General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

INFO gave up: minemeld-engine entered FATAL state

Hi,I am using ubuntu 20.04,Installed minemeld using docker and using minemeld on web interface.I am getting this error and the below log:$ sudo docker logs minemeld*** Running /etc/rc.local...*** Booting runit daemon...*** Runit started as PID 8minemeld: checking if dependencies are running...run: redis: (pid 21) 0srun: collectd: (pid 18) 0sCopy...

Resolved! Want to configure two different domain for LDAP Authentication.

Hi Team, Can we configure two different domain in PA firewall? will it work for global protect authentication?

Resolved! Zone for vpn

Hello , We have currently three diffent zones defined . Zone A vlan 100. For wired users Zone B vlan 200 for wireless users Zone V tunnel/ loopback interface for Global protect users. All the above users mentioned are corp users. Now customer wants to create. single zone called "All users" and want to put vlan 100 200 and loopback/ tunnel into i...

dns-signature cloud service connection refused / kicked-off vpn

VPN just kicked every off for a couple minutes. I had a dozen logs forwarded to me saying dns-signature cloud service connection refused. Anyone know if that might be the cause? When I was able to reconnect to VPN, the # of sessions was 3-5x normal and quickly dropped.

Resolved! Session moves from ACTIVE to DISCARD in middle of download once zone protection enabled.

Hi Community,I am seeing the below behaviour in my PA-850 running on 9.1.4. Security policy is allowed for traffic.Scenario-1, without zone protection in internet zone - Everything works fin Scenario -2,Having zone protection with pretty much all options enabled for 'IP Drop' and TCP drop' and other options as well. Applied it on internet zone.E...

Resolved! Layer 2 MPLS pseudowire to span HA ports across sites.

Hello, I'm still learning PA and I'm planning to create a pair in HA Active/Passive mode. I was planning on connecting HA1A, HA1B and HA2 to a Cisco switch. Each port on a different VLAN. I was then going to trunk this traffic to a Cisco router (ASR920). I'm then planning to link two sites using layer 2 MPLS pseudowire. As anyone experienced any...

End of life and end of support for PA5050 and M100

Hi All, I would really appreciate if someone can let me know below details for PA5050 and M100. 1. End of life2. End of Support3. Replaced product Thank you in advanced,Gayan Samarakoon

Resolved! PA-820 Terrible throughput

Hi All, I have a PA-820 running 10.0.3. Lately my main connection was a DSL connection that limited me to 12/1 (on a perfect day). However I finally got on to the Starlink Beta, hung the dish and started getting items setup. When I pass any traffic through the PA, I am limited to <14Mbps down, <1 Mbps up. I have a very simplistic rule set,...

Trouble routing VXLAN traffic as it enters the outside interface

Hello community,I am attempting to create a VXLAN over IPSec solution between my PA-3250 and a remote Fortinet FortiGate 61E. I have managed to get things configured correctly on the FortiGate (I think) as I am seeing the traffic entering on the Palo side. I am using Tunnel Inspection on the Palo side and it appears to be set up correctly. In th...

Want to use IPv6 for bi-directional nat for VC.

Hi, Want to use ipv6 for bi-directional natting only for VC. Want to know the procedure on how to configure it. I have tried https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/nat64/configure-nat64-for-ipv6-initiated-communication.htmlthis link but when I commit the configuration it's got failed.

Resolved! Problem acknowledging alarms

I have an issue where I click acknowledge alarm several times, but the firewall refuses to update the status of alarms to acknowledged. Is there some absurdly long undocumented lag? Anyone else have a similar problem?

PA OOB Managment Interface question

How can I get PAN updates via the MGMT Interface if its on an isolated network inside my organization. NOTE: Its not on the internal zone. The route is working as i can see my packets leaving via egress when i ping from the host connected to the MGMT port. I want to avoid using Service route configuration via the external facing interface. Cheers!

How to control reverse DNS lookup through DNS SecurityLicense

The user was trying to send a mail from internal to external domain but it is blocking by sinkhole because it is showing as malicious traffic, however, we are able to receive from that malicious domain, Can we block reverse mail from an external server to internal using DNS license. In my case, it has received. Eg- User mail is test@abc.com and ...

Resolved! Not able to see new threat ids

I have updated firewall contents to new version. After update also still I am not able to see newly added threat id under vulnerability protections profile under panorama. I can see those ids locally on firewall but not on panorama. Wha could be the issues? Any help would be much appreciated

FTPS connection impossible with AntiVirus, AntiSpyware or vulnerability protection is enabled

I have an FTPS server behind the PA. When I enable either AntiVirus, AntiSpyware or vulnerability protection with default profiles it is impossible to connect to the FTP server over TLS. The below errors are seen. When I disable these protections I'm able to connect. Regards,Han. Command: PASVResponse: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

INFO gave up: minemeld-engine entered FATAL state