General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Resolved! It's possible to block custom file hash-256

It's possible to block custom file hash-256 in Palo alto.Please let me know how I can check the respective file hashes disposition at a wildfire, either it is in block or not. Here is below the file hashes need to know for disposition. f743c0849d69b5ea2f7eaf28831c86c1536cc27ae470f20e49223cbdba9c677ce56d45628f0c2bda30ab235657704aac50a8433bdb4215c...

PA-Aggregate-Group-Configuration-Dual-Uplink-Core-Switch

Dear Techs, Hope you all are doing fine and safe. Can some one give me an insight on how I can configure 'Aggregate Interface Group' so that I can maintain a high availability for Internet traffic with my core switch? To make it more simple. The below is my current scenario. From a single cisco core switch, up-links goes to the firewall and the...

Resolved! Issues with login into Certmetrics

Hey guys, I just completed PSE Professional certification and received on e-mail that I can look up my Certification. This would be my first time logging, so I chose that option. When I enter my e-mail address that I used to apply for exam, I get this message: Unfortunately, more than one candidate in the system is using this email address. You ...

Can an EDL be used in log searches and custom reports?

I'm interested in blocking inbound traffic from known TOR exit nodes. I have the EDL but want to see what the impact of this policy will be before enabling it, so I'd like to search the traffic logs or run a custom report using the EDL like an address group. Our 7050 (9.0.9h-1) doesn't like the EDL as a search term. Is there a way to do this?...

Resolved! test security-policy-match shows blank output instead of "No rule matched"

Hello to the community, First I'd like to thank everyone for contributing. The community is invaluable. I was wondering if anybody have any ideas why I always see this behavior? Reading through the discussions and doing my own research, I have seen it result showing "No rule matched" whereas my output is always just blank when no rule is matched...

Dedicated Log Collector interfaces

All, I am having trouble finding good documentation on this. Hoping maybe the community has experience with it. I need a few questions answered. We have 2 M600 dedicated log collectors. We plan on utilizing the 10 GB interfaces for Device Log Collection. That part is clear as spring water. The part that is very muddy Log Collector External Log F...

Administrative Install

I'm having trouble finding the correct administrative installation process. I have several field reps that do not have administrative rights to their laptops. I need to install GlobalProtect for them and have it pre-configured with proper certificates, portal addresses, etc. My certificates are self-generated by the firewalls, so are not trus...

Syslog - LFP options

Hi Guys We have PA with version 9.0.4 and have to configure Syslog server log forwarding on the same. Created (syslog) server profile..Now creating "Log Forwarding Profile" there are options "forward method" and "built-in-action" available there. which is not giving so much clarity what need to be configure there, Referred few articles available...

Converting a cluster to FIPS-CC?

Given all of the hurdles one has to go to to get a stand alone device converted to FIPS-CC, I'm told I have to do this on a cluster, so needless to say my anxiety is a bit on the "through the roof" side. Maybe I'm not looking hard enough, but I'm unable to find the steps for an active/passive cluster. I'm assuming someone has already done this,...

Globalprotect Download the system without activate PA

One of our customers wants to download GP client 5.1.3 in the system without activating in Paloalto,wants to test a new client before activating in production Paloalto. Is there any way to download i PA-220OS 8.1.15

UserID agent sessions to public IPs

Hi, We are detecting in Palo FW that there are sessions from UseriD-Agent servers to publics IPs. Our SOC confirmed that some of these public IPs are categorized like low reputation. Sessions are in port 135. I know the UserId agent uses this port but its reaching publics IPs.We have GP enabled, and there are also connections port 135 to the pub...

can we convert non saas application into saas application.

Hi Guys, Can we change manually a non saas application in saas applicationFor example, telegram does not come under saas application can we convert it manually into saas application.

Resolved! BGP "Router ID" and multiple peers

What exactly is the "Router ID" field used for in the BGP tab of Virtual Router configuration?I ask because I'm planning on announcing a /24 to two different ISPs/peers, and each ISP has its own /30 for the transit segment. So, if I make the router ID the IP address for one segment, it is incorrect for the other segment... or does "Router ID" n...

Converting a cluster to FIPS-CC

Given all of the hurdles one has to go to to get a stand alone device converted to FIPS-CC, I'm told I have to do this on a cluster, so needless to say my anxiety is a bit on the "through the roof" side. Maybe I'm not looking hard enough, but I'm unable to find the steps for an active/passive cluster. I'm assuming someone has already done this,...

Resolved! How do i setup a BGP inbound filter that allows only 1 AS

Been looking and googling and can't find it . so I have created a BGP import filter.attached to router group.But the match ... "AS Path Regular Expression" what do i put in there to limit it to 1 AS Find it hard to believe somebody hasn't done this. Also the doco ... sigh I'm thinking something like ^[^_]*$might work . not even sure is pa regex...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Resolved! It's possible to block custom file hash-256

PA-Aggregate-Group-Configuration-Dual-Uplink-Core-Switch

Resolved! Issues with login into Certmetrics

Can an EDL be used in log searches and custom reports?

Resolved! test security-policy-match shows blank output instead of "No rule matched"

Dedicated Log Collector interfaces

Administrative Install

Syslog - LFP options

Converting a cluster to FIPS-CC?

Globalprotect Download the system without activate PA

UserID agent sessions to public IPs

can we convert non saas application into saas application.

Resolved! BGP "Router ID" and multiple peers

Converting a cluster to FIPS-CC

Resolved! How do i setup a BGP inbound filter that allows only 1 AS

Support Down??? Unable to Open tickets.

Foward Trust Cert and MacBook Pro

Where can I find learning resources for PA net sec pro cert.

Change to Applipedia

SSL Connection Error During Panorama-Orchestrated HA Upgrade

Re: Beginner Question Best Way to Structure Policy Design in Palo Alto Firewalls

Re: First-time poster exploring best practices for security design in PAN-OS environments

Re: Beginner Question Understanding Basic NAT and Traffic Flow in Palo Alto Firewall

Re: Beginner Question Best Way to Structure Policy Design in Palo Alto Firewalls

Re: First-time poster exploring best practices for security design in PAN-OS environments

Unlock your full community experience!

Resolved! It's possible to block custom file hash-256

Resolved! Issues with login into Certmetrics

Resolved! test security-policy-match shows blank output instead of "No rule matched"

Resolved! BGP "Router ID" and multiple peers

Resolved! How do i setup a BGP inbound filter that allows only 1 AS