General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! IPSEC ON SECONDARY ADDRESSES

Hello,

just a little question it is possible to terminate a vpn-ipsec with a secondary adresses on external interface or I must use the main interface?

thks,

ALex

Resolved! SSL forward-proxy certificate import

I've gerenated a CSR to give my enterprise CA. Now, I've recieved the enterprise CA-signed certificate ann imported it onto the firewall.

The status reads "valid". The "Key" box is checked, however the "CA" box isn't.

Also, when I select the certifica

...

Geoblocking Missing

We are on 8.1.21 - When creating a geoblocking rule I do not have the option for 'Regions' in my rule drop down. Is this due to my version OR do i need to upload a geoblocking list [how?]

thanks!

IOS users are unable to connected with global protect

Hi,

Iam facing the issue with global protect is not connected with IOS users and getting this error after entering username and password.

)
P1839-T259 12/22/2021 17:19:18:962 Debug( 127): set session proxy to 1-0x104d4b5d0.
P1839-T259 12/22/2021 17:1

...

Panorama Threat Event forwarding to syslog only sending medium events

Has anyone else had an issue with the Threat Log -> Syslog forwarding? It seems we are only getting the medium detections forwarded despite many informational events seen in the Threat monitoring. I thought there was a filter somewhere but we have it

...

Resolved! Apps and Threats Threshold time

What Threshold times are you guys using, why and has the log4j caused anyone to decrease this time?

Stock photo for example.

NAT before IPSEC

Hi folks,

We have a vendor requiring a public IP for the encrypted traffic. Their guidance is based on Cisco configurations using "NAT before IPSEC" configurations. Can anyone share/link a guide for this configuration on Palo? Currently on PAN-OS

...

Update to PAN-OS 10.0.8-h4 causes slow GUI response on PA-820

Hello,

After updating our PA-820's to 10.0.8-h4 I have noticed the GUI to be extremely slow to respond. I am actually getting a faster GUI response from a PA-220 on 10.0.7 than our PA-820's. Has anyone else noticed this? Waiting for 'Monitor, Traff

...

dmz data flow

Hi,

Please advise

Hi,

I have a design flaw . I am trying to test dual dmz . dmz server the gateway is on the dmz firewall .

If the server in dmz wants to send data to dc server it has to go back through the same switch

How to avoid this ?

And also,

...

Resolved! Is there a command on PAN about same as linux mtr(mytraceroute) command

Hello Community,

Good day

What is the command on PAN for mtr(my traceroute)?

On linux there is a command mtr to show ping and traceroute output.

The only command i see on PAN is traceroute.

The mtr is useful showing how many percent packet loss on a trace

...

Resolved! GlobalProtect MAC Address Filter?

Hello folks,

I am being asked if GlobalProtect could be locked down to only except a specific list of MAC addresses (our corporate laptops) only.

I see information about Device Block list or HIP configuration. I don't really want to specify a bloc

...

Resolved! Can we check how much RAM PA is using via GUI?

Hi We can check how much CPU that PA is using, but it does not show how much RAM the Palo alto is using. How can we show it at GUI? Thank you

Compatibility Panorama 10.1 to FWs versions

Hi,

Log4s coming......

I wopuld like to know if we upgrade panorama to 10.1.3-h1, what PA versions can be managed.
We have FWs in 8.1 and 9.0, so we dont know if we have to upgrade fw first.

Resolved! Unable to Commit

I've just changed the configuration of the management ip address, but can't commit the change. When I attempt to submit it I get the following error:

admin@PA-3050# commit

...
ID population failed
Error: id 10630 is outside allowed range [1-3583]
(Module

...

Resolved! A connection issue between PA and SW

Hi, PA port e1/2 is connected to switch port f1/5(L3). Both devices can see each other's ip and mac address. The Virtual router and Security zone and Magagement profile Ping are configured. but both devices cannot ping each other. Did I miss some ste

...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Resolved! IPSEC ON SECONDARY ADDRESSES

Resolved! SSL forward-proxy certificate import

Geoblocking Missing

IOS users are unable to connected with global protect

Panorama Threat Event forwarding to syslog only sending medium events

Resolved! Apps and Threats Threshold time

NAT before IPSEC

Update to PAN-OS 10.0.8-h4 causes slow GUI response on PA-820

dmz data flow

Resolved! Is there a command on PAN about same as linux mtr(mytraceroute) command

Resolved! GlobalProtect MAC Address Filter?

Resolved! Can we check how much RAM PA is using via GUI?

Compatibility Panorama 10.1 to FWs versions

Resolved! Unable to Commit

Resolved! A connection issue between PA and SW

WTH is process 'touch' and hwy is it showing zombie?

Add Virus exception

Migrate model FW to virtualwith panorama for policies (recommended procedure)

Newly Registered Domains configuration

Panorama 11.1.8 supports Azure VM series Palo Altos

Re: Virus/Win32.WGeneric.esuykr(752144200) via filename=msvcp140_2_app.dll

Re: Panorama 11.1.8 supports Azure VM series Palo Altos

Re: Newly Registered Domains configuration

Re: Changes to sinkhole?

Re: API error messages

Unlock your full community experience!

Resolved! IPSEC ON SECONDARY ADDRESSES

Resolved! SSL forward-proxy certificate import

Resolved! Apps and Threats Threshold time

Resolved! Is there a command on PAN about same as linux mtr(mytraceroute) command

Resolved! GlobalProtect MAC Address Filter?

Resolved! Can we check how much RAM PA is using via GUI?

Resolved! Unable to Commit

Resolved! A connection issue between PA and SW