General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! User-ID agent

Hello,

I have had the user-id agent setup previously but now either after upgrading to panos 10 or enabling mutli-vsys my option for the agent is now missing from my user identification menu. Does enabling mulit-vsys break this or maybe the version

...

Resolved! Repurposing log collector

I have a M-500 with two disk pairs in dedicated logger mode that I want to turn into a dedicated manager. I know how to actually change the mode, but can I remove both disk pairs and use them in another logger? I assume the M-500 has internal storage

...

ikev2 with cisco Router using certificate problem

after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse:

received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) d

...

SSL inbound inspection

Hi Team,

I am facing the issue in SSL decryption intermittently. For the transaction website.

traffic flow for the SSL inspection is:-

Outside user ------> Paloalto--------->Load balancer-------->Application server.

In the destination NAT translation,

...

PA Migration from 5050 to 5220 with below requirement-Suggesstions Request

Hi Team,

I have to Migrate PA from 5050 to 5220 for data center firewall.

We are using ASA for Internet.In PA data center firewall we have 2 vsys 1 for internal another for DMZ.

Now the planis DC firewall we are migrating to 5220 afterthat ASA replaced

...

Does updating definitions/antivirus cause any downtime?

I have a new PA-3020 that is inline on my network, meaning if it goes down then so does my network.
Because this PA-3020 is inline I was worried about updating the definitions (only two weeks old right now), and I was not sure if during a definition

...

PA Firewalls HA Active-Active Routed design with BGP

Hello Everyone,
I'm designing an edge network with Active/Active HA. After reading the PA documentation, I found Active/Active Routed based redundancy design which seems best suited for our environment. However the topology shown in Docs is a square m

...

Resolved! Feature Upgrade: load, install, run !?

What does "base image must be loaded" and "you do not have to install or run the base image" mean?

See my screeshot below. The base image is there. Do I have to click on "Install"? The message however clearly says I do not need to do so? So what do I

...

DNS Query

Can we configure firewall will allow only one response for one dns request packet. Please suggest

Not able to Ping

I have l3 switch , new vlan is created and its default gateway is PA FW..A machine when connected to trust interface eth1/2 is able to access the internet...but when machines are connected to switch with trust IP range,internet is not working.

My ma

...

Resolved! Adding in an additional new firewall to the edge, attracting return traffic

I currently have a Brand X firewall at our perimeter with a /24 on the outside and private addressing on the inside.

I want to add a PAN in parallel to the current firewall and gradually move services from Brand X to PAN.

The plan at present is to ta

...

Anyone run into a issue where Client Certificate does not get presented to GP if its in the Local Ma

Hi

Anyone run into a issue where Client Certificate does not get presented to GP if its in the Local Machine Store? I tired giving the user perm but this didnt fix it. Only way to resolve it is to move the cert to the user store, which I dont want to

...

Regarding Wildfire analysis

Hello Guys,

I am preparing for a PCNSA exam and practicing my labs at NDG portal. It is running version 9.0.1. Except for the File from the lab guide the firewall is not sending any other files to Wildfire for analysis. Is their some other things i s

...

twitter not working

Twitter is not working. I create the simple policy but I got this error. aslo create the application override but still I got same error i have also change my browser but still same please suggest.

Resolved! APP-ID Doubt

hello community,

I have a question that I have not been able to solve with the study material and it keeps breaking my head.

Here it goes, when I generate an application-based security policy, for example from "trust" 10.xxx to "untrust" any
with app a

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free