General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

GlobalProtect OnDemand mode

Hello,

We use PAN OS 4.1.1 and GlobalProtect 1.1.0, free version of GlobalProtect.

We have configured GlobalProtect in OnDemand mode.

When the GlobalProtect software starts it connects to the PA and try's to logon with the stored credentials (Username /

...

Exploit:Win32/Pdfjsc.ABS will not recognized

The new PDF Exploit "Pdfjsc.ABS", which travels with a lot of Emails (for instance: "Here is the new Elster program" - Elster is the name of a german tax program), will not recognized by PAN-Firewall. Neither on Email nor on Webtraffic, so i can atta

...

Resolved! Monitor NAT Traffic?

Can anyone think of a method to monitor the NAT Translation? The back story is this... We have remote access points that point to a public IP address and then get NAT over to the private address of the wireless controllers. When we migrated to the

...

incomplete action

hello

we have our own web server which we host web sites from

I have setup my incoming nat rule follow

source zone = untrusted

des zone = umtrusted

des address = my internet port ip

service = service-http

des tran = my local web server ip

Security rule

sou

...

High Dataplan CPU PA2050-4.1.6

I have only 28,000 active session at this time, which isn't a lot, and my CPU is roughly between 70-80% constantly. We are in our summer semester at school which doesn't have a lot of users on our network. I am nervous when people return in the fall

...

Palo Alto 2020 doesn't close session when using AD authentication

Hi,

This might be a really easy thing I have missed but when we try to authenticate against our AD users instead of strictly by IP and zone it works fine the first person to log on. But then if you log off and someone else with less privilages logs on

...

Resolved! what's mean counter url_request_pkt_drop?

Hello guys.

I experienced increasing constantly counter "url_request_pkt_drop" when installed PAN to customer. PAN showed that counter means "the number of packets get dropped because of waiting for url category request"

So I think that means simply pa

...

Do the PA's cover this ?? Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could Allow Spoofing

Just wondering if the PA's have this vulnerability covered and if so where do I look to find out myself.

Resolved! Backup and restore Config

I have a PA-500 Firewall running software version 4.1 and have to make some rather drastic firewall changes due to changing ISP's and outside IP addressing. I would like to backup and save my configuration, in case I mess something up. How can I ta

...

What 's meaning of "User '' failed authentication. Reason: Thread limit reached"

Hello,

I used Captive Portal in my environment. I found log "User '' failed authentication. Reason: Thread limit reached" show on my system some time when the Captive Poratl page fail to logging in.

Which Thread has limited by the system. Could you pr

...

Skype & unknown traffic

Hello PAN,

It seems to me that in order to have skype working correctly - particually with multi-site PA's with Site2Site VPN tunnels in between - it is nessesarely to enable both unknown-tcp & unknown-udp.

At least - all our connection problems / deli

...

Resolved! Known Malware passing through PA to Client

Hello PAN,

Today I had a client get infected with the "Windows Privacy Module" Fake AV, This wasn't cought by either PAN OS or Trend Micro while a MalwareBytes scan found it and removed it no problem. Is there something more I can do to increase the o

...

Getting Syslog in through PA 500

I have a router just outside my PAN 500, ver 4.0.5. I need to get syslog information in from it for my PCI requirements. Here is my setup:

The following objects are defined:

INT-NPM Syslog server, IP address 172.15.10.8

TWC-RTR

...

URL logging in TAP mode

I have a business requirement to log URLs visited in an "out of line" manner for reporting and usage. There is no requirement to block URLs and it would be of great advantage not to use VirtualWire at this stage(still in pilot).

I understand it is not

...

Multicast Support

Hi Guys,

Does PAN support IP multicasting to allow one IP packet to be sent simultaneously to multiple hosts for use in multimedia applications and video conferencing?

I did read somewhere that multicast forwarding / routing is now supported from versi

...

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free