General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! Certificate import issues

I'm having terrible problems importing a trusted certificate into my PA.

I've followed the following guide - https://live.paloaltonetworks.com/docs/DOC-3502

I can create the key ok

I can create the CSR ok

I then submit the CSR to Thawte which then gets a

...

Resolved! PAN-OS 5

so the long-awaited v5 is now available. What are the implications of upgrading to it?

is rollback to v4 straightforward (we're on 4.1.8 now)?
does it force you to use the new PAN web-filtering database, or can you continue to use Brightcloud?
Do we ne

...

Auto-update not functioning

Currently whenever our palo alto 5050s do their dynamic updates they are not finding any new updates to antivirus, applications, or URL filtering. Updates are only found when I manually perform a check. I have all 3 set to download and install with a

...

Time based No-decrypt rule?

Hi All,

On my site we have a Decrypt-all rule in place (apart from some no-decrypt rules for specific business related sites).

The problem I have is that some users are having issues accessing sites like Easyjet and Ryanair's booking pages, this I am f

...

UaService (PA User Agent) consuming 50% of bandwith capacity

we have since a couple of weeks detected an issue with our network bandwith which looked to be caused by domain controllers. if we looked further into detail the domaincontrollers were replicating CIFS at a speed of approx 200kbs/400kbs (which is a

...

Policies - Security - Rule shadowed by 2nd rule

Much like an access list on a cisco router top to bottom. I recently created 2 rules for our 3rd party ISP to connect internet sticks via our firewall.

1st rule - Allow all traffic via TELUS internet sticks from Trust Vpn, Source (telus), Destination

...

Is it PAN 4.1.8 ready for production environment?

Hello

I find that in PAN 4.1.8 is new feature:

"User/Group-based Portal Configurations – The GlobalProtect Portal now supports multiple agent configurations on a per-user or user-group basis within one portal configuration."

I know that its fresh ... bu

...

Resolved! configuring NAT with TAGGED subinterfaces

In order to overcome the limited number of physical interfaces on the PA-200, I need to have one physical interface handle traffic for two different zones, A & B. These zones need to talk to each other and to other internal zones (with security polic

...

Resolved! PA in VWire mode between trunked ports

Greetings,

Before, I get to the matter, I have browsed through the discussions and did find solutions. But I am unable to understand a few concepts.

I have a scenario where;

1. The present firewall is a virtual firewall hosted on an ESXi Server.

2. Li

...

Resolved! Exporting NAT configuration

So I'm wanting to get the XML out of the firewall for specific DMZ's so that I can assemble IPAM updates from the XML.

Right now, if I ssh into Panorama, go into config mode, and issue this command:

show device-group DMZ pre-rulebase nat rules

Then I ge

...

Resolved! Global Protect (basic-mode) for Android and PC - licensing and coexistence

Hello everyone, one of my customers wants to connect using their Android smartphone. I read the doc, seems like the only gotcha is it requires client certs. If I do this, then all SSLVPN users will be required to have client certs. I did not see a

...

Using Third Party Certificates on a Palo

Does anyone know what the best certificate to use on a Palo is please? We have a customer who is failing PCI compliance testing as we are using a self signed certificate which was generated on the Palo for Global Protect. Any help or advise would be

...

Filter out certain traffic (DNS)

I am looking for a way to omit DNS traffic from showing up in the Top Applications widget. I thought Application Override might have been the way but it proved unsuccessful. Anyone try this before? Or have something you can point me to?

Thanks in adva

...

Traffic on untrust interface - problem

I have a problem. I have 8Mb internet connections some of my servers are directly connected to internet (I have a switch connected to servers and PA200).

Every day throught untrust interface are made backups of this servers. So the traffic on untrust

...

Resolved! Guidance in setting up ssl decryption - cert management

I am trying to get this setup for a customer and this is my first time setting up ssl decryption. The customer has SBS2011 so they do have AD CA. I created a domain cert for the PA and exported the root cert. I imported both of these into the PAN fir

...

Discussions