General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! User-ID Agent

What is the User-ID Agent version recommended?

Globalprotect Smart Card configuration

So my company is working to setup a new PKI infrastructure with smart card logins for the users. I have looked at all the 2FA and associated articles about setting up the VPN but it leaves a lot to the imagination. I followed the steps creating the c

...

Resolved! Ping an IPv6 Link local address

Hi,

Is it possible to ping a IPv6 link local address from a Palo Alto firewall? If so, what is the syntax on the firewall CLI?

I know other platforms allow you to define an outgoing interface when pinging a link local address, but this doesn't look t

...

Resolved! Convert a physical interface to an aggregate or add a new aggregate and move associated objects.

I have two PA3050s Active/Active, where I already have E1/12 configured as type Layer 3, no sub interfaces. Is it as simple as doing the LACP configurations on the upstream switches and then converting physical interface E1/12 type to Aggregate, then

...

Can the peer identification be a local ip while the ipsec tunnel is between 2 public IPs?

Hi,

In this tunnel with a FortiGate, I see the FGT sends its peer id as a local IP and not as the IP which takes part in the tunnel ..

So I just modified the peer identification for the local PA to match the FGT private IP peer IP and the tunnel has

...

Old rules can’t edit or can’t create after rules those implemented before create my user account

I’m facing issue to edit or delete in old rules before create my user account in Palo Alto firewall when I login individually but I can do edit and delete old rules from panorama.

what will be the issue and those firewall not connected with panorama

...

Migrating from PA 500 to PA 820

Hi team

Can we directly take backup of PA 500 running PA OS 8.1 to PA 820 running PAN OS 9.0.

Thanks in advance.

Captive portal palo alto issued with chrome

Hi all

I use captive portal on palo alto just zone Lan to internet and found issued about chrome

My client have window 7,8 and palo version 8.1

Test on firefox need open firefox and click to option for login to internet

But on chorme not option for click

...

Migration FROM PA-850 to PA-3220

Dear:

Good afternoon, what is the best migration option from a Palo Alto PA-850 to a PA-3220.

Thinking for example to be able to keep the self-signed certificates in the PA-850, used for Global Protect.

Based on your expertix and experience, what is t

...

Resolved! Custom URL category *.github.com not matching/working

I read some posts here about the best way to allow github to only *.github.com IPs and I can't seem to find an easy way to do it.

If I do it this way:

Source IP – on-prem networks
Destination - Any
APP ID/Service – github/ssh/ssl/web browsing
URL c

...

Commit Lock

Hey all,

Has anyone found a way for a non-superuser to remove a commit lock?

I'm aware the official line still seems to be only a superuser can remove the lock, and this is definitely the case in PANOS 9.0 but hoping there might be a way to have this a

...

VM Series validation Failed

where to check to troubleshoot the VM Series issue, as we are getting errors for the VM Series Plugin validation Failed. Please suggest if there are any specific logs or packet capture we have to look into.

Error : - Resource-mgr-endpoint is invail

...

PA-3260 PAN OS 10.0.7 "Source User" Not Working

Hi - Trying to configure/setup source user however it is not working.

I configured my 2 domain controllers under Device\User Identification and added a valid domain account ,they show as connected.

All other settings are default , I am not sure what el

...

Cobalt Strike IPs and Application and Threat Updates

PAN provides anti-spyware signatures for Cobalt Strike Payload Traffic Detection and Cobalt Strike Beacon Command and Control Traffic Detection that are automatically downloaded to our PAN firewall. I also use the four External Dynamic Lists that PAN

...

Resolved! How to select firewall model

We are planning to have new firewall pair at one of our branch offices. Now we need to decide which model we should buy? Could you please help to know on which parameters we should decide our approach? We also need to consider future requirements and

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free