General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Dynamic Domain List Empty

Created Dynamic Domain list, added single domain x.y.com > added list to antispyware profile > profile is used in policies but still the list shows empty. Also tries y.com still it is empty. Source URL is accessible an there are other IP lists in sam

...

GRE Tunnel with Zscaler...

Hi Team,

Does Paloalto NGFW supports GRE tunnel with Zscaler?

Thanking You!!

Regards,

Om Prasad

Resolved! Layer 3 routing on PA

Guys, facing a small issue hope can resolve together

I have created a new network on PA as Layer-3(503) and am trying to communicate with my other existing layer-3 network (501):

Steps configured are as follows :

1) created Layer-3 ae4.503 with IP X.53.

...

Resolved! Split tunneling for zoom app

Hi,

We dont have configured split tunneling for GP. We have 0.0.0.0/0. We would like to do split tunneling only for zoom-base.

We tried to configure in GP gateway excluding the zoom ips but its still the zoom traffic reaching the PA, because IPs can c

...

Resolved! restrict Global Protect connecting to multiple VPN's at same time

Hello Community

Is there a way to restrict Global Protect client from being able to run multiple VPN's at the same time?

We have 2 PA firewalls in different locations for different services, and do not want GP clients accessing both networks at the s

...

help guys.. Unable to access site even its already on overide

Resolved! Configuring Interface Management Profile and Assign it to Agg Interface

Hi All,

I have a customer that looses it's access to the Web GUI of the PAN Firewall except console connection. Aggregate Interface is configured. Can I assign an interface management profile via CLI on the aggregate interfaces? E.g. ae1.100? When i

...

Resolved! SSL inbound decryption and Post message in PA PCAPS

We have configured the SSL inbound decryption.

When we do the PCAPS on the PA we do not see POST message on the re and tx pcaps.

Need to know is this default behaviour?

On traffic logs we see decryption flag as checked.

Also from CLI i verify that PA is

...

Resolved! Panorama suggested version

Hi Team,

we have firewall running version 9.0.6,9.0.4 and 9.0.7, well in this case what could be the suggested version of panorama?

i have heard , panorama should run with same or later version firewall OS, Is it talking about the major version like 7

...

Resolved! All the traps agents are disconnected

Hi Community,

All the agents in my traps setup on ver 4.2.5 shown as disconnected. As the issue looks like ESM server related, i have followed the document https://docs.paloaltonetworks.com/traps/4-2/traps-endpoint-security-manager-admin/troubleshoot

...

Panorama M-500 disk upgrade & add process

Hello,

I'm planning to upgrade storage capacity M-500.

It's using 12 slots with 1TB disks, I'm going to insert 2TB disks to empty slots and replace 1TB to 2TB.

As I know, after add new disks, panorama will redistribute existing logs.

While that process

...

Limitations for creating number of child sa for site to site vpn

Hi,

Here I am trying to create a site to site vpn in Paloalto firewall, now in local network I have 8 individual /32 ips and for remote 10 individual /32 ips. This is for policy based vpn. Now if I add proxy ids for local and remote ips. I am getting

...

Source and Destination NAT using 2 different NAT rules

Hello everybody,

We are trying to replace our Lan-to-Lan concentrator (currently a Cisco ASA) with a PAN-5220 version 8.1.

On the Cisco ASA firewall, we are currently doing source and destination NAT for each incoming connection.

We change the sourc

...

What is the difference of malware detection between NGFW and Traps

Hi community,

I'm just curious why does the Firewall detect a malicious action/file but the traps stays quite about like do they have difference in alerting?

Output detailed HIP logs to syslog

Does anybody know how to output the detailed HIP match logs to syslog?

As it stands, we've got to go to Monitor > HIP Match > Magnifying Glass Icon to see them.

We'd like to send this rich data set to Splunk or another tool to write reports against.

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free