.

PAN Default Values for Threat Actions

Hi. I'm looking for information on what the Default Threat actions are. Is there a list or a database where I can find out how each Signature ID is handled by Default??

Many Thanks

search traffic logs by vsys in CLI

Does anyone know how to specify your traffic logs by vsys and add multiple search parameters of the same type like you can in the gui? We are running PanOS 4.1.7. Notice that the app option does not show up anymore and and there is no vsys option.

PA-

...

How do you allow Polycom (nat) via Palo Alto FW?

Hi,

I'm having issue with configuring NATing for my Polycom unit sitting behind the firewall to work. I have allowed all the required apps for Polycom to allow outgoing and incoming. My issue is when I can only call out to another party with public

...

Resolved! about certificate expired date

Hi All,

Is there any way to custom certificate expired date that generate by paloalto itself ? I saw it on webpage that is too short, it only have six monthes.

Thanks.

Regards,

Joy

Resolved! SSL decryption - Forward UNtrust certificate presented

Hello,

We experienced a problem with a specific SSL encrypted site: https://panakeia.infoman.de/

The original certificate is issued to "*.infoman.de" and was issued by Go Daddy (--> InfomanCert_Original.png). It seems to be perfectly valid but still ou

...

Possibility of an IP in a physical interface and a subinterface ip in the same interface?

Hi all,

I need to reassure me on a simple configuration.

Is it possible to do this configuration?

IP interface 1: a.a.a.a / x
IP interface 1.10: a.a.10.a / x
IP interface 1.20: a.a.20.a / x

I ask this because I've seen a few configurations and whenever sub

...

JS/Trojan.iframe virus?

Hello,

I'm seen hits for the JS/Trojan.iframe virus only since last Wednesday or Thursday. Have seen them associated with three different websites. I suspect false positives. Anyone else out there just started seeing these? Was the virus definitio

...

SSL VPN and iPhone OS 4.0

I was looking at the new specs for the 4.0 code of the iPhone OS, and saw that they were opening up the SSL VPN function to Juniper and Cisco.

Any chance Palo Alto is working on a NetConnect app for the iPhone?

http://www.apple.com/iphone/business/prev

...

QoS for Microsoft Lync

We are starting the initial rollout of Microsoft Lync clients. Has anyone setup QoS for Lync on the Palo Altos? Any issues to look out for that anyone has run into? We have 6 sites that will eventually have Lync clients and I want to make sure the

...

Resolved! PBF for Torrent Traffic

I am trying to establish a policy to send all traffic based on bittorrent through a specific ISP.

However, when I add any application under the destination application, I get the error: application 'bittorrent' is not an allowed keywordapplication 'bi

...

Resolved! How real-time is User-ID?

Kind of as per the subject really. I'm interested in using User ID so that only authenticated users have internet access, but I'm not sure quite how "real-time" it is?

Someone comes in and switches on a computer, logs onto the domain, tries to browse

...

Resolved! meaning of source-user pre-logon

Hi,

Can anyone explain what the option "pre-logon" means as a value for source-user in a security policy?

I can't find anything about it. Not in the build in help, the admin guide nor the CLI reference.

Peer identifier for azure is required to be set

I have got a tunnel set up successfully to Azure but have had to specify the peer identifier by IP address which will not be very stable. Azure support advise that the peer identifier set by azure is dynamic and that some firewall vendors (Cisco, Ju

...

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free