General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Delete Vsys

Any advice on deleting a vsys? 7050 OS 9.0.11

Simple as selecting vsys under Device Tab and deleting?

Thanks

Regarding threat visibility not being shown.

We have deployed Palo Alto in tap mode to get traffic visibility, we have configured PA VM 100 with active trial license, We have visibility of Traffic logs but the threat logs are not visible.

In policy configuration for tap mode we also have assig

...

Resolved! Block PSIPHON 3

Hi all,

Does anybody already try with success to block Psiphon (https://www.psiphon3.com) ?

It's quite easy when psiphon is configured in VPN mode but how can I do that when VPN is not used ?

Thanks in advance for sharing.

V.

Users and group mapping

Hello everybody!

Sometimes users' group memberships are not recognized by the firewall integrated user id agent. In the useridd.log we see this message:

2019-03-29 10:12:45.317 +0100 Warning: pan_user_group_user_prime_uid_lookup(pan_user_group_multi_at...

Help needed for odd situation: Expired licenses interfering with commit?

Here's my situation:

We were planning a new firewall installation, but that got some major delays after the start of the pandemic. Now I've noticed that we no longer have a support contract for our PA-5050 cluster (no doubt not renewed because we exp

...

2 NAT rules on device

Can anyone tell me the pros and cons of having two nat rules for one device?

Resolved! Policy base routing for internal trafique

Hello everyone,

I have two ISPs wan1 and wan2, for lan 1 it must go out through wan1 and lan2 through wan2. in the event of a problem with one of the wans, the associated lan will have to exit through the other wan temporarily. To do this, configure

...

PA-3020 - Error: Threat database handler failed - Commit failed

Hi,

Our Palo Alto has been rock solid for years, but last friday we realized we are unable to commit changes.

We're pretty sure it started happening with the release of content package version 8462-6955.

We hoped this was a one-off and the next upgr

...

One IPSec SA Stops Passing Traffic

I have a B2B tunnel with a business partner. There are 22 proxies, all defined host-to-host. The VPN peer is a Cisco firewall, I'm not sure of the model. Phase 2 lifetime is 8 hours. One particular SA stops sending and receiving traffic at each P

...

Want to allow only gmail and block all other internet access with Palo alto firewall

Hello,

I want a suggestion regarding my scenario. I want to allow my employees full Gmail access(i.e they can receive sent email, attach file to email, download attachment etc) but all other internet access will be blocked. they wont be able to use

...

error while generating PDF from ACC tab in PA3230

prior to few days ahead we were able to download PDF report from ACC tab in Palo Alto but as of now while downloading the report, i can't download the PDF, it gets stuck.

PA500 boot error with message "unable to connect to Sysd" and NIC in dataplane does not worked.

The firwall PA500 had a poweroff and boot,and after reboot the PA500 get a error with "Error: sysd_construct_sync_importer(sysd_sync.c:328): sysd_sync_register() failed: (146) Unknown error code
Error: unable to connect to Sysd"

When the device boot fi

...

Resolved! One session is utilizing 5-12% of CPU of my 5220 firewall

One session is utilizing 5-12% of CPU of my 5220 firewall.

Session ID: 2155872259

show session id 2155872259

Session 2155872259

Bad Key: c2s: 'c2s'
Bad Key: s2c: 's2c'
index(local): : 8388611

I am not able to check the session information. Getting bad K

...

Impact on disk Usage for firmware upgrade

one of my customer has 95% root storage if we upgrade the PANOS 9.0.9 H1 to 9.1.11

Is there any impact on the disk usage of root storage?

X-VPN not getting decrypted

Hello,

We would like to block the application X-VPN (used on apple iOS system as a VPN app). Using PAN-OS 8.0.1
The firewall sees the traffic as either SSL, web-browsing or google base traffic and doesn’t appear to be decrypting it.

The session ID says

...

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free