General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

'Unknown Error' on Commit of Network and Device Configuration

I am currently trying to find a way round the issue where by a commit causes a drop in the BGP connections that are peered with the firewall.During the testing upgraded to 4.1 to use the gradual commit but if i try and install just the Network and Device configuration from the advanced option in the commit it get the attached error - not very de...

IPsec VPN Tunnel with overlapping subnets.

Hi,Has anyone setup two PAN FW point to point that connect with the same subnets on each side. The reason for the same subnets is that we have our production network behind FW-A and a co-location network that mirrors our production network behind FW-B. This is for disaster recovery and quick turn on of machines in the event of a disaster, etc....

rate-limiting qos policy

Hi,I'm interested in creating a simple qos policy, which will rate-limit streaming applications for all users, except a group of power users.I'm assuming that I would have to create two QOS rules (policies).First one will assign streaming traffic for power users (source user = power users). In this case I would probably omit class, so that the d...

Resolved! Unusual Log entry

In the monitor tab, I'm seeing entries as sys1+[zone Name] in both the "from zone" and the "to zone" columns. What could this mean?

Can the TS Agent be pushed out via SMS or SUS?

Can the TS Agent be pushed out to the Terminal Servers via SMS or SUS?- jwolach

Resolved! SNMP to split between Panorama and traps server

I have a question regarding the SNMP server settings on a 5020.If I have specified to send SNMP to panorama and I also have a traps server listed for the same type (let's say 'informational') will the unit send to both Panorama AND the trap server?

Resolved! Ssl Exclude What for ?

I wonder when we need to use SSL Exclude option for certificate.When I try to write a decryption policy and try to test SSL exclude , I could not see any differences.I looked to pdf and it gives just that info below :SSL Exclude—This certificate excludes connections if they are encountered during SSL forward proxy decryption.Does anybody have an...

Resolved! MAC 10.8 using NetConnect issue?

Hi, I used browser to login SSL VPN portal in MAC 10.8 client. At first time,there is no any problem to connect, but second time,the NetConnect can not get any IP from PA. Just one time succesfully,I can not dial again. Do anyone have this issue? PA OS is 4.0.7

IPSEC WITH PBF

Hi guys ,I dont know what happens but when i use pbf on my isp`s , my ipsec vpn don`t traffic......what can be?best regards.

Resolved! Java 1.7.0_05 can not download SSL VPN Client application completely!!

Dears, I had updated java JRE to 1.7.x,but I can not use SSL VPN client any more. Does anyone can help to reslove this issue? My PC OS: windows 7 pro 64-bitPA500 OS: 3.1.9Browser: Firefox 14.0.1 I found the download's process always be stopped at almost 80%, just like the g...

How to block csv files download by File-Blocking

Hi All,I just want to block csv files download by file-blocking, however I cann't find it in the file types.Are there any ways to block it download?Thanks,Joy,

ELSTER and SSL decryption

In Germany one can use "ELSTER" to transmit tax reports electronically to the financial authorities. Elster is build in many ERP Systems and alike.Unfortunately the certificate used by the authorities is self signed and therefor not trusted by the PA and gets newley created by and signed by the "forward_untrust" CA in the PA rendering a communic...

Resolved! bi-direction NAT question

I have the following rule in the firewall and was wondering if I needed to create a second rule for the other direction or if the bi-directional option will take care of it for me.examplesource address :10.100.10.50 > destination address: FTPSERVERSGROUP > Source Translation: static-ip 209.165.241.88 bi-directional Basically if 10.100....

URL rewriting

Hi all,I am in front of this issue and I don't know how to solve it, can anyone help me?I have to migrate the configuration of some checkpoint security rules to a Paloalto PA-500 (panos 4.0).On checkpoint there are some rules that make URL rewriting:EX (I try to translate the rules)some rules are configured to grant access to the website. So, wh...

Resolved! Rules not applying to AD groups

Hi,For some reason my Palo Alto 2020 has stopped recognizing rules that are applied to AD user groups. My 2 User ID agents are running on the Domain controllers and are showing green on my Palo Alto box.It works if I apply the rule to a specific AD user, so I know it is able to communicate with the ID agent otherwise it wouldn't register the use...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

'Unknown Error' on Commit of Network and Device Configuration

IPsec VPN Tunnel with overlapping subnets.