General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

How to configure new ISP to make dual ISPs Active Active on single firewall Palo Alto.

Hi All,

How to configure dual ISP with both ISP is active at the same time.

Local user can user both Isp when they using Internet.

How possible ?

PA-200 PAN OS 8.1.8

Thanks. Pls Advise.

Palo Alto OSPF Graceful Restart

Is Palo Alto's OSPF Graceful Restart checkbox on the virtual router roughly equivalent to Cisco's NSF IETF method?

If I do this on a Palo Alto:

And this on a Cisco... Q:Should it work?

enable
configure terminal
router ospf process-id [vrf vpn-name ]
n

...

Comment column for custom url categories?

IP lists for edls have:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/formatting-guidelines-for-an-external-dynamic-list/ip-address-list#idd44a975a-a94a-4398-864e-5cf223f1d351

Is there a way to

...

Whitelisting a url with 2 different ip address

Just wanting to make sure I am doing this properly so it works how its accurately. I am trying to whitelist 2 different IP's and a single url https address. I am trying to do this for a specific group of users on the firewall are able to access it an

...

Resolved! PBR/PBF to DMZ then Internet

Greetings!

As title suggests, I'm trying to implement PBF to the specific destination network in Internet through a server residing in DMZ. There are three zones configured:

Inside 10.0.5.0/24 - from where traffic is initiated
DMZ 10.0.22.0/24 - where

...

Logs not been sent to dedicated log collector by some firewalls

Hi All,

I have an interesting issue of most of my firewalls not sending logs to the log collector. Have only a 20% success ratio with successful log collection thus far.

I see the below in the below:

Log Collector : 000710004755

Conn ID

...

Resolved! Can we input address range directly to security policy source and destination

Dear all,

In firewall version 8.1, Can we input address range directly to security policy source and destination? or we need to create network range object to apply in address only?

Thank you for your answer.

GlobalProtect agent error message "ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY"

Hi all,

I deployed the GP agent and user was authenticated by client certificate, most users wroks, but some users cannot pass the authentication and get the following error messages in PanGPA.log:

(T1356) 06/08/18 13:39:53:722 Info (2559): PanWinht

...

Resolved! WildFire analysis report rabbit images

Dear Team,

When my client clicks on the WildFire analysis reprot, they see the rabbit image as shown below.

Has anyone had the same experience as me?

I would like to know the cause of the symptom and how to solve it.

Thanks in advance,
Kyungjun,

Resolved! Traffic cannot return

Hi Folks I have the next topology. The problem is the return traffic when I connect via GlobalProtect and I get a client IP 10.81.235.x. This IP cannot connect with a web server that is in the LAN, but this LAN is external through a data link routing

...

Resolved! reaching Session Count Limit

Hello,

what exactly happens when the firewall reaches the Session Count Limit? Discard the new sessions? and above all as regards the globalprotect VPNs are impacted?
In my scenario I have two 5250 PAs working in HA Active / Passive and corporate VPNs

...

Proxy-id same local ip difference remote-ip in 2 tunnels

Hi,

I have 2 IPsec tunnels same local-IP and difference remote-ip how we can setup prox-id with 2 tunnels

SNMP OID for identifying if an power supply had failed or removed from the firewall

Hi Team,

We have an PA-5260 deployed in our environment.

We need to get alert on our SNMP Manager when the Power supply to the firewall failed or the power supply had been removed from the firewall.

Downloaded the Enterprise MIB file but not able to

...

Issue with network driver of PAN-OS 10.1.3 deployed in azure

Hi Folks,

We have an PA-VM-100 series firewall deployed in the Azure cloud.

We have three NIC cards mapped to the firewall interfaces which is configured as below:

NIC card 1 <-----> Management interface

NIC Card 2 <----> Untrust interface(Ethernet 1/1

...

Global Protect Redundancy

Hi,

I would like to set up Global Protect VPN on 2 sites, and have a round robin redundancy between them.

i.e. user1 logs on the GP VPN and connects to site A, then user2 connects to GP VPN and connects to site B, and so on...

Is this possible?

regard

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free