General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Palo Alto troubleshooting tool for IPsec

Hello

I established an Ipsec tunnel (policy based) between palo Alto and Cisco FW.

phase 1 & phase 2 are up and running but trying to transfer data, fail.

Capture packet (merge recieved and transmit) shown

Source : SYN

Dest : SYN ACK

And then Dest : retr

...

Resolved! Upgrade Minemeld Ubuntu 16.04 to 18.04

I tried a do-release upgrade on Ubuntu 16.04 LTS and it took me to 18.04 LTS without issue. However minemeld says "Bad gateway" when I try to log into it. I tried to check for updates and figured maybe the source would be changed from xenial-mineme

...

Resolved! Syntax for security policies without security profile

Hi all, in my security policies on a PA-firewall (or in panorama) I want to be able to filter out all the security policies which have no security profile(s) .

I tried a few combinations in the line of (profile-setting/profiles eq 'none') but alas, n

...

How to check what zone a subnet belongs to?

Is there anyway to check what zone a subnet belongs in if there are multiple zones on the firewall?

Preferably through the GUI?

Resolved! Got error when creating Application object

Hi I am adding a Application object and got the below error message. Anyone can give a suggestion to resolve it? Thank you

macOS Big Sur 11.6.2 - Global Protect 5.2.8-23 - Connected but Internet is not actually working

Hello all,

I received from work a MacBook Pro with macOS Big Sur 11.6.2, I've installed the GlobalProtect 5.2.8-23 which is the only one that I had access to, and it seems like whenever I connect the GP, the connection is successful but there is no In

...

tcp ping from a firewall command line?

From the command line of a next generation firewall i can use 'ping host blah'. Does the CLI have a command to ping a destination via TCP? Or some other tool to do the same?

Blocking Torch browser

Hi All,

I would really appreciate if some one can help me on this.

I am planning to block Torch browser through a firewall rule, using App-ID. But as per information in the community we cannot entirely block the functionality of Torch browser using A

...

Resolved! How to check which PAN OS is compatible to my virtual hardware or Physical hardware ?

How to check which PAN OS is compatible to my virtual hardware or Physical hardware ?

I would like to know minimum hardware requirements for PAN OS versions 9.1,10.0,10.1.

Kindly let me know it for both Virtual and physical Panorama and firewalls

...

Log Forwarding

Hello everyone,

Before the question, the context.

I have a panorama wich managed a lot of devices groups. we have a lot of rules for them. Which all these rules uses the default profile for log forwarding.
I have a new syslog server and i need to forwa

...

Custom Vulnerability Signature to block older versions of Chrome

After reviewing this KB article:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSOCA0

It looks like you can create custom vulnerability signatures for named browsers.

Could you also do that to limit browser access via a

...

Match next line at cli

Is there a way to match the next "X" number of lines when piping to match at the cli?

I am entering:

show zone-protection zone outside | match udp

and would like to show the matched line and the next three.

This would be analogous to grep -A 3

Cheers!

Zone protection profiles disadvantage or drawback

Hi All

Can anyone tell me the Zone protection profiles disadvantage or drawback

Resolved! Reconnaisance Protection - Action Alert

Hello,

I configured zone protection, (reconnaissance protection), and enabled the tcp\udp port scan and host sweep and chose the default as action "alert".

Afterwards, I noticed in the monitor logs this vulnerability appeared, "ZGrab Application Layer

...

Need example of Configure IPSec VPN with Source NAT

Hello,

I'm attempting to setup a few remote sites to a Hub site all sites have a Palo Alto 3260 firewall. All remote sites have the same internal IPs and subnets on the Trusted side and I'm needing to connect all sites using a IPSEC VPN. I would li

...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Palo Alto troubleshooting tool for IPsec

Resolved! Upgrade Minemeld Ubuntu 16.04 to 18.04

Resolved! Syntax for security policies without security profile

How to check what zone a subnet belongs to?

Resolved! Got error when creating Application object

macOS Big Sur 11.6.2 - Global Protect 5.2.8-23 - Connected but Internet is not actually working

tcp ping from a firewall command line?

Blocking Torch browser

Resolved! How to check which PAN OS is compatible to my virtual hardware or Physical hardware ?

Log Forwarding

Custom Vulnerability Signature to block older versions of Chrome

Match next line at cli

Zone protection profiles disadvantage or drawback

Resolved! Reconnaisance Protection - Action Alert

Need example of Configure IPSec VPN with Source NAT

Does Palo Alto provide free exam vouchers for their customers?

Is there any way to apply multiple interface management profiles

THREAT MAP on GUI is unable to export

GlobalProtect Machine account exists with device serial number config

Identifying Source IP Addresses for Routing Palo Alto Firewall Logs to an Azure Collector via IPSec Tunnel

Re: CLI - Basic to Advance PAN-OS 11.1

Re: IP Wildcard Mask Address Objects

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Questions about PAN-303959

Re: Access problem Autoassist

Unlock your full community experience!

Resolved! Upgrade Minemeld Ubuntu 16.04 to 18.04

Resolved! Syntax for security policies without security profile

Resolved! Got error when creating Application object

Resolved! How to check which PAN OS is compatible to my virtual hardware or Physical hardware ?

Resolved! Reconnaisance Protection - Action Alert