General Topics

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

After upgradae of pan os 8. 1. 14h2 auth profile changes auto

the PAN-OS has upgraded from 8. 1. 9h4 to 8. 1. 14h2.
The issue has been reported that users are able to connect the VPN via Global protect with their AD logins, but unable to access few web-based applications.
The logs are not received by the firewall

...

Dynamic Domain List Empty

Created Dynamic Domain list, added single domain x.y.com > added list to antispyware profile > profile is used in policies but still the list shows empty. Also tries y.com still it is empty. Source URL is accessible an there are other IP lists in sam

...

GRE Tunnel with Zscaler...

Hi Team,

Does Paloalto NGFW supports GRE tunnel with Zscaler?

Thanking You!!

Regards,

Om Prasad

Resolved! Layer 3 routing on PA

Guys, facing a small issue hope can resolve together

I have created a new network on PA as Layer-3(503) and am trying to communicate with my other existing layer-3 network (501):

Steps configured are as follows :

1) created Layer-3 ae4.503 with IP X.53.

...

Resolved! Split tunneling for zoom app

Hi,

We dont have configured split tunneling for GP. We have 0.0.0.0/0. We would like to do split tunneling only for zoom-base.

We tried to configure in GP gateway excluding the zoom ips but its still the zoom traffic reaching the PA, because IPs can c

...

Resolved! restrict Global Protect connecting to multiple VPN's at same time

Hello Community

Is there a way to restrict Global Protect client from being able to run multiple VPN's at the same time?

We have 2 PA firewalls in different locations for different services, and do not want GP clients accessing both networks at the s

...

help guys.. Unable to access site even its already on overide

Resolved! Configuring Interface Management Profile and Assign it to Agg Interface

Hi All,

I have a customer that looses it's access to the Web GUI of the PAN Firewall except console connection. Aggregate Interface is configured. Can I assign an interface management profile via CLI on the aggregate interfaces? E.g. ae1.100? When i

...

Resolved! SSL inbound decryption and Post message in PA PCAPS

We have configured the SSL inbound decryption.

When we do the PCAPS on the PA we do not see POST message on the re and tx pcaps.

Need to know is this default behaviour?

On traffic logs we see decryption flag as checked.

Also from CLI i verify that PA is

...

Resolved! Panorama suggested version

Hi Team,

we have firewall running version 9.0.6,9.0.4 and 9.0.7, well in this case what could be the suggested version of panorama?

i have heard , panorama should run with same or later version firewall OS, Is it talking about the major version like 7

...

Resolved! All the traps agents are disconnected

Hi Community,

All the agents in my traps setup on ver 4.2.5 shown as disconnected. As the issue looks like ESM server related, i have followed the document https://docs.paloaltonetworks.com/traps/4-2/traps-endpoint-security-manager-admin/troubleshoot

...

Panorama M-500 disk upgrade & add process

Hello,

I'm planning to upgrade storage capacity M-500.

It's using 12 slots with 1TB disks, I'm going to insert 2TB disks to empty slots and replace 1TB to 2TB.

As I know, after add new disks, panorama will redistribute existing logs.

While that process

...

Limitations for creating number of child sa for site to site vpn

Hi,

Here I am trying to create a site to site vpn in Paloalto firewall, now in local network I have 8 individual /32 ips and for remote 10 individual /32 ips. This is for policy based vpn. Now if I add proxy ids for local and remote ips. I am getting

...

Source and Destination NAT using 2 different NAT rules

Hello everybody,

We are trying to replace our Lan-to-Lan concentrator (currently a Cisco ASA) with a PAN-5220 version 8.1.

On the Cisco ASA firewall, we are currently doing source and destination NAT for each incoming connection.

We change the sourc

...

What is the difference of malware detection between NGFW and Traps

Hi community,

I'm just curious why does the Firewall detect a malicious action/file but the traps stays quite about like do they have difference in alerting?

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

How and Why to Accept a Solution to Your Post

After upgradae of pan os 8. 1. 14h2 auth profile changes auto

Dynamic Domain List Empty