General Topics

Want to configure multiple policies and objects through cli using script.

Hi all, Hope you all are doing Good. Guys, I have a query can we configure multiple Nat policies, security policies, address objects, address group, etc using scripts through CLI. Is my query achievable and if it is so how can we do it. Please share some articles to understand. Many thanks in advance.

Software updates on support portal is blank

Is anyone else having issues with software updates page being blank on support portal? I see dynamic updates are displayed but not software updates. I have tried Firefox, safari & chrome with no luck.

Universities experiences with SSL Decryption?

Greetings all, I'm looking for other admins' experiences with utilizing the SSL Forward Proxy decryption options in a university environment. General overall experiences would be good but, specifically, I'm wondering about: Did you go SSL Decrypt everywhere or only on certain networks (i.e. academic networks but no residence networks for on-cam...

can we push dns security enabled anti-spyware profile to panos 8.1

We are managing 4 location firewalls from Panorama. Panorama and one of the location is on 9.0.9-h1. Rest of the location firewalls are on 8.1.5.We have activated DNS security licence on that upgraded firewall which is running on panos 9.0.9-h1.We are using shared anti-spyware profile for all firewalls. If we enable DNS security setting in same...

Resolved! customised option for email alert for ISP link up or down

Hi I have a PA firewall, is it possible to create an email alert for ISP link up or down in PA 220 device

Behaviour of NAT and Security Rules along with intrazone -default rule.

Hi Gang,Still getting grips to everything so would love your help in understanding the behaviour of traffic when it is NATed and allowed. The Scenario: Zones: outside and insideA DNAT rule from outside-to-outside that NATs 1.1.1.1:22 which translates to 192.168.1.1:22A security policy that from outside-to-inside traffic for 1.1.1.1:22Result:Any...

Blocking Pacman on Google Doodle

We have been trying to block the following website to stop students at our school playing Pacman https://www.google.co.uk/search?hl=en&site=webhp&source=hp&q=pacman&oq=pac&gs_l=hp.1.0.0l3j0i131k1j0l6.965.1399.0.3543.3.3.0.0.0.0.32.89.3.3.0....0...1.1.64.hp..0.3.87.NoYdh0ojI_E#clb=clb&spf=1495713448440Obvioulsy we want th...

Active/Passive Firewalls w/Different ISP Default Routes

I have two PA 5220s running active/passive and HA but connecting to dual ISPs. In a failover situation the passive firewall would assume the active firewalls default route but physically has a connection to the backup ISPs gateway not the active ISPs. How do I configure this active/passive config to allow the passive firewall to route to the bac...

Resolved! Newbie in need of help: Forwarding traffic logs to a syslog server

Hi community, I need to forward all traffic and threat logs to a log collector. I understand most of the process except the security policy part. Once I create a syslog server profile and then a log forwarding profile, I then need to use that log forwarding profile in my security policy. Our firewalls have many rules and my only instructions hav...

Active sessions across inactive vwire

Just curious about what I'm seeing. I have two interfaces that are in a vwire. The switch interfaces which go to the the FW were shut down last week yet looking on the firewall, I see that there are still active sessions which show these two interfaces as the ingress and egress points. These sessions would have been established before the inter...

Resolved! Incorrect Rule Assignment UrlCategory Any

External ipaddress 23.35.182.93 is getting incorrectly mapped to a rule "Permit Intranet Sites". The rule uses a Urlcategory for Intranet sites and the destination has trust/untrust zones with a negate on one specific destination address. What might cause the firewall to misapply rules if the dns to ipaddress mappings are effectively static? I a...

Getting intermittent unknown UDP traffic logs

Hi All , I am having policy having application group and set services as application default . Sometime policy is working fine but sometime its dropping packet and in logs showing application unknown UDP. Could you please suggest any troubleshooting steps here ? I did packet capture but not seeing any this specific which can indicate any issue...

Resolved! Fresh install on Ubuntu via apt won't login (ERROR CHECKING CREDENTIALS)

I've just followed the instructions (https://live.paloaltonetworks.com/t5/minemeld-articles/manually-install-minemeld-on-ubuntu-16-04/ta-p/253336) for setting up a fresh install of MineMeld on Ubuntu 16.04 LTS (on Azure, in this case). Followed every single step, including the reboot at the end. All of the services show as being in a RUNNING s...

Resolved! can 2 interfaces have same security zone at the same time?

Will Firewall let me configure same security zone to 2 interfaces but make a decision to egress the traffic based on the route table? TIA.

Resolved! Adding Routes via Windows

Hello, I'm attempting to add routes via cmd using the 'route' command but I'm encountering issues, none of my traffic is being passed by the gateway. My intent is for a host (10.10.3.22 in this example) to egress out of R1 (10.10.3.250) to another network on 10.10.2.0. Checking my firewalls logs at R1 (10.10.3.250), I see no traffic even being t...

Discussions

Want to configure multiple policies and objects through cli using script.

Software updates on support portal is blank

Universities experiences with SSL Decryption?

can we push dns security enabled anti-spyware profile to panos 8.1

Resolved! customised option for email alert for ISP link up or down

Behaviour of NAT and Security Rules along with intrazone -default rule.

Blocking Pacman on Google Doodle

Active/Passive Firewalls w/Different ISP Default Routes

Resolved! Newbie in need of help: Forwarding traffic logs to a syslog server

Active sessions across inactive vwire

Resolved! Incorrect Rule Assignment UrlCategory Any

Getting intermittent unknown UDP traffic logs

Resolved! Fresh install on Ubuntu via apt won't login (ERROR CHECKING CREDENTIALS)

Resolved! can 2 interfaces have same security zone at the same time?

Resolved! Adding Routes via Windows

Doubt about Custom URL category

Upgrading from 10.2.9-h1

Can 'admin' account be deleted?

NGFW with two different Support Structure in one CSP

[User-ID HUB Vsys] Solved Issue User-ID Behavior

Re: GlobalProtect is no longer able to retrieve information for Trend Micro Apex One Security Agent

How to get access to the knowledgebase articles (SSO Error)

Re: Unable to activate Precision AI network security bundles license

Re: Convert management-only Panorama to panorama-mode

Re: Sofware Upgrade broken? "An active license is required for this feature"

Unlock your full community experience!

Resolved! customised option for email alert for ISP link up or down

Resolved! Newbie in need of help: Forwarding traffic logs to a syslog server

Resolved! Incorrect Rule Assignment UrlCategory Any

Resolved! Fresh install on Ubuntu via apt won't login (ERROR CHECKING CREDENTIALS)

Resolved! can 2 interfaces have same security zone at the same time?

Resolved! Adding Routes via Windows