General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

NGINX configuration for SSL Inbound Inspection

Hello everybody,

I'm trying to enable SSL Inbound Inspection to decrypt traffic to an internal webserver that runs on NGINX. I have already added the server certificate and key, and set up the corresponding decryption policy. The problem is that th

...

Resolved! RHEL7 - /bin/sh ./configure Permission Denied

Hi all,

I'm installing minemeld-ansible on Redhat 7.
When i run this command:

sudo ansible-playbook -K -i 127.0.0.1, local.yml
i got this error:

`PLAY [minemeld playbook] ************************************************************************************

...

Resolved! PA-220 Size

dear all,

in my environment, we have 100 computers and 8 servers, one internet connection, maximum 10 or 15 users need VPN and we planning To buy PA-220 .

question: Does this device meets our needs?

trust-untrust common apps block user

Without giving any low level info

how would a person go about a blocking a single user, via policy, get blocked from trust-untrust common apps w/o affecting other users?

Create a policy above it? Or negate the user?

Using MineMeld to provide list of IP addresses to be used as EDL in PaloAlto firewall

Hello,

My requirement is to use MindMeld to host a list of IP addresses that needs to be blocked in the PA firewall using EDL. I am unable to find the relevant docs.

Please help!

Disable TCP 1323 Timestamp response through Palo Alto Firewall?

Hi,

I'm wondering whether is there a way to set the PAN Firewall to detect and drop TCP 1323 Timestamp queries to servers?

According to some web vulnerabilities scanning reports, it is reccomended to disable the TCP Timestamp as it discloses server upt

...

TCP timestamp response During the vulnerability assessment

In my case, the team is performing a vulnerability assessment on PA820

Vulnerability Title: TCP timestamp response.

Description: The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's upt

...

COMMIT FAILED: Unknown node class

Hi All,

I have old instance of Minemeld (0.9.52) running on Ubuntu 14.04. I am planning to migrate it to new server and upgrade it, but it will take some time. Meanwhile I need to mine the Azure Cloud IPs for specific service. But my instance is st

...

Resolved! Migrating config from PA -500 to pa 220

I

Hi,

Planning for upgrading PA-500 to PA-220, Just wanted to be sure that if we download the current running config from PA-500 and import it to new PA-220 device, will that work?
I am not sure if Importing configurations between non-matching hardware

...

Prelogon - PanCredGet

PAN-OS - 9.0.3

Global Protect 5.0.3

We are having problems with GPPrelogon.

Logs:

(T7612) 07/22/19 15:20:16:670 Debug(5727): REGION-PRIO, region code is GB
(T7612) 07/22/19 15:20:16:670 Debug(10868): REGION-PRIO, save region code GB
(T7612) 07/22/19 15

...

Resolved! Use Windows DHCP Server for GlobalProtect Clients

Is it possible to use an Active Directory integrated DHCP server to assign IP address to GlobalProtect clients? If not, how can I reliably manage DNS records for VPN users?

Best siem

Hello all its been a long time, since they took away my sentinel role I haven't been on here much. Does anyone have a recommendation for a siem?

Resolved! CEF PANOS 10

Morning!

I can see that PANOS 9.1 has a CEF will this work on PANOS 10 as I have not been able to find the CEF for PANOS 10

Thanks

BizBo

Resolved! blocking machines from AD-group

Is it possible to block outgoing traffic, from an active-directory group containing machines?

blocking traffic by username works fine, but i want to use the machine ad group rather than entering all machines by fqdn or ip in an address group of object

...

Resolved! Creating static routes in CLI versus GUI

I have noticed that if a create a static route via the cli the xml configuration is less than if you create the static route via the GUI.

In the cli I can simply set the destination and next hop. In the GUI there are many other options (most I never

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

NGINX configuration for SSL Inbound Inspection

Resolved! RHEL7 - /bin/sh ./configure Permission Denied

Resolved! PA-220 Size

trust-untrust common apps block user

Using MineMeld to provide list of IP addresses to be used as EDL in PaloAlto firewall

Disable TCP 1323 Timestamp response through Palo Alto Firewall?

TCP timestamp response During the vulnerability assessment

COMMIT FAILED: Unknown node class

Resolved! Migrating config from PA -500 to pa 220

Prelogon - PanCredGet

Resolved! Use Windows DHCP Server for GlobalProtect Clients

Best siem

Resolved! CEF PANOS 10

Resolved! blocking machines from AD-group

Resolved! Creating static routes in CLI versus GUI

Recommended Subscription Licenses for east west traffic

Global Protect App/Gateway Login Banner

Quick upgrade query

Push Scope isn't showing and Commit button grayed out after upgrade Panorama

PA Active/Passive and Cisco stacking LACP

SYSTEM ALERT : medium : MLAV: Unknown error

Re: ACC shows ipv6 addresses in source/destination IP

Re: Quick upgrade query

Re: Recommended Subscription Licenses for east west traffic

Re: Certificates not showing under Devices Certificates or CLI

Unlock your full community experience!

Resolved! RHEL7 - /bin/sh ./configure Permission Denied

Resolved! PA-220 Size

Resolved! Migrating config from PA -500 to pa 220

Resolved! Use Windows DHCP Server for GlobalProtect Clients

Resolved! CEF PANOS 10

Resolved! blocking machines from AD-group

Resolved! Creating static routes in CLI versus GUI