General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Internal Host detection - Needed refresh connections in some devices

Hi, We enabled "Host internal detection" because user in company complanining about GP was taking the cursor. After configurin "Internal host detection" the GP stop taking the cursor but there are some users which its necessary to "Refresh connection" in GP to be efective. Any idea? why some users can need to "refresh connection" in GP?

Please help clarify about action of DoS protection policy.

We understand DoS protection works when we set action Protect. We need to know the benefits to setting action Allow and Deny. Because we think that option is the same as normal security policy. Thank you.

Resolved! Log quota utilization

Dear All, We have deployed a PA3220 firewall. Please let me know a command that I can use to check how much utilized from allocated quota for traffic log and I know I can use >show system logdb-quota to check retention date. I am looking a for a command similar to this that gives how much have been used from allocated quota. I would really ap...

Resolved! CLI to create Address Object and Address Group

I need to create 800 IP address and Address group into Panorama. May I know what is the CLI command able to help me to do it ? I have tried below command but return as invalid. set device-group D-DMZ address H-xx.xx.xx.xx ip-netmask xx.xx.xx.xxUnknown command: set #CLI Panorama

TS Agent is not working

I have installed TS Agent v10.0.0 software (x64 bit) on a Windows server in a Citrix environment. I have also configured on the Firewall the IP address of the TS Agent Server, I have allowed the firewall policies to grant access from Firewall to TS Agent server, and I can see the traffic is allowed. However, the TS Agent server is not connected...

PANOS 10.1.2 TACACS stops responding - needed reboot

I have an issue I was hoping to get some feedback on. I manage 27 different Palos and also Panorama. I have one FW that stops responding to the 2FA setup with TACACS+. All the devices are the same configs and all running 10.1.2 code. A simple reboot solves this (Band-Aid). I am curious if anyone else has seen this behavior?

Resolved! Upgrading site-to-site IPSec tunnel tunnel tonight - no PRF option

We're upgrading a VPN tunnel to IKEv2 between a Cisco FTD 2140 and a PA-850 running 9.1. What I've noticed is that the PA doesn't have an option for PRF on phase 1. Does the PA automatically make this the same as the integrity algorithm? Is there some other way to configure this? Thank you.

Palo Alto admin UI single sign on with Okta

Configured the Panorama SAML authentication for Admin UI SSO integration with Okta.I followed the Okta/Palo Alto single sign on setup instruction. Here SP(Palo Alto) will initiate the SSO and Okta will acts as an IDP.https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Palo-Alto-Networks-Admin-UI.html?baseAdminUrl=https://gpmedicare...

Resolved! Adobe cloud whitelisting

I found some docs on whitelisting for adobe cloud which could be handy: Includes a whitelist: https://helpx.adobe.com/content/dam/help/attachments/Creative_Cloud_for_enterprise_Service_Endpoints.pdf Background http://wwwimages.adobe.com/content/dam/Adobe/en/devnet/creativesuite/pdfs/ControllingSvcAccess.pdf It could be handy to have this...

Nat out to internet with overlapping subnets in two separate virtual routers

Below is an example diagram of my scenario. We have a subnet that is part of our production network, and then we have the same overlapping subnet for testing and disaster recovery which exists in a separate virtual router. I've oversimplified the drawing, so hopefully this makes sense. For testing purposes, the overlapping subnet in virtual r...

Screen Shot 2022-02-02 at 3.36.37 PM.png

Resolved! User-ID - LDAP - Different domains at samAccountName and userPrincipalName

Hello all, the following problem: A Sub-AD-Domain in a forest with different domains at samAccountName and userPrincipalName. samAccountName: domain01\user01userPrincipalName: user01@domain02.com Dial-in with Global Protect via SAML with user01@domain02.com PA recognizes user as user01@domain02.com. All rules based on User-ID don't work, because...

Panorama VM - Decrease Size

Hi Community, I got a customer who has a VM Panorama with 1 TiB of local storage.Now we have a SIEM solution installed, where the long-duration logs are stored, so the Panorama disk storage is oversized now. I know there's a guide to add disk space to Panorama VM, but no solution to decrease space. Does anyone know, if there is a solution to def...

GloablProtect WFH Split Tunnel Domain-Include issue

this semi coincides with the zoom discussion I've setup Split tunnel and added a bunch of domains *.whatever.com into the split tunnel include domain tab. This works half the time and the other half not at all. I've tested on mac and windows. I'm also seeing zoom traffic across my vpn tunnel even though I have excluded the domain names and zoom...

Resolved! Any way to throttle MS Updates

All of our instant clones decided to update this morning and it's killing my Internet pipe. Is there a way I could limit the amount of bandwidth us for MS Update? Something fast and easy?

Wants to explore paloalto

I'm collage student and for knowledge purpose I want explore your product.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Internal Host detection - Needed refresh connections in some devices