General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 520 Views
  • 1 replies
  • 4 Likes

Block Tor application traffic.

Hi

 

We are planning to block Tor application traffic in our PA device , so do we need to write security policy in both the direction  and also share the steps to block the traffic in Palo Alto device.

 

Thanks,

Yusuf

 

 

Yusuf_PA by L1 Bithead
  • 4411 Views
  • 10 replies
  • 0 Likes

radius authentication issue

After the device PA-500 is upgraded from 7.1 to 8.1.15, the radius authentication of the user name and password of the device fails, and we can only log in to the device through local authentication. After performing Radius-related configuration acco

...

Eccomtac by L0 Member
  • 1206 Views
  • 1 replies
  • 0 Likes

PAN-OS 8.0.15 issues X SNMP

We updated the 2 pair of Firewalls on last sunday to 8.0.15 and after that our CACTI stop to show the interfaces statistics from PA-5020.
Cacti is monitoring the updated PA-3020 correctly.  The issue only happen with PA-5020.


Did anyone experience some

...

mmcastr by L1 Bithead
  • 835 Views
  • 1 replies
  • 0 Likes

PBF with nat

Hi

 

So I have 1 internal address that when it goes out via the PA to the internet (SNAT) i want it us a specific route - net hop.

 

So it looks like I can't set pBF on source address (SNAT). has to be on the original address.

and I can't specify outbound

...

Resolved! Question about Active/Active HA with Layer 2 Interfaces

Hello,

 

I have read the Administrator's Guide and the Use Cases for Active/Active HA but just wanted to get some confirmation that I am understanding the requirements correctly. We have two identical Palo Alto firewalls that we want to setup HA with.

...

Global Protect new Linux UI

I have the GP Linux CLI client working without any issues, however I wanted to test the UI client that just came out (5.1.0) Does anyone know how to actually use this? The PAN documentation has not been updated to mention this new version or the Linu

...

hshawn by L4 Transporter
  • 20498 Views
  • 18 replies
  • 0 Likes

Getting PAN FW logs to Azure Sentinel

I'm currently sending FW logs to Azure Sentinel, via syslog over SSL to an r-syslog server with the Azure agent on the syslog server forwarding logs to Sentinel. I followed the documentation, format is BSD header with custom CEF format for the logs a

...

threat log.JPG

Minemeld will not start after reboot

I could really use some help here.

Our Minemeld instance running in Vmware will not start after an os reboot.  Now we are a Windows shop so I don't know where to go with this.  The error is:

 

Initalizing minemeld. It could take some minutes, please

...

Palo alto not blocking a URL

Hi All,

 

I hope all are doing well.

 

I am trying to block a URL on palo alto firewall using custom URL category but firewall is not blocking the traffic and its passing through allow SSL/Web-browsing rule just below it.

 

This is the rule i created:

 

Rule

...

Ankurdatta_0-1594630363624.png
Ankurdatta_1-1594630694984.png

GP password expiry error

Some of our users are getting password expiring msg when they are connecting via GP but when we checked their ldap accounts the password is set to never expire.PANOS version is 8.16-h2 and Global Protect Agent is 4.1.10 is there is bug.Please suggest

...

Joshan_Lakhani_0-1594884592222.png

Site disconnect and backup issue

we get a lot of site disconnects and backup reports that are constantly in a state of being disconnected this will effect performance as the connection gets closed. please advice. thanks

Resolved! Command to Not Display Names in the CLI?

In the Cisco ASA at the CLI there is a command to not display names but their IP addresses: no names.

Is there a similar command in PAN-OS; I'm using v 8.1.13? My goal is to list/export NAT policies without names as the individuals who will review thi

...

TCP-RST-FROM-CLIENT

Hi,

 

I have allowed a FTP session. However, the FTP session does not connect. When I search the logs, the traffic is allow however the session end reason is tcp-rst-from-client.

 

Please advice.

 

Thks and Rgds

AhDon79 by L0 Member
  • 28250 Views
  • 14 replies
  • 1 Likes

global resource counter appid_post_pkt_queued

Hello,

someone know what means this counter increasing?

appid_post_pkt_queued    4294967293 826432036 info      appid     resource  The total trailing packets queued in AIE

 

and this?

dfa_sw                   4415      849 info      dfa       pktproc   T

...

Marivi by L3 Networker
  • 1484 Views
  • 1 replies
  • 0 Likes
Top Solution Authors
Top Liked Authors