General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! DOS profile for critical servers

Hi Guys,

I want to create the DOS profile for critical servers. I read that I can use classified type so connection count toward only one IP address.

My question is can I add multiple servers IPs in same DOS Rule or I need to create multiple DOS rules

...

External BGP Static Route Advertisement, with Path Monitoring an inside net

I have an existing LAN with two data centers. The firewalls at each are not in a cluster, and have different internal/external connections and tunnels, so changing to active/active it not possible. They each have separate DMZ's right now.
We need to b

...

Have you heard of the Cyber Elite?

In case you missed it, the LIVEcommunity team has just introduced the LIVEcommunity Cyber Elite program.

What is the Cyber Elite program you ask?

This is a program that we have helped create to recognize the Expert members of the LIVEcommunity.

...

HL7 Traffic / Unknown-TCP traffic gets denied.

We are standing up some new PA firewalls and have been testing with some HL7 servers. Testing has been going well until recently where "unknown-tcp" traffic gets denied. It seems that it only happens when the transfer of a specific file/message is

...

Scope of the licence pan 3220 is linked to the serial number ?

If I put a hard disk from a PAN3220 that failed, in a new PAN3220, what impact does the license have or is it only linked to the serial number of the Firewall

Resolved! Public to Public RFC 1918 blocks

Hi,

I am looking to block the RFC 1918 blocks coming from internet to our LAN zone. So, Policy will be Source zone: Public , IP: RFC1918 blocks, Destination zone: LAN, IP : any .

Can you guys please confirm that creating this policy will fulfill my re

...

Primary and Secondary SSL VPN global protect

One question that comes in my mind, can we use fallback URL or IP in Global Protect client? Like in Cisco AnyConnect, if the primary VPN Server or internet source is down then client connect with the secondary internet source automatically.

Resolved! x-forwarded-for header in traffic log on AWS VM

Hello,

My FW is behind ALB, so I want to see original Src IP.

I enabled "use x-forwarded-for header in user-id" setting and user-id on the zone.

But there is no info on source user column in traffic log.

I can see the information in url filtering logs

...

Qos statistics tab does not show class for multicast traffic

I have a customer case where they have enabled QoS for layer 2 interface. There is a Qos rule in place for classifying multicast traffic as class 3.multicast traffic from zone LAN is hitting the right QoS policy and from the session details, I have v

...

Assigning a template to a specific vsys within a Template Stack?

Most of our FWs are multi-vsys. Our stacks basically consist of one template - the entire FW config. Now we are trying to create more global templates that we can apply to multiple Template Stacks. But when creating a new template configs, the co

...

Resolved! Empty EDL PA220 PANOS 10.0

Hello

Im doing some tests on PA-220 test unit.

Some story - im using windows 10 with installed debian on WSL.

I've installed apache2 and doing some IP pulls from internet and then hosting it on:
192.168.7.131/steamip2.html
I can access this from my intern

...

Internet disconnects upon connecting Globalprotect

Got a new broadband and if i try to connect VPN using globalprotect, Internet is getting disconnected and im not able to browse anything. If VPN is doconnected , Internet is working fine without any issues

Resolved! New Install Checklist

Hello -

Has anyone seen or created, that they'd like to share, just a general checklist of information to collect and steps to do a new install?

Resolved! Problem URL-Filter onedrive urls

Hello everybody,

I use url-list from urlhaus. If I test some entries, I got a problem with onedrive-urls like this:

onedrive.live.com/download?cid=a75074ec168603e4&resid=a75074ec168603e4%21108&authkey=apnjueurszwr7fi

This url should be blocked by urlf

...

IKEv2 keepalive tuning

IKEv2 on PA has built in keepalive mechanism, but it can only act if the communication is lost for more than 5 minutes: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgcCAC

After testing it out, about 7-8 minutes passed un

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free