General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! DNS proxy sharepoint domain issue when cache enabled

Hi there, i have some issues with my firewall when using dns-proxy with enabled cache. I cannot resolve sharepoint domains e.g. bitmix.sharepoint.com, but when I disable the cacheoption everything works fine.
Does someone have any suggestion how I cou

...

Pallo Alto Version 10 show transceiver command for SFP check/troubleshooting

Before only the "show system state filter xxx" ( https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaMCAS ) was used to check issues with SFP but in version 10 the show transceiver is here and this is great 

https://docs.pal

...

URL Filtering Clarification - Wildcards behavior (implicit match on the rear of the URL)

Figured I'd share this here as I already have on another platform. Been using PanOS for ~8 years and came across something with URL filtering and wildcards. URL filters with wildcards will match on the front, and back of the URL(implicit), if you

...

W10 Slow Logon when WWAN Card Installed

Has anyone else seen this?

Global Protect Split Tunnel exclude video traffic issue

Hi All,

I have an issue I am not sure how to address. I have "Exclude video traffic from the tunnel" enabled on the GP gateway. When a user connects and tries to watch a video on our wordpress intranet site, http:/myintranetsite/somevideo embedded in

...

FQDN address object maximum length limit...

Hi Team,

What is the maximum length limit for fqdn address object, Is it possible to increase this default length?

Thanking You!!!

Resolved! Due to Open SSH Denial of Service vulnerability firewall dropping random connections

Hi Guys,

Large number of connection attempts made which is normal as per the server team but firewall is considering it vulnerability and dropping the random connection to the server. After getting 3 to 4 successful execution in the same session it g

...

Failover in NAT

We have a configuration to balance two NAT destinations, in the Translated Address we have a group with the two IP destination

We need to performing a failover if NAT # 1 192.168.251.21 stops working, passing to NAT # 2 192.168.251.22.

When the IP # 1

...

Resolved! Does Paloalto Firewall support autoconfig for IPv6 interface

In my environment, I have 1 ADSL router supply IPv6 prefix, It working well with my IPv6 laptop and can go through internet using prefix from router + generated interface id.

Does Paloalto support autoconfig for IPv6 interface? I need it because my r

...

Resolved! Panorama > Policies > Security > Post Rules > Zone field has a red background

Hi there

Why does the zone in the screenshot appear with a red background?

It is the same when browsing direct to the FW itself.

There is an interface in the zone with a subinterface.

Both main and subint are up.

IP address configured on the subint

The int

...

2021-03-24 15h15m53 Zone Red backgroud.png

2021-03-24 15h20m21-StdF Interface setup.png

Resolved! March Madness 2021

Have any new application signatures been released for March Madness 2021? I'm able to find the historical ones but have not seen any for 2021 yet.

Resolved! Meraki to PAN Conversion?

Does anyone have any thoughts on doing an export/conversion from Meraki to PAN? There doesn't seem to be a direct conversion process so any help would be appreciated, I'd rather not completely build out the PAN if I don't have to.

Resolved! SSL Decryption Question PANOS9

Hi,

i have one short question about PANOS 9 and 10 ssl decryption.

We use ssl decryption on all PAs for many years.

Is the rule 77 obsolet after upgrade to PANOS 9 /10??

The rule was a must have for ssl decryption working on PANOS 7.

Best regards,

Chris

...

Resolved! FW routing packets to internet vs internal

I have a weird issue with a LAB interface/zone that when packets to a cloud IP that is reachable via the core it routes it to the internet vs the core. All other traffic is routed correctly but not this and I can't seem to figure out why. 10.100.2

...

Peer ip is not showing in high availability status

We are not able to access passive firewall on web gui and ssh.

HA1 is configured on Dedicated interface.

In high availability status , peer ip is not showing. What could be the reason.

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free