General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! A customer has a question about the pa-5220 they are using.

1. Customers want to use nat. How many ips can be assigned to snat and dnat respectively?
https://www.paloaltonetworks.com/products/product-comparison?chosen=pa-5220,pa-3260
According to the address above, pa-5220 can use up to 6000 nat rules, I wonder

...

Signature Policy in Anti Spyware Profile

What does Signature policy in Anti Spyware do, and what does "Default" in Action do.

How do i get a new employee added to the contract

How do i get a new employee added to the contract.
Telstra CSP = 158687
Telstra NSP = 178860

No packet capture files are generated on pa-3060 that customers are using.

Hello.

I have been contacted by a customer that there is a problem with packet capture.

I know that executing a packet capture command triggers packet capture, and generating a pcap file containing captured packets is generated when the traffic you wa

...

Resolved! PAN-OS GP SSL Cipher Selection

PAN-OS 8.1 seems to lack the capability to perform fine-grained configuration of cipher suite selection and prioritization for GlobalProtect VPN functions.

I ran a fairly detailed SSL functionality assessment on a configured TLS v1.2-only GP gateway

...

Resolved! MS Autodiscover Flaw - Vulnerability

Hi All,

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers

Domains that we need to block are listed here:

...

Resolved! Template Variable IPv6

Hi All,

Does anyone know how to configure an IPv6 address as a template variable? As soon as I put a : in the CSV it throws a fit when importing it.

Thanks,

Kev

Resolved! Block and Allow internet access for VLAN in switches sitting behind PA FW

Hi Support,

We have configured additional VLAN in our cisco core switches sitting behind PA FW.

I want to allow and block internet in certain VLAN, eg VLAN7 to allow and VLAN70 in the switches to block internet access.

Any procedures and where to check

...

Resolved! Where to Write Security Policies with a Site-to-Site VPN

Hello,

We have a pair of 3200s on our main site, and have added an 820 at a remote site to bring up an IPSec tunnel between the two.

When I initially set the remote site up, I decided to have all the security policies controlling what access the remote

...

Does NAT64 works for inbound NAT

Currently we have configured inbound NAT for DMZ application which is on ipv4. Public ip used for it is ipv4.

Due to some requirement client from outside network will be coming from ipv6 public ip to access the application. In this case our nat is no

...

Is my firewall hacked already ?

I have a PA3020 with 7.0.5-h2 PAN-os version. I noticed that it have a lot of DNS traffic sent to strange IP address.

when I running

show system resources command.

I found strange process nginx and two syslog-ng there. Is it normal, how to get rid

...

Resolved! Filters more advanced and detailed, How do I find more information?

Hello everyone,

anyone know, how this filter works (addr.dst notin 10.1.1.1) and (addr.dst notin 10.1.1.2) and (addr.dst notin 10.1.1.4), I don't understand this word "notin",

it exists any website to review filters, more advanced and detailed.

I wil

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! A customer has a question about the pa-5220 they are using.

Signature Policy in Anti Spyware Profile

How do i get a new employee added to the contract

No packet capture files are generated on pa-3060 that customers are using.

Resolved! PAN-OS GP SSL Cipher Selection

Resolved! MS Autodiscover Flaw - Vulnerability

Resolved! Template Variable IPv6

Resolved! Block and Allow internet access for VLAN in switches sitting behind PA FW

Resolved! Where to Write Security Policies with a Site-to-Site VPN

Does NAT64 works for inbound NAT

Is my firewall hacked already ?

is it possible to limit destination ip address with in time frame

Upcoming Event: Design and Deploy The Zero Trust Enterprise

Something aking to | sort | uniq -c | sort -nr

Resolved! Filters more advanced and detailed, How do I find more information?

Push Scope isn't showing and Commit button grayed out after upgrade Panorama

PA Active/Passive and Cisco stacking LACP

Single pass parallel processing

Does anyone know the API XPATH to load partial for static routes?

GP - Connect with SSL Only

SYSTEM ALERT : medium : MLAV: Unknown error

Re: ACC shows ipv6 addresses in source/destination IP

Re: Quick upgrade query

Re: Certificates not showing under Devices Certificates or CLI

Re: Telemetry decided to stop sending

Unlock your full community experience!

Resolved! A customer has a question about the pa-5220 they are using.

Resolved! PAN-OS GP SSL Cipher Selection

Resolved! MS Autodiscover Flaw - Vulnerability

Resolved! Template Variable IPv6

Resolved! Block and Allow internet access for VLAN in switches sitting behind PA FW

Resolved! Where to Write Security Policies with a Site-to-Site VPN

Resolved! Filters more advanced and detailed, How do I find more information?