General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! System - Engine - Logs - CIDR is not a valid IP indicator ERROR

When I try to integrate minemeld IOCs into MDATP, only IP can't sync to the MDATP. Domain/URL and SHA256 are all good.

Check the Logs in System-Engine, found following errors, but don't understand why have this error?

2020-10-05T15:57:27 (10424)node._

...

Resolved! DNS issue over Global Protect split tunnel

I have an SFTP server. When users are inside the office they have to connect it via private IP. When they are at home they should go via public IP. I am using the same DNS server in Internal and Global Protect as well. I have excluded the private SFT

...

Master key on secondary standby panaroma

Hi all

I have two panaroma in ha and two firewall in ha.

I configured master key on primary panaroma and i want to configure it on secondary.

what is best way to configure

1. Make primary panaroma suspend and make secondary active

or

2. do failover of pana

...

Problems with IPSec tunnel

Hello,
I have a PA VM100 which hangs behind a dynamic public IP and it creates an IPSec tunnel to a PA220 with static public IP. So the tunnel can only be established by the VM100. On the PA220 I have activated "Enable Passive Mode" at IKE Gateway ->

...

Resolved! L3 Subinterface Traffic's Not Passing

Hi Team,

Seeking for you advise, or your input that one my recent setup.

I have made the Palo L3 subinterface for three VLAN's and the firewall port have been connected with Cisco L2 switch and the port of cisco has configured with trunk.

After mad

...

Ignite 2020 Event Information

LIVEcommunity Ignite 2020 Event Information

Ignite 2020, our all-virtual event is right around the corner so we put together information about what you can expect and how to register!

Read the blog here.

Now that we've shared a little bit

...

IPSEC VPN - Cannot ping across the tunnel. Both Ph1 and Ph2 tunnels are up.

Hi All,

I have set up an IPSec VPN tunnel which seem to be up, however, i cannot ping from my local LAN IP on tunnel interface to the other side LAN interface of the tunnel. NOTE - Other end of the tunnel is terminated on ISP network where we are usi

...

Internal host detection when using prelogon then on demand connection

hey guys, so I have finally managed to setup my pre-logon environment and its working great, only problem is now that internal host detection is not working..... it work well on my non-prelogon portal if there any fix for it ?

My setup under the pre

...

Resolved! Authentication error after upgrading to 7.0.x

Hi,

I've one issue after upgrading for one of my client from 6.1.6 to 7.0.7 regarding Radius authentication. Authentication was successful till we upgrade to the new version. After the upgrade we are getting the error “Number of Access Domains and ro

...

RST First packet isn't a SYN flows (RST Both) + Deny action for NFS (?)

Hi Experts,

I'm right now dealing with a situation where occasionally I need to reset NFS sessions within an HA A/A PA 5220 cluster (see also https://live.paloaltonetworks.com/t5/general-topics/pan-os-session-table-clearing-gt-no-rst-fin-connection-s

...

3020 randomly shuts down

Hello. I'm hoping that someone might have some suggestions of what's happening here.

For the past week I've been dealing with a 3020 that randomly shuts itself down and requires a power cycle to get back online.

Thursday and Fri of last week we'd rand

...

Resolved! Using Palo Alto firewall as a proxy (anonymous browsing + URL filtering)

Hi all,

We currently have a setup using a Forcepoint Content Gateway for proxy server with an external facing Palo Alto 850. The main we reason with use the Forcepoint appliance is for:

1. "Anonymous browsing" (no leakage of internal IP spaces)

2. DLP

...

PAN OS Session Table Clearing -> no RST/FIN Connection sent out ?

Hi Experts,

I have the following situation. I'm running an A/A HA Cluster based on 2 5220 PA Appliances (PAN OS vers 9.0.x)

Occasionally (following a failover event) we noticed that some of our Long Lived sessions (NFS + Oracle DB Sessions) active ac

...

Resolved! Book for Palo Alto

Hello Everyone,

Hope you all are doing fine. I am new to PA firewall and just started to study PA concepts from PA forums. But i want to purchase book and study from it. Could someone please advice if below book would be good to start from scratch? .

...

Resolved! Trouble with IPSec Site2Site VPN

I am a beginner in the Palo Alto World.

I want to setup a Site2Site VPN to a customer.
The customer has a Palo Alto System running.

I cannot get the tunnel up.

The admin of the customer and me are troubleshooting the problems, but so far nothing is worki

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Resolved! System - Engine - Logs - CIDR is not a valid IP indicator ERROR

Resolved! DNS issue over Global Protect split tunnel

Master key on secondary standby panaroma

Problems with IPSec tunnel

Resolved! L3 Subinterface Traffic's Not Passing

Ignite 2020 Event Information

IPSEC VPN - Cannot ping across the tunnel. Both Ph1 and Ph2 tunnels are up.

Internal host detection when using prelogon then on demand connection

Resolved! Authentication error after upgrading to 7.0.x

RST First packet isn't a SYN flows (RST Both) + Deny action for NFS (?)

3020 randomly shuts down

Resolved! Using Palo Alto firewall as a proxy (anonymous browsing + URL filtering)

PAN OS Session Table Clearing -> no RST/FIN Connection sent out ?

Resolved! Book for Palo Alto

Resolved! Trouble with IPSec Site2Site VPN

FW Ha Cluster disconnected from Panorama

maximum number of bgp routes for VM-series

Flexible vCPU VM Firewall interfaces are down

Management and Dataplane on Vsys

Site flagged as GRAYWARE (PLEASE HELP!!!)

Re: Flexible vCPU VM Firewall interfaces are down

Re: Data center providing dual ports already in VRRP - my topology?

Re: PAN-OS Release Frequency

Re: Alerts for dynamic updates

Bug Search Tool (New Feature & UI)

Unlock your full community experience!

General Topics

Rules and Best Practices

Resolved! System - Engine - Logs - CIDR is not a valid IP indicator ERROR

Resolved! DNS issue over Global Protect split tunnel

Resolved! L3 Subinterface Traffic's Not Passing

Resolved! Authentication error after upgrading to 7.0.x

Resolved! Using Palo Alto firewall as a proxy (anonymous browsing + URL filtering)

Resolved! Book for Palo Alto

Resolved! Trouble with IPSec Site2Site VPN