General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

webserver service stopping

webserver service in palo alto stopping after certificate renewal and trying to access GUI. CLI is working. Tried restarting webserver service and management plane. But its stopping as soon as we try to access GUI and unable to access

Resolved! Captive Portal for Known users

Hi Team,

Can we enable captive portal for the known users ?

Like for internal users.

Resolved! Push Global Protect to the clients

We are currently managing Global Protect clients installation manually on the systems. So there any better way to manage the GP agent push and updates?

Resolved! Palo Alto firewalls alerts

Hello,

Recently we have started working on enabling email alerts for our Palo Alto firewalls. One of the alert is for interface and HA status change alerts. Could you please let me know what can I do to enable same? Do I need any external tool for it

...

Resolved! Vulnerability protection profile change symptoms

Dear Team,

When the firewall checks the policy, the Vulnerability protection profile is displayed as an Exclamation mark.

The OS is using 10.0.4.

I searched all bug-ids from 10.0 to 10.2, but couldn't find anything matching the symptom.

If y

...

Tenable Scan on Palo Alto firewall / Panorama

Hi All,

Are Tenable vulnerability scans (see below) on Palo Alto firewalls / Panorama resource intensive for the PA devices? Does this cause high DP or MP issues?

https://community.tenable.com/s/article/How-to-perform-a-compliance-scan-on-a-Palo-

...

NATting to a VM PAN secondary gateway behind a physical PAN

I've added a VM PAN to allow more Global Protect connections. It's working well for my cert based GP users.

In the example below GP connects to 5.5.5.5, the 3220 PAN NATs that to an address on its DMZ 10.100.100.10

and the tunnels for like a champ. Th

...

Resolved! http/2 connection session id

Dear Team,

I have a question while checking the traffic log.

In general, we know that each id is created when the session is created.

However, the http/2 connection session id is identified as the same id.

I know that when the session id is input acc

...

HA Pair Config Sync issue

When we try to manually Sync the Active/Passive. HA Pair has local config sync error. This error is trying to sync the config between the two devices, but it's trying to sync local config (ie. management config) and not policies. I don't believe it s

...

Failed to backup mongo DB after upgrading to 10.1

Dear community,

After upgrading Panorama to Pan-Os 10.1 we get the following system log daily:

"Auto mongo backup: Failed to backup database 'pan_ms' collection 'msak':"

Any idea what is this error about and how to "silence" it?

Many thanks in advance

...

CLI - Regex with "?"

Hello all,

Does anybody know how to use a Regex that contains "?", obviously that doesn't work because that automatically triggers the helper?

For example, I'm trying to filter results for a certain CLI command using this:

| match (?s)(word1.*?)(?=wor

...

External Dynamic List error

Hello,

I have configured External Dynamic Lists by using Minemeld a few month ago. It was workinf fine.

The lists are available (tried from a web Browser)

I noticed that I have following system logs for a few weeks :

Unable to fetch external dynamic

...

Resolved! Palo FW setup site to site

Hi All,

We have a HA fw 3220 in our environment and our partner want to access some of our resources. They propose a PA-440 fw + small 12-port-Cisco 3560 in between the two sites by dark fiber.

Just wonder if you can setup FWs back to back instead of

...

Configure NTP to pull from AD server on window server 2019

Hi Everyone,

Can we configure NTP to pull the time from Window Server 2019 base AD server? I configured already and it seen to be able to reachable but unable to sync. There is no authentication configure. I tried the same on Cisco Switch and it able

...

Resolved! Wildfire info failed

Constantly (every minute) getting this error from Panorama, currently running on Panorama v10, having difficulty to find the details what records are not found.

SYSTEM ALERT : high : Retrieving Content 'WildFire' info failed with error 'No record...

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free