General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Whitelist Java Traffic

Good morning,

I am relatively new to the PA's, but was wondering if there was a way to have a list of URL's & domains to whitelist Java traffic & block everything else? And if so, can I then write any kind of regex to match specific java versions, sa

...

Site to site vpn issue

Dear Team,

I have one site 2 site VPN tunnel b/w Paloalto and cisco. some time i can see the tunnel is going automatic down and after some time it will come automatically.

I have checked ikemgr and system logs but i am not able to find exact issue why

...

Resolved! Multiple Virtual Wires - PA Firewall - TP (IPS)

Hi,

I hope it works but looking for confirmation.

In PAN-OS with PA-5450, can we have multiple virtual wires configured e.g. 3 pair of interfaces configured as 3 virtual wires.

Use case is PA NGFW deployment as inline IPS protecting 3 separate segmen

...

I would like to know whether Palo Alto support crowd strike antivirus endpoint monitoring ( Antivirus update check ) before connecting any user to VPN

I would like to know whether Palo Alto support crowd strike antivirus endpoint monitoring ( Antivirus update check ) before connecting any user to VPN network or not.

If yes, Please let me know document for deployment steps.

Resolved! Meraki VPN Registry Traffic Not Visible in Traffic Logs But Can See in Session Browser

I am running the PAN as a vWire and trying to send traffic to
Meraki VPN Registry at port 9350. Why does this traffic show up in Session

Browser but not in Traffic Logs?

IPSEC tunnel Intermittent disconnect between onprime PA-5250 and and VM PA hosted on Azure.

Hello all,

Need help.

We're experiencing unsual IPsec tunnel disconnect between our main firewall PA-5250 and VM series hosted on Azure.

PA-5250 - Version 8.01 - Static GW IP address 2.2.2.2

VM series VM:- 10.0.7 - Azure01 - GW IP is dymanic represent

...

on hold 3 1/2 hours ...is Palo closed today? This is unacceptable....we pay BIG $$$ for premium support

Use case for "Custom Include/Exclude Network Sequence" in User-ID

Having dealt with it recently, I can't really understand the reason why the "Custom Include/Exclude Network Sequence" section on User-ID integrated agent configuration exists, instead of more common "Move up" / "Move down" buttons.

As far I have unde

...

Find object tag in Rules?

I am trying to get rid of FQDN objects that no longer resolve (1000's BTW). Problem is that you can't delete an object if it is in a rule or address group. I can tag all the objects via command line which is great, but how can I see all the rules whe

...

Resolved! Telemetry cant connect : Server is not reachable

Hi Support,

The telemetry unable to connect to server.

-Device Health and Performance

-Product Usage

-Threat Prevention

All same error

Status : Failed

Reason : Server not reachable

Follow in https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA

...

Setting Up PA220 for Home

Hi,

I'm trying to get my PA220 up for my home use.

Right now it's plugged into a router, and I am plugging a laptop into the second ethernet port.

I went through instructions here:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0

...

Error querying OCSP responder

We have an issue with the R3 root certificate caused by the OCSP Certificate Revocation Checking within our decryption profile. We're seeing all sites using this certificate being blocked due to unknown issuer. When we run the "debug sslmgr view ocsp

...

are you permitted to remove all local admin accounts pan-OS 9.1 or higher?

hello all,

I'm a PA noob who has recently just transitioned to a team that has a pretty heavy backlog. sorting through it, I see another team has requested that we remove local admin accounts from our firewalls. to my knowledge, the only local account

...

Website access issue

Hey team,

The site is showing in cryptocurrency and getting blocked (https://www.tradingview.com/).

As the checked site is showing under 3 categories and we do not want to allow cryptocurrency.

As a workaround, we added the site into the custom categor

...

Resolved! Rename Device Group

Hi,

We've just 'merged' policies for 2 set of devices in a same Device group and would like to rename Device Group to indicate the list of devices. For example :

Original :

Device Group AU - au-pa01, au-pa02 (active/passive)

Device Group NZ - na-pa01,

...

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free