General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

DUAL Dynamic IPSEC Tunnels single VR

Hi , have 2 dynamic isp at site 1 with single vr and ECMP and 1 public ip at site 2 paloalto at OCI cloud , i have setup dual tunnels from site 1 to site 2 but its not stable at all , both tunnels will be up but if we simulate failover using either

...

Resolved! DNSSEC broken for updates.paloaltonetworks.com

My organization uses the MS-ISAC MDBR public DNS resolver service. I received reports that this service was unexpectedly blocking resolution of updates.paloaltonetworks.com. I inquired and received the following explanation:

"The DNSSEC for that domai

...

Traffic logs only available for last 9 days on PA 3220

On my PA -3220 SW version: 10.1.2, /opt/panlogs/ is around 74% and 32 GB space is available out of 126 GB in panlogs.

I have verified the traffic logs and also generated the user activity report, they only show traffic logs for last 7-9 days. Also,

...

can not select asset in support case page

I click get help but

but can not select asset though I have asset , i use chrome browser, it show asset , but can not select asset

then i try edge browser which even can not show get help page, worse than chrome

I am new user and bought new pal

...

Panorama Upload/install fail

Hi,

We are having task failed for the task: "UploadInstall". I attach a screenshot:

We dont know why this task is failing. What is the means for this task "uploadinstall"? where can we know why is not being completed?

Resolved! Windows-Based User-ID Agent for User Mapping issue

We are using Windows-Based User-ID Agent for User Mapping. But For last few days, for some users Paloalto FW shows U-ID mapping as below instead of actual username. If anyone can explain this behavior it would be appreciated.

Resolved! PCNSE certification for v10

Hello,

Does PCNSE certification available for panos 10 also or currently it is for version 9.x only?

I am planning for the certification so need help.

Resolved! IPSec Tunnel Works with Static Peer, but not with Dynamic FQDN Peer

Hi,

I have an IPSec tunnel up and running with no issues using a staic IP for the peer in the IKE gateway, but it won't work when I set it to Dynamic and use the FQDN (hostname).

When I ping from the command line it translates to the correct IP, an

...

NEW LOGGING DISK ADDED IN PANORAMA VM IS UNAVAILABLE AND ADMIN DISABLED

Dear Team,

We have a fresh install of Panorama and we are using Panorama mode.

after that, I tried to link 12 disks of 2TB capacity, but only 11 disks are linked.

One disc that is not linked is displayed as shown below.

Name : sdb
State : Pres

...

Resolved! When does the user cache disappear if the ldap integration is broken?

Hello all,

If the firewall loses LDAP integration, how long does the firewall have cache for USER information?

Thanks,

Resolved! What does No Direct access to Local Network actually do and when do we use it??

Team,

Can anyone please explain SIMPLY to me what the "No Direct access to Local Network " under Global Protect actually does and mostly when are supposed to use it?

This is so confusing to me. I know there is a KB for this but the KB seems to con

...

session end reason as 'Threat'

hello everyone,

Firewall is showing session end reason as 'Threat' in traffic logs for the traffic blocked under url filtering profile. this is showing repeatedly, i'm afraid is consuming the Data Plane CPU. IT could be the action of blocking or

...

User ID: Problems since updating PANOS and User ID Agent

About a month ago, I upgraded PAN-OS on our main PA-3050 HA cluster from 7.0.8 to 7.1.8. This also required an update of the User ID Agent I had installed on a Windows 2012 R2 server from a 6.0.x version to a 7.0.x version; I upgraded to version 7.0

...

Resolved! decryption rule

Hi Everyone,

I want know how we can check which decryption rule is being used for a particular traffic.

Thanks

Virender

Resolved! App-ID

Good Morning,

I am currently working with a PA 3220 firewall that has no licenses. Does App-ID work right out of the box without a license? On security policies I see under the ‘apps seen’ column it is identifying apps. If you use the apps found unde

...