General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

SSL inbound inspection not working for SMTP

I'm running PANOS 10.0.2

SSL inbound inspection for a web server is working but for a seperate SMTP server it is not.

Both use the same certificate.

Both use the same cipher suites.

Two seperate decryption rules wihich are clones of each other, only the

...

HTTPS to HTTP Redirect

HI Team,

Is it possible to redirect the traffic from HTTPS to HTTP.

As my webserver is using HTTP. We outside user connect it's https://abc.com it's should be redirect to http://abc.com.

Please advice

Panorama SSO with SAML and Microsoft ADFS

Hello Community,

we were trying to connect Panorama 8.1.4 with SAML and as an IDP Microsoft ADFS on Microsoft Server 2012 R2.

We tried a lot of configuration and followed the admin-guide, but were unable to get a working authentication.
The auhtd.log

...

Use Anyconnect to connect to Palo Alto gateway

Hi,

We would like to know if its possible to configure Palo Alto GP gateway in order to permit connect using Cisco anyconnect client?

what it would be the config to do that?

Resolved! LDAP Rights Query.

Hi Guys,

To create the service account in AD, which is utilized on the device. we know that below rights are needed.
- Distributed COM Users
- Event Log Readers
- Server Operators

My query is why it necessary, what it's justification to be a part of th

...

Unable to add pre-defined EDL IP list in security rule destination address on panorama

Hi Team

Unable to see pre-defined EDL IP list in security rule destination zone on panorama. but In firewall I can able to see the predefined EDL in security rule destination address. antivirus, content version all are same and installed on both devi

...

Resolved! Link down between Firewall and Syslog server

Hi all,

I'm looking for any KB or official document that explain the log forwading behavior when link between FW and Syslog server is down.

As I understood that PA firewall will not resend the the log at the moment of link between them is down to syl

...

Resolved! Share level Yellow

Hi @lmori and @xhoms

In MM 0.9.46 we have the "libraesva" miners prototypes. All of them with share level Yellow. But we don't have an output prototype with this share level. I tried to create a new one from std.feedHCGreen, but it doesn't allow to

...

User-ID not mapping all traffic

Why the user-id is missing for some traffic. This also causes issue with policies using user-id.

Below traffic log is for same user/zone/ip

URL Categories and SSL Decryption

I'm having an issue with URL Categories and SSL Decryption. I have two decryption policies; the first is a no-decrypt policy for URL Categories matching "financial-services" and "healthcare-and-medicine," and the second policy is a decrypt-all for se

...

Resolved! Panorama can't proxy web interface after upgrade to 8.1.16

Upgraded Panorama to 8.1.16. No issues with the upgrade.

Upgraded all our PA-220s to 8.1.16. No issues with the upgrade.

Upgraded our PA-5220s to 8.1.16 (from 8.1.9-h4). If I connect directly to the management IP, I can login to the web interface.

...

Caveats for HTTP Header Insertion for GDrive / Google Apps

As of the time of this writing (May 2020), there are some caveats / required steps for HTTP header insertion into GDrive applications that are not clearly documented. The purpose of this post is to close that gap until documentation is amended to cor

...

Windows 10 Global Protect (Version 3.1.1) Portal Config Does Not Exist

Greetings

I have a new laptop. Windows 10. I have installed Global Protect version 3.1.1. After entering the portal IP and user log in information I cannot connect.

Details of the log are as follows:

etWscEvent
(T9344) 10/21/16 12:49:07:580 Debug(

...

VM-100 under Dell PE2950 - and new suitable HW...

Hi

We have had a VM-100 under VMWare 6.5 ESXi on a 32Gb Dell PowerEdge 2950 for a few years now. We serve a 250 students' high school with dorms so the FW works around the clock... Throughput has been ok with few complaints, but when I checked the m

...

Skype for Business Server 2015 - Block only instant messaging

We are currently developing a proprietary WebRTC solution which we will use to replace Skype for Business. We are currently looking to roll out instant messaging on the custom product and would like to disable/block only instant messaging traffic in

...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free