General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! restrict Global Protect connecting to multiple VPN's at same time

Hello Community

Is there a way to restrict Global Protect client from being able to run multiple VPN's at the same time?

We have 2 PA firewalls in different locations for different services, and do not want GP clients accessing both networks at the s

...

help guys.. Unable to access site even its already on overide

Resolved! Configuring Interface Management Profile and Assign it to Agg Interface

Hi All,

I have a customer that looses it's access to the Web GUI of the PAN Firewall except console connection. Aggregate Interface is configured. Can I assign an interface management profile via CLI on the aggregate interfaces? E.g. ae1.100? When i

...

Resolved! SSL inbound decryption and Post message in PA PCAPS

We have configured the SSL inbound decryption.

When we do the PCAPS on the PA we do not see POST message on the re and tx pcaps.

Need to know is this default behaviour?

On traffic logs we see decryption flag as checked.

Also from CLI i verify that PA is

...

Resolved! Panorama suggested version

Hi Team,

we have firewall running version 9.0.6,9.0.4 and 9.0.7, well in this case what could be the suggested version of panorama?

i have heard , panorama should run with same or later version firewall OS, Is it talking about the major version like 7

...

Resolved! All the traps agents are disconnected

Hi Community,

All the agents in my traps setup on ver 4.2.5 shown as disconnected. As the issue looks like ESM server related, i have followed the document https://docs.paloaltonetworks.com/traps/4-2/traps-endpoint-security-manager-admin/troubleshoot

...

Panorama M-500 disk upgrade & add process

Hello,

I'm planning to upgrade storage capacity M-500.

It's using 12 slots with 1TB disks, I'm going to insert 2TB disks to empty slots and replace 1TB to 2TB.

As I know, after add new disks, panorama will redistribute existing logs.

While that process

...

Limitations for creating number of child sa for site to site vpn

Hi,

Here I am trying to create a site to site vpn in Paloalto firewall, now in local network I have 8 individual /32 ips and for remote 10 individual /32 ips. This is for policy based vpn. Now if I add proxy ids for local and remote ips. I am getting

...

Source and Destination NAT using 2 different NAT rules

Hello everybody,

We are trying to replace our Lan-to-Lan concentrator (currently a Cisco ASA) with a PAN-5220 version 8.1.

On the Cisco ASA firewall, we are currently doing source and destination NAT for each incoming connection.

We change the sourc

...

What is the difference of malware detection between NGFW and Traps

Hi community,

I'm just curious why does the Firewall detect a malicious action/file but the traps stays quite about like do they have difference in alerting?

Output detailed HIP logs to syslog

Does anybody know how to output the detailed HIP match logs to syslog?

As it stands, we've got to go to Monitor > HIP Match > Magnifying Glass Icon to see them.

We'd like to send this rich data set to Splunk or another tool to write reports against.

QOS - real time bandwidth monitoring

Hi All,

I've created a generic QoS profile under Network >> QoS but when I view the graph it shows the bandwidth as being much less that I know it is.

At the moment I'm streaming music which is around 2 Mbps but the graph never goes above 0.25 Mbps

H

...

Help - Certificate pre-login globalprotect VPN, with SAML tunnel adoption

Hi,

We are working to create a global protect vpn connetion between our windows 10 devices and the PA FW ver. 8.0.1.

The VPN tunnel needs to use a pre-login tunnel initially (authenticating via the machine cert) which when the user logs in re-authen

...

Resolved! PA running-config Synchronisation

I have migrated HA pair in Panoroma.

Let's say I make some changes from Panoroma and push to only active device.

Now with config sync enabled locally on the firewalls, will it sync the running config to passive device. Panoroma shows config out of sync

...

Resolved! Is there a way to use Panorama to send certificates to managed devices?

Instead of manually installing certificates from a certificate authority on each managed device under Panorama, is it possible to push certs from Panorama? Thank you.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Resolved! restrict Global Protect connecting to multiple VPN's at same time

help guys.. Unable to access site even its already on overide

Resolved! Configuring Interface Management Profile and Assign it to Agg Interface

Resolved! SSL inbound decryption and Post message in PA PCAPS

Resolved! Panorama suggested version

Resolved! All the traps agents are disconnected

Panorama M-500 disk upgrade & add process

Limitations for creating number of child sa for site to site vpn

Source and Destination NAT using 2 different NAT rules

What is the difference of malware detection between NGFW and Traps

Output detailed HIP logs to syslog

QOS - real time bandwidth monitoring

Help - Certificate pre-login globalprotect VPN, with SAML tunnel adoption

Resolved! PA running-config Synchronisation

Resolved! Is there a way to use Panorama to send certificates to managed devices?

global counter tcp_case_2

IKEV2 w Cert - Wildcard peer for DN does not work.

Transferring assets from one CSP Tenant account to another

Proper "outside" interface configuration

Configuring Palo Firewall into an IDS

Re: MFA external provider question

Re: GlobalProtect 6.3.3

Re: SPARE device usage

Re: Upgrade path to 11.2.5 from 11.0.0 on a PA-410

Re: Global Protect application blank screen

Unlock your full community experience!

Rules and Best Practices

Resolved! restrict Global Protect connecting to multiple VPN's at same time

Resolved! Configuring Interface Management Profile and Assign it to Agg Interface

Resolved! SSL inbound decryption and Post message in PA PCAPS

Resolved! Panorama suggested version

Resolved! All the traps agents are disconnected

Resolved! PA running-config Synchronisation

Resolved! Is there a way to use Panorama to send certificates to managed devices?