General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

'decrypt-unsupport-param' error for outbound traffic

We are seeing alternate denies on the firewall with reason- decrypt-unsupport-param and tcp-rst-from-server when a user tries to connect over SSL to a URL. The detailed log view shows type-vulnerability action-alert but traffic is denied by implicit

...

Resolved! how to create policy and how to identify which ports are being used on PAN

Hi Guys,

I am new to Palo Alto. I recently joined the firm and they are using any any as policy for internal to Public, Internal to WAN zone. My tasks is to identify the ports which are being used and apply the ACL.

My question to experts is how to f

...

Panorama not receiving logs after rebuilding with new OVA

We had to rebuild Panorama from new OVA file. It is on version 9.0.8 and running on vmware.

Firewalls are all in-sync

This is the disk status on panorama

adm-rajrupindertoor@Panoramanv1> show system disk-space

Filesystem Size Used Avail Use% Mounted on

...

Problem renewing ssl certificates with global protect portal

Hi all,

I have the following problem. We have an ssl certificate (public ca) and this renews end of this month. We use ssl.domain.xx as gateway. Since we have to renew our certificate I ordered Networksolutions certificate and installed this within th

...

Resolved! What is the preferred way to monitor vmware view environments for User-ID?

How are others monitoring their Vmware view / horizon environments for user-id?

I see there is a terminal services agent you can use, (looks like you can only install on windows and citrix) but I haven't found specifics on actually monitoring the vmwa

...

Resolved! Log Collector question

Please explain:

Panorama must be running the same (or later) software release as Log Collectors but must have the same or an earlier content release version:

Software release version
—If your Panorama management server is not already running the same o

...

PA-850 NGFW vs Fortinet 300E

Would you guys agree that the PA-850 is the model equivalent of the Fortinet 300E?

Just doing a bit of research

Resolved! Encyrption domains / proxy ID

Hi,

I am new to setting up VPN tunnels from Palo Alto to a 3rd party firewall and I'm unsure how to setup the proxy IDs for the tunnel config. On the local side I have 9 x /32 addresses and on the remote side there are 7 x /25 subnet addresses. Do I

...

NTP sync to server 0.pool.ntp.org failed

Hello all,

we run an upgrade on our Panorama to 9.0.7.

Since a few days, I'm receiving this warning:

NTP sync to server SERVER failed, authentication type none

Same message for primary and secondary NTP server.

I switched from internal to external NTP

...

Trying to install Global Protect VPN client

Hello All..

I am trying to install the GlobalProtect VPN client on a Windows 10 box and am having difficulties.

The machine already has the Cisco AnyConnect client on it.

The install seems to complete OK, but when I try to connect with the client it nev

...

Panorama upgrade failing 9.0.5 to 9.0.8

I am getting below message at around 70%

Operation

Software Install

Status

Completed

Result

Failed

Details

Failed to install 9.0.8 with the following errors.
SW version is 9.0.8
Installing [content ] into partition "pancfg"
Nothing to install into /mnt/swm

...

Globalprotect, unable to connect

Hi, I am not a techy person but I have to install Globalprotect in order to work from home, the error I'm getting is: Connection failed: No network connectivity. Please verify your network connection and try again.

I'm not sure what the problem is. P

...

Resolved! RECOMMENDED NUMBER OF USERS

Good Morning Colleagues
I hope you are doing good . May i know the recommended number of simultaneous users for the below configuration:

Firewall Throughput: 5 Gbps
Threat Prevention Throughput: 3 Gbps
IPSec VPN Throughput: 3 Gbps
New sessions per second

...

Resolved! Shared Gateway cannot able to mange from Panoroma GUI

Hello Community,

I have Panorama M-500 that managed cluster of PA-5000 with some Virtual System, I use one Device Group for one VSYS.

Now I need to configure the Shared Gateway.

It seems that I can manage the NAT Policy related to the Shared Group only

...

Unable to reboot Panorama

An old contractor setup our Panorama and I just tried to update the software. It says I do not have permission to reboot Panorama. I am a superuser. How do I give myself permission to reboot Panorama?

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

'decrypt-unsupport-param' error for outbound traffic

Resolved! how to create policy and how to identify which ports are being used on PAN

Panorama not receiving logs after rebuilding with new OVA

Problem renewing ssl certificates with global protect portal