General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Finally have pre-login working - but now

I'm excited to finally have pre-login working per the logs below. But after the successful certificate based pre-login,

portal-getconfig fails. On the pan the error message is "Failed to get client configuration". Any advise on how to troubleshoot th

...

SSL Decryption Issues - MacOS Big Sur 11.2.3

We have had SSL decryption configured since we deployed Palo Alto firewalls and it works with little issue on our Windows OS platforms. We have a new project to deploy a few MacOS clients as the application development team requires the ability to te

...

How long time will need to prepar the PCNSA

Hi everyone

I would like to prepare the certification PCNSA.

My idea is to pay the tax exam as soon as posible will make force me to study the exam. I would like to know how many hours and time will need for I am going to the exam.

Regards

Resolved! 2 ISP NAT question

Hello,

we have 2 ISPs . .

Static route with metric 10 for the 1st one and another static route with metric 20 for the second one .

We have 2 nat rules for LAN. 1st one is via ISP1 and 2nd is via ISP2.

So when we change the default route we need to reor

...

PA Destination NAT

I have a use-case that all subnets/VLANs should be able to access the server (192.168.4.4) via HTTP using the loopback IP address 192.168.6.2/32.

The PA firewall is the gateway for all the VLANs. I would like to confirm if this is possible? The sourc

...

Resolved! Aplicação incompleta

Galera, boa tarde.

Estou com um problema bastante confuso, tento acessar um determinado site "HTTP" é recebo a erro (Não é possível acessar esse site), realizamos um teste fora da nossa rede é o acesso é realizado normalmente.

Analisando os LOGS veri

...

application

Guys, good afternoon.

I have a very confusing problem, I try to access a certain "HTTP" site and I get an error (It is not possible to access that site), we perform a test outside our network and the access is done normally.

Analyzing the LOGS, I fo

...

User-ID only tags IPv4 or IPv6 address in dual stack

I've got the User-ID agent installed on three servers and I've recently began enabling IPv6 internally and I've noticed a problem. The traffic logs in Palo Alto only associate either the IPv4 address or IPv6 address of a machine with a username depe

...

can MineMeld be installed on ubuntu 20.04?

I'm getting this error, how do i get around it?

$ sudo apt install -o Dpkg::Options::="--force-overwrite" -y minemeld
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This m

...

NGINX configuration for SSL Inbound Inspection

Hello everybody,

I'm trying to enable SSL Inbound Inspection to decrypt traffic to an internal webserver that runs on NGINX. I have already added the server certificate and key, and set up the corresponding decryption policy. The problem is that th

...

Resolved! RHEL7 - /bin/sh ./configure Permission Denied

Hi all,

I'm installing minemeld-ansible on Redhat 7.
When i run this command:

sudo ansible-playbook -K -i 127.0.0.1, local.yml
i got this error:

`PLAY [minemeld playbook] ************************************************************************************

...

Resolved! PA-220 Size

dear all,

in my environment, we have 100 computers and 8 servers, one internet connection, maximum 10 or 15 users need VPN and we planning To buy PA-220 .

question: Does this device meets our needs?

trust-untrust common apps block user

Without giving any low level info

how would a person go about a blocking a single user, via policy, get blocked from trust-untrust common apps w/o affecting other users?

Create a policy above it? Or negate the user?

Using MineMeld to provide list of IP addresses to be used as EDL in PaloAlto firewall

Hello,

My requirement is to use MindMeld to host a list of IP addresses that needs to be blocked in the PA firewall using EDL. I am unable to find the relevant docs.

Please help!

Disable TCP 1323 Timestamp response through Palo Alto Firewall?

Hi,

I'm wondering whether is there a way to set the PAN Firewall to detect and drop TCP 1323 Timestamp queries to servers?

According to some web vulnerabilities scanning reports, it is reccomended to disable the TCP Timestamp as it discloses server upt

...

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free