General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Custom URL Issue

Hi all,

I had an issue where a client created a Custom URL category with multiple of URLs and added it in a Security Rule, all of the URLs specified in that custom category is matching except one URL with wild card such as *.sometechnologies.com.

I'm

...

Cant upload Wildfire update after manually activating the license

Cant upload Wildfire update after manually activating the license, we are getting ready for PA migration (replacing old PA with with new) hence new PA firewalls are not connected to live environment and doesn't have internet connectivity. config was

...

Resolved! Transfer Configuration from PA-3020 to PA-850 Without Panorama

Has anyone cloned configuration from a PA-3020 HA pair in active/passive mode to PA-850's that aren't managed by Panorama? Maybe not those specific model numbers even? I'm not familiar with Panorama, and have searched here, and online but all I find

...

Resolved! Application Override Question

Hi All,

I got this question from the learning center for the PCNSE practice exam. Dont know if its allowed to post the screenshot here.

From my understanding of using the application override, the firewall stops any further content inspection. It wa

...

Resolved! VPN Issue on interface subnet change

Hi All,

Help here will be appreciated.

I am migrating a pair of PA-5220's to Active-Passive as they are currently Active-Active. First job in the task is to change the interfaces from /30 to /29 subnets. This is to ensure that both firewalls sit withi

...

Resolved! Allow a more specific path of a Blocked URL

Hi All,

I'm trying to determine if this is possible.

We are blocking abc.company.com via an entry in a custom url category which is applied to the internet policy via a URL filtering profile.

I need to allow abc.company.com/specificpath while still b

...

Resolved! Configure DHCP reservation on Global Protect user

Hello Community,

Is there a way on the PALO ALTO that we can do DHCP reservation while using the Global protect client VPN.

As of now we don't have any DHCP relay on the PALO ALTO. The PALO ALTO is the one providing IP address for the global protect u

...

Resolved! Whitelist Java Traffic

Good morning,

I am relatively new to the PA's, but was wondering if there was a way to have a list of URL's & domains to whitelist Java traffic & block everything else? And if so, can I then write any kind of regex to match specific java versions, sa

...

Site to site vpn issue

Dear Team,

I have one site 2 site VPN tunnel b/w Paloalto and cisco. some time i can see the tunnel is going automatic down and after some time it will come automatically.

I have checked ikemgr and system logs but i am not able to find exact issue why

...

Resolved! Multiple Virtual Wires - PA Firewall - TP (IPS)

Hi,

I hope it works but looking for confirmation.

In PAN-OS with PA-5450, can we have multiple virtual wires configured e.g. 3 pair of interfaces configured as 3 virtual wires.

Use case is PA NGFW deployment as inline IPS protecting 3 separate segmen

...

I would like to know whether Palo Alto support crowd strike antivirus endpoint monitoring ( Antivirus update check ) before connecting any user to VPN

I would like to know whether Palo Alto support crowd strike antivirus endpoint monitoring ( Antivirus update check ) before connecting any user to VPN network or not.

If yes, Please let me know document for deployment steps.

Resolved! Meraki VPN Registry Traffic Not Visible in Traffic Logs But Can See in Session Browser

I am running the PAN as a vWire and trying to send traffic to
Meraki VPN Registry at port 9350. Why does this traffic show up in Session

Browser but not in Traffic Logs?

IPSEC tunnel Intermittent disconnect between onprime PA-5250 and and VM PA hosted on Azure.

Hello all,

Need help.

We're experiencing unsual IPsec tunnel disconnect between our main firewall PA-5250 and VM series hosted on Azure.

PA-5250 - Version 8.01 - Static GW IP address 2.2.2.2

VM series VM:- 10.0.7 - Azure01 - GW IP is dymanic represent

...

on hold 3 1/2 hours ...is Palo closed today? This is unacceptable....we pay BIG $$$ for premium support

Use case for "Custom Include/Exclude Network Sequence" in User-ID

Having dealt with it recently, I can't really understand the reason why the "Custom Include/Exclude Network Sequence" section on User-ID integrated agent configuration exists, instead of more common "Move up" / "Move down" buttons.

As far I have unde

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free