General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Traffic on untrust interface - problem

I have a problem. I have 8Mb internet connections some of my servers are directly connected to internet (I have a switch connected to servers and PA200).

Every day throught untrust interface are made backups of this servers. So the traffic on untrust

...

Resolved! Guidance in setting up ssl decryption - cert management

I am trying to get this setup for a customer and this is my first time setting up ssl decryption. The customer has SBS2011 so they do have AD CA. I created a domain cert for the PA and exported the root cert. I imported both of these into the PAN fir

...

Resolved! Minimal Hardware requeriments for User ID Agent

Hi,

Someone knows a minimum requirements for installation of the user-id Agent?

Greetings.

--Marco

Best Practices for Application Policies?

I was wondering if there is a best practices document for setting up a policy to control particular applications. I've already dug through the Skype tech document which tells to enable unknown applications. Are there any other applications that work

...

SMB Fragment Packet Found(32332)

Hi,

Anyone have experience of this firing off continuously for 'normal' LAN traffic (deffo not being used as an evasion technique) since the signature was modified (v337)?

Cheers

VMWare series firewall

Just noticed a section of he help file for PANOS 5 which mentions a virtual firewall series from Palo Alto. Sure am interested in some more info....

Bob

Yahoo Toolbar uses port 443. The application database on the PAN only looks for port 80.

Hi, I noticed my PAN is blocking connections from my client computers to the yahoo toolbar over port 443. After looking around in the database I noticed that it's only looking for this app to use port 80. Is there a way for me to add port 443 to this

...

Resolved! Problem with multiple Netflow profiles

Hello,

I encounter a problem using multiple netflow profiles on our PA-500 running PAN-OS 4.1.8

I have defined 3 different neflow profiles, each refers to a specific port on the same host.

Each profile is assigned to exactly one physical layser 3 interf

...

Block page and SSL

Hey all,

So, we have a need to block everyone but a small AD group access to a couple pages. Now, we don't want to just "deny" them in the rule (we have a comfort page that promps them they are blocked and allows them to request access) - I don't wan

...

Resolved! What is hidden locally on a device when being managed by Panorama?

When you configure a PA device to be managed by Panorama the first thing that (when you login through web-gui directly to the managed device) goes away is the contents of running-config.xml regarding address objects and security policies.

These settin

...

Resolved! Application = insufficient-data?

We have some outgoing UDP traffic that shows up in the traffic log with "insufficient-data" in the application field. The problem is that this traffic is being allowed through the firewall because it's being matched to a rule that allows FTP traffic

...

Some of traffic logs are not converted,is it a bug ?

When upgrading from PAN-OS 4.0.9 to 4.1.7, some of traffic logs are not converted from the old logs.
It seems like the logs of about one hour before upgrading are unavailable. I am using PA-2050 and PA-5020.

Alternative to sAMAccountname ,when using Ldap for Authentication

Hi,

When we use to authenticate users through AD, we configure LDAP profile and in Authentication profile tab.

We write "sAMAccountname" for attribute at this window.We want to change this attribute and we want users not to log in with just username; W

...

Resolved! Panorama license limit

Does anyone know if a customer owns a Panorama 25 device license and wants to add device #26, will it not allow them to add the 26th device or will it?

Thx

Threat exception for selected hosts

Hi,

We have defined vulnerability group which consists of AV, Anti-Spyware and Vulnerability profile. The vulnerability profile is configured to block critical events and alert on high and med. I have a need to except few hosts which are alerting for

...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Traffic on untrust interface - problem

Resolved! Guidance in setting up ssl decryption - cert management

Resolved! Minimal Hardware requeriments for User ID Agent

Best Practices for Application Policies?

SMB Fragment Packet Found(32332)

VMWare series firewall

Yahoo Toolbar uses port 443. The application database on the PAN only looks for port 80.

Resolved! Problem with multiple Netflow profiles

Block page and SSL

Resolved! What is hidden locally on a device when being managed by Panorama?

Resolved! Application = insufficient-data?

Some of traffic logs are not converted,is it a bug ?

Alternative to sAMAccountname ,when using Ldap for Authentication

Resolved! Panorama license limit

Threat exception for selected hosts

Newly Registered Domains configuration

Panorama 11.1.8 supports Azure VM series Palo Altos

Task Manager taking few minutes to load (Slow)

CIE for user/group mapping for firewall on-premise

Changes to sinkhole?

Re: Virus/Win32.WGeneric.esuykr(752144200) via filename=msvcp140_2_app.dll

Re: Newly Registered Domains configuration

Re: Changes to sinkhole?

Re: API error messages

Re: CIE for user/group mapping for firewall on-premise

Unlock your full community experience!

Resolved! Guidance in setting up ssl decryption - cert management

Resolved! Minimal Hardware requeriments for User ID Agent

Resolved! Problem with multiple Netflow profiles

Resolved! What is hidden locally on a device when being managed by Panorama?

Resolved! Application = insufficient-data?

Resolved! Panorama license limit