General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

QoS and IPSec

Hi All,

I would like to enable QoS on an IPSec tunnel. The tunnel is carrying mostly voice and signalling traffic.

If the voice traffic has a marking, eg EF, will this marking be copied to the outer IP header (the IPSec tunnel header)?

Or, will I have

...

After Apply SELF-SIGNED ECDSA CERTIFICATE IN SSL/TLS PROFILE Cannot Access to Management Interface

I have a HA Firewall Active/Passive. Due to certificate is already expired I have exactly follow below guide to create my Self Sign ECDSA Certificate and apply it to my Passive firewall. The issue is when the passive firewall is in HA mode that time

...

Resolved! Expedition: Export - Base Configuration Output

Export in base configuration output screen Device-Groups does not show arrows to expand organizational groups and sub groups. When trying to import from Panorama 10.0.

Currently running Ubuntu 16.04.6 and the Expedition shows 1.2.15 but had error mess

...

Auto Scailing PA VM Series on AWS without Panorama

Hi everyone,

Currently, I'm trying to design an auto scailing with VMSeries on AWS.

The official template from PA is required with Panorama.

Anyone have a suggestion with ASG & Warm pools for VMSeries without Panorama?

PA Firewall Performance Chart

Spoiler

Looking at the comparison chart, if I was interested in the 3430 and I use SSL decryption, threat prevention\wildfire\URL filtering and IPSEC vpn does that mean I would get roughly 9/2 Gbps or 12.2 Gbps?

Looking at the comparison chart, if I wa

...

WMI On server 2022 for USER-ID

Hi There,

Have a pair of PA-3220s. User-ID was working swimmingly. Recently upgraded our DCs to Windows Server 2022 and WMI is routinely failing and showing "Not connected" under server monitor.

Doing some reading on WMI and Server 2022, and it sound

...

Resolved! SSL certificate for passive firewall

There is an active passive pair having SSL certificate (management only) with different CNAMES (its own management IP).

While the CSR generation and certificate import (signed by ECA) is successful on active peer, the CSR generated on passive peer is

...

Resolved! IPSEC VPN - app-id

Hello all,

We have a software ipsec connection that will be between an inside server and a server in the cloud. The PA will just be a pass through so to speak, (nating and security rule).

The ipsec requires UDP 500 and 4500 and the IP 50 protocol. Do y

...

PA-5200 MIB file for SNMPv3 need them for monitoring

PA-5200 MIB file for SNMPv3 I need them for monitoring I find them here:

https://docs.paloaltonetworks.com/resources/snmp-mib-files.html

but the file type is .md5 and .my, but I need file type .mib or .smi to work in the monitoring software.

Where I ca

...

Bulk way to search logs for many IPs?

I have a list of over a 100 IP addresses that I would like to search logs to see if there has been any activity. Is there a way to search the logs files by feeding the FW a file containing the IP addresses? Thank you.

Resolved! using Azure MFA with Global Protect

Hello,

To configure Global Protect to use our already Existing MS MFA server, I followed this KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkkCAC

I think I had to do one or two extra things as well, but in any case

...