General Topics

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

We have some exciting community news to share: Threat Vector, a Unit 42 podcast, is now on LIVEcommunity!

Threat Vector is your compass in the world of cyberthreats. Listen to this biweekly podcast to learn about unique threat intelligence, cutting

...

How and Why to Accept a Solution to Your Post

Did you know that you can help your fellow community members by accepting solutions when a reply answers your question. Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature

...

Azure VM-300 IPSec VPN Tunnels and NAT-T

Hello,

We have been building out several IPSec L2L VPN tunnels from Azure instance to several of our branch offices and have come across an interesting issue with a few of the newly created tunnels. The issue we are seeing is that the tunnel sessions

...

Resolved! SSL decryption forward proxy in vwire mode and common name of certificate

We have PA 9.1 running vwire for vendor traffic.

I need to create ssl decrypt cert for the user traffic going to internet.

Seems SSL decryption can work in vwire mode.

When I create self signed cert for the user PC what should I put under common name

...

Resolved! MortiAgent Malware and Palo Alto

MortiAgent Malware is added to the Palo Alto signatures database?

It's Palo Alto aware of this Malware?

want to stop the MoriAgent malware.

How to configure this in Palo alto to ?

Global Protect User Mapping

Hi Folks,

We have following scenario and unsure how to do it. Please let me know your thoughts:

We have VM Palo Alto and we are implementing Global Protect.

The Global Protect Portal and Gateway would be one and the same VM.

We are planning to only hav

...

Resolved! How to create IPv4 list from a text file

Hi community,

I am encountering decrypt-err with Anydesk application after deploying SSL Decryption. In order to fix that, I am going to create a list of Public IPv4 that Anydesk use to excludes them from the decryption. Currently I collected an IPv4

...

PAN-OS Upgrade

We're planning to upgrade the PAN-OS from 9.0.6 to 9.1.X version.Which is the stable 9.1.x version?

Thank you.

set readonly commands

Found a bunch of config lines as such. Where/how? Can't delete them. They don't appear in the GUI.

set readonly device-group grpname address-group NAME_LAN_GRP id 289
set readonly device-group grpname address-group NAME_LAN_GRP id 290
set readonly dev

...

Resolved! How much bandwith are GlobalProtect clients comsuming?

Hello,

Is there a way to see the bandwidth that VPNs clients are using when they are connected through a VPN? I have not seen any specific report for GlobalProtect statistics, for example in ACC. Just logs in the tab Monitor, but they are not showing

...

Force GlobalProtect client to only apply to 1 of 2 ethernet connections

I have 2 physical ethernet ports on my Windows PC. 1 is for external internet and connecting to work VPN. The other is for a local-only ethernet network. When I connect to my office VPN via GlobalProtect, I lose access to the devices on my local-only

...

Panorama space issue

8.1.0 is 782MB and 8.1.8 is 422MB. I deleted them both but i still cannot directly download 9.0.8 which is 423MB.

I have also followed this KB and deleted content updates but still no go. Manual upload did work.

https://knowledgebase.paloaltonetworks.

...

What exactly is Firewall throughput , how do we decide for a network?

I need to deploy a firewall for medium sized enterprise so need help here to understand the Firewall throughput and how to evaluate the Firewall throughput for a network.

Resolved! Two Directly Connected PANs via IPSEC- Do I Need to Build Tunnel Interfaces

We are having installed a 10 Gbps Light Wave service for a WAN connection and will have PANs on either side. (The PANs will be on the same /30 subnet, and the Wave service appears to be a raw fiber connection terminated on physical PAN L3 interfaces)

...

Resolved! NFR VM-Series Firewall

Hi,

I am new in Palo Alto Networks and have few questions about NFR VM-Series Firewall. Hope you can help or guide me please.

1) How to get NFR VM series licenses?
2) What are the options for NFR VM?
3) How to license them?

I do have partners login bu

...

Needed confirmation on firewall Port spanning or port mirroring

Dear Team,

As per the customer requirement we want to perform Port spanning or port mirroring on the firewall interface so we need confirmation whether it is recommended from Palo Alto and if we perform this will there be any impact on the firewall a

...

Resolved! What ports are needed for site to site IPsec tunnels to work?

We have 2 palo alot firewalls & we are trying to establish a ipsec tunnel between both. We proved that all vpn configurations are correct and were able to establish the tunnel & pass traffic but only if we add a firewall rule saying allow any/any/an

...

Discussions

Threat Vector, a Unit 42 Podcast, is Now on LIVEcommunity!

How and Why to Accept a Solution to Your Post

Azure VM-300 IPSec VPN Tunnels and NAT-T

Resolved! SSL decryption forward proxy in vwire mode and common name of certificate

Resolved! MortiAgent Malware and Palo Alto

Global Protect User Mapping

Resolved! How to create IPv4 list from a text file

PAN-OS Upgrade

set readonly commands

Resolved! How much bandwith are GlobalProtect clients comsuming?

Force GlobalProtect client to only apply to 1 of 2 ethernet connections

Panorama space issue

What exactly is Firewall throughput , how do we decide for a network?

Resolved! Two Directly Connected PANs via IPSEC- Do I Need to Build Tunnel Interfaces

Resolved! NFR VM-Series Firewall

Needed confirmation on firewall Port spanning or port mirroring

Resolved! What ports are needed for site to site IPsec tunnels to work?

Unable to download new version

Edit personal information

best practice assessment option is not showing in paloalto customer portal

change default static route

Monitor Logs - filtering with wildcard?

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Failed to update content package

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Error installing dynamic update Apps

Unlock your full community experience!

Resolved! SSL decryption forward proxy in vwire mode and common name of certificate

Resolved! MortiAgent Malware and Palo Alto

Resolved! How to create IPv4 list from a text file

Resolved! How much bandwith are GlobalProtect clients comsuming?

Resolved! Two Directly Connected PANs via IPSEC- Do I Need to Build Tunnel Interfaces

Resolved! NFR VM-Series Firewall

Resolved! What ports are needed for site to site IPsec tunnels to work?