General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

new Validation Check feature introduced in PAN-OS 8.1

Hello,We use centreon as monitoring tool and I get the next alert from palo alto devices PALO ALTO NETWORKS CONTENT VALIDATION CHECK SKIPPED BY USER 'CENTREON USER' FOR [CONTENT VERSION]" I found the next documentation about thishttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNs4CAG but I have some doubt about this che...

Resolved! M200 raid disk pair status stucked at 0%

To enable the disk A ,we have run the below commandrequest system raid add A1and after 5 min run below command :request system raid add A2 But disk is not enabled. Status is stuck at 0% since last 6 hours. How we can resolve this issue ?

Resolved! GlobalProtect clients experiencing latency delays

Hello, Clients who are connected via GlobalProtect VPN are experiencing slowness with all their traffic traversing the VPN (ie.. Internet and Server access traffic).The latency is between 200-400ms for all the traffic regardless of whether its Internet based (to google) or server based (to our corporate servers). Can you suggest any troubleshoot...

Resolved! GlobalProtect Gateway: can it share an IP used in NAT/Security Policies?

I have a working GlobalProtect setup right now using a single Portal on the district firewall, and a single Gateway on the firewall for the location I want to have access to. Currently, these are using dedicated public IPs that are not used for anything else, assigned to the public interface of the two firewalls. What I can't figure out from sea...

AE Interface down during failover

We recently had a failover event during a normal upgrade of the firewall (10.0.1 -> 10.0.4). The LACP aggregate interface on the Cisco switch / Firewall did not come up during this time, which resulted in a longer than expected outage. Powered down firewall to restore original firewall connection. We are using Active/Passive pair with PA-820....

Service route in panorama.

Dear Team, I have two interfaces configured in my panorama:1-management interface2 -ethernet1/1. for software and dynamic updates by default, my traffic is going via management interface. I want to change the service route through ethernet1/1 but I am not able to see any option to change the service route. below is the snapshot. can anyone help ...

Resolved! Study tip for PCNSA.

Hello everyone, I spent a year working directly with Palo Alto firewall and I would like to get some certifications, but all video content I find is purely in English and I still don't have a command of the language. Did they have any text material tips to aid in the study? Any tips to add would also help a lot. Thanks!

Resolved! Policy Based Forwarding

Hi All, I have a guest wifi vlan 10.25.x.x that needs to be routed out to a second ISP. AP-->WLC--Palo Alto FW-->MPLS/VPLS-Router-->L3Switch-->ISP The vlan will each have a sub-interface and gateway 10.25.x.1 assigned on firewall in its own guest zone and virtual router. The virtual router will have a default gateway 0.0.0.0 to a ...

PA-7050 policy does not show anything in rule usage column "Apps Seen"

I noticed that all our PA-7050 PAs don't show anything in rule usage "Apps Seen" column for rules that are supposed to see many apps. It is not a problem on other models. Any idea?

OKTA SAML panorama authentication?

Trying to get this working and I am able to authenticate using OKTA SAML via the button on the login screen but when I do (after entering u/p on the OKTA page) it redirects me back to the Panorama login page. I see PAN_AUTH_SCUESS SAML on the CLI but never an 'auth-sucess' in the GUI (Monitor > Logs ? System) because it never actually logs ...

Resolved! 1:1 destination nat mapping

Hi everybody, does anybody know if it is possible to write a single destination NAT policy in order to map ip addresses from a given range/network to a corresponding range/network of the same size preserving the host portion of the address? I try to explain with an example. I would like to translate packets destined to 192.168.10.0/24 with add...

Custom Snort Signature

creating a custom snort signature on Palo alto Firewall but didn’t found the concern context operator for match pattern.Shall we create a context operator or how it can add the pattern if the context operator is not available? For example:alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"[CIS] Emotet C2 Traffic Using Form Data to Send Passwo...

Resolved! Global Protect Split Tunnelling

We are enabling split tunnelling for O365 traffic. I have added a object for a known website so I can test this. I can see the IPs in the PANGPS logs so the configuration is pushed to the client. I have also enabled the Split Tunnelling in the APP for Network and DNS. When I am connected to Global Protect and visit the test website it is incredi...

Can we add other security device in Panorama?

Hi, I am seeking information on whether we can add any other security device in Panorama or not like Cisco firewall, Fortinet etc. or only Palo Alto firewalls can be added?Please share your information. Thank You,Azeem

TS Agent - System Source Port Allocation Range Registry Key

Hey, the following text you can find on this page:The System Source Port Allocation Range and System Reserved Source Ports fields specify the range of ports that will be allocated to non-user sessions. Make sure the values specified in these fields do not overlap with the ports you designate for user traffic. These values can only be changed by ...