General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! is there a way to strip http:// from the output?

i set up a URL based output to feed into my lab box but it won't accept the URLs

reaper@PANgurus> request system external-list show type url name phishing 

phishing
        Total valid entries     : 0
        Total ignored entries   : 0
        Tot

...

Global protect IPsec retry

Hi Community,

I am trying to figure out how the GP Ipsec connection behaves, if the IPsec fails to connect at the time of initial GP connection and the GP falls back to SSL, will GP retry IPsec after any specific interval? is this configurable ?. Als

...

System alert : high : cdb: Exited 4 times, waiting 720 seconds to retry

Dear ，

We found the PA Firewall System alert : high : cdb: Exited 4 times, waiting 720 seconds to retry , Please tell me how to solve it?

nat64 error

Hello

I'm trying to do a NAT from ipv6 to ipv4.

On commit I have an error

"Nat64 needs an ipv4 in the rule for dest xlat"

Rule : from untrust to untrust , destination ip is ipv6 and translated address is ipv4 destination NAT

Thanks.

Download The Latest GlobalProtect Client?

I find not being able to download the latest client very frustrating. I work from home several days a week and the company I work for, has just switched to globalprotect for their vpn requirements.

However on my companies client download page...

h

...

DNS Resolution with global protect.

Dear All,

I am facing some issue with DNS resolution. below is the scenerio.

I have Global Protect VPN setup.
after connecting global protect, i will take RDP of some internal machine.
RDP will take by host name example:- system1.abc.com resolved by I

...

Packet capture drop stage shows production traffic

I have been troubleshooting a intermittent issue where a device that sits behind my Palo Alto running 10.0.0.3 is frequently losing it's connection for UDP port 2156 traffic.

Today I ran a packet capture on the PA using the "drop stage" while the con

...

VMware Horizon View via Load-Balancer

Hi All, First time posting here. We have a fairly large deployment of VMware Horizon View and we're recently migrated from our old firewalls (Fortigate) to Palo Alto and since then inbound connections to our View Platform at this site have stopped wo

...

licenses renewal

I'm in need to renew the licenses of a PA-220 LAB registered under my PA account and I need help from someone else that is not who sold this device to renew the licenses. I'm looking to buy the licenses renewal. Thanks
License PAN-PA-220-BND-LAB4-R
PA-

...

Resolved! dynamic external lists sources

Hello,

I am trying to use the Palo Alto Bulletproof, high Risk, and known malicious dynamic external lists. However, I can't add them because the sources aren't listed in the drop down menu of the "Add External Dynamic List" window.

I read that it us

...

ISP gave us additional /29 but it needs to route through an IP of our existing primary /27

We requested additional public IPs from our ISP. They gave us an additional /29 to add to our /27 but we had to choose one IP in that original /27 to route this /29. I'm trying to determine how to do this properly. Let me know if more clarification

...

Tips to block Yahoo Mail but not other parts of Yahoo

I wanted to make a post to the community to see what other people are doing about this issue. We currently have a support case open with Palo for this and has been open for quite some time. Long story short, users that have previously logged into a

...

Resolved! Issue in HA link monitoring

Hi,

ISP Primary>>Fortigate Active >> Paloalt Active

ISP Standby >>Fortigate Passive >> Paloalto Passive

we have ISP is connected with FortiGate Active Firewall and FortiGate which is directly connected with Paloalto Active Firewall same as ISP s

...

Resolved! Need to disable port 443 in WF-500

We are observing https port 443 open in private wildfire WF-500.

Please, share the command to disable the same.

Also in Wildfire services, we have found only SNMP, ICMP and SSH.

Https service is not available, so as to disable it.

Github-allow access to specific repository

How do I block all Github but allow access to a specific repository? For eg. I want to allow https://github.com/cisagov and block all github using a single URL filtering policy. How can I do that?

I added github.com/* to custom URL list and set it t

...

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free