General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

add policies to local vpn users

HiCan I add policies for specific local VPN users? - I can't add them from the source "users" field?I am running PA500 4.1.1Thanks

When does a rule go unused

I have a number of rules that are showing unused. I've read the threads on the counter resets etc. but I'm still looking for a definitive answer - hence my post. When does a rule become marked as unsed? Is it after a month, 2 months, a year, since boot? Is there a setting I can adjust to say a rule is unused after X amount of time?Thanks,Bart

Blocked Applications cause Reset, not Block Page

On our firewall users are getting 'Connection Reset' errors in their web browsers rather than the 'Blocked Application' page.While the end result is the same, it makes debugging connection issues a lot harder! Am I doing anything wrong - an application that matches a 'Drop' rule should display a Block page if it's a browser based app?Rgds

VPN and client proxy

Hi Does anyone know how to force PC clients that have authenticated to the PA using Global Protect (non licenced version) to use a particular proxy server. ThanksRod

Resolved! Local DB User Name Character Restrictions

Hi All,I noticed that when creating a Local DB User you are not allowed to use a "." (period) in the name, have have not had a chance to test this but does this extend to user name in AD or similar external databases or is this just a limitation of the Local User directory?This is on version 4.1x of the OSMarc

Thinking of upgrading to 4.1.0

We have two 2050's in an active/passive cluster running 4.0.5. We are looking to upgrade to 4.1.0. Had anyone had any negative experience with this version - particularly related to the SSL-VPN changes or User-ID functionality? I've heard a few things that have made me wary.Thanks!

Resolved! Wildfire

Hi I've a couple of question re wildfire.1. I've configured my device to inspect .exe and .dll files and selected the aciton continue and forward under the file blocking policy. When I try to download a .exe im promoted with the message that the file has been blocked due to a company policy. There is no continue option. I've uploaded the default...

Resolved! View Log Size

Is there a way to determine the space size of log files? What is used and what is available? PAN OS 4.0.9

Does the captive portal only stop http traffic on port 80

Just noticed that CP only pops up for port 80, any website that uses https or any other port doesn't seem to be prompted with CP. is anyone seeing this, is this normal?

PAN 4.1.1 Global Protect client and LDAP

I am running 4.1.1 and I am having issues authenticating Global Protect 1.1.1 clients via AD. I know my LDAP server settings are correct as I can browse the workgroups in User-ID Group Mappings. Howver I can't browse these in the 'allow-list' in the authentication profile (the only option is the ALL default.With AD I get 'invalid username & ...

PA 5050 Virtual System

I am configuring PA 5050 firewall. I have to configure Virtaul systems in this Firewall. Anyone can guide me for this configuration.

user-identification for VLAN Traffic

Hi Guys,I am just wondering if any one could help me out on this as I am slightly lost creating and troubleshooting for the following issue: It has been noticed that not all traffic had a user-id and it seems that any traffic originating from a VLAN goes down as “unknown” user. So my question is, how can we make the PAN aware of the VLANS so t...

Quarantine functions

I have a customer who is familiar with ISS Proventias. This customer is trying to match capabilities of the ISS to PA. I have answered all his questiosn/ matchups with IPS rule to a Vulnerability Protection policy+ Malware/Spyware policy, but I am not sur ehow to address this quarantine question with him.In the ISS Proventia, you can set a t...

VPN tunnel to Cisco ASA via GUI?

I need to setup a VPN tunnel with a Cisco device which we don't control or have any access to.The intention is that I can allow a group of IP addresses on our LAN to have access to resources on the other side of the tunnel.These are the settings that I've been given by the people who own/control the other side of the tunnel: Phase 1ISAKMP Identi...

Resolved! NAT to server on DMZ?

I have a PA-500. Our public block of IP addresses come in on Ethernet1/1 (Untrust Zone). I have no trouble NAT'ing in an outside IP to an internal device that is physically connected to a network on Ethernet1/2 (Trust Zone). Now, I created a "dmz" on Ethernet 1/4 and I gave the interface the address of 10.4.1.1. I put a client on this network...