General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

SSL Decryption in different countries?

Hello All,

Starting to deploy 100+ firewalls worldwide. Have configured SSL decryption for General Browsing rule.

A template has been configured in Panorama, so they all have the exact same setup.

North America and Europe locations I tested are OK. Tri

...

Resolved! Can alternate usernames be used for Credential Detection?

We are using Multiple Username Formats under Group Mapping and E-mail address as one of the alternate usernames. Output for CLI command show user user-attributes user all displays e-mail address as Alt Username.
We have also User Credential Detection

...

Firewall-Log Forwarding-Email alert sending multiple message customization to avoid huge email

Hi Team,

We have configured log forwarding on critical policies and facing challenge lot of emails getting generated and triggered multiple mails. Need experts input for customization of email sent to recipient with subject "x number of times" exampl

...

Resolved! check now and Invalid image, Failed to download file

i was trying to download GP client 4.6 from GUI and got error

Invalid image, Failed to download file

tried few times every time got above error.

then i clicked on check now then it worked.

Need to know how i was able to download the global protect

...

Resolved! 4 AD servers and only one shows as Connected user-id agentless

hello team

we have this new set up for group-mapping , with 4 AD servers, we already set-up everything, we can see in the user monitoring all activity from user, however in the section relate to server monitor the status only shows one server connec

...

Resolved! block all facebook but one page

I know there are multiple discussion threads on how to allow just one FB page but block all other access . I tried every single of them and none worked properly.

I created a url filtering profile allowing just my company page and blocked social media

...

Resolved! Ethernet aggregate group

Hello,

I have been reviewing aggregate Ethernet interface group

https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/network/network-interfaces/aggregate-ethernet-ae-interface-group

and I see LACP is not enable by default, then I wou

...

Check Point R77 firewal security rules +400 rules policy migration

hello team

We have to migrate a Checkpoint R77 policies firewal security rules +400 rules policy migration, however we can't see those policies when we export to the expedition tool, we know that in R80 version you can use the CLI on the CKpoint to e

...

What's new in MineMeld 0.9.32

Release Date: 2017-02-06

Changes to the default behavior

To avoid data corruption, MineMeld engine now periodically checks availble disk space. If the available disk space falls below the limit of 10MB per configured node, the engine shuts down and

...

Sync Between Active Directory and User-ID

Hi there,

I have security policy allowed for particular group A. when i add/remove member in group A it doesnt sync with the security policy.

Is there a way to sync between active directory and User-ID/ Security policy?

Thanks in advance.

Pratik

Proper way of using Search Filter in Group Mapping Settings

Hello,

User Identification>Group Mapping Settings>Server Profile

I want to use Search Filter in Group Objects to limit total number of groups returned by that profile (as there are more groups than HW limitation). Group Include List is not an option, s

...

Resolved! Error at task npm install on RHEL

Hi all,

I'm installing minemeld-ansible on Redhat 7.
When i run this command:

sudo ansible-playbook -K -i 127.0.0.1, local.yml

I got this error:

TASK [minemeld : npm install] ********************************************************************************

...

Panorama: Bulk Edit Security Policy to update Security Profile Group

Hi,

I have about 900 rules spread across 2 different groups within Panorama. I would like to apply a shared Security Profile Group to all these rules where there action is Allow.

I have done some searching around but have not found any answers, howe

...

Resolved! Palo Alto VM, Layer 2 bridge (transparent), 802.11q sub interface mac flapping on cisco switch

Hello everyone,

I have an existing palo alto PA-3550 which we are migrating over to vmware, virtualized version (VM-300), onsite, no cloud. On the appliance we have two sets of layer 2 interfaces bridged together. One set is basically a transparent

...

Software packet buffer depletion

I am working with a client who is experiencing very high CPU utilization on the data plane and his packet buffers do not release. He is running 8.1.7 in a lab setting with no traffic being generated to the firewall. He has VM is setup with 6.5GB ra

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

SSL Decryption in different countries?

Resolved! Can alternate usernames be used for Credential Detection?

Firewall-Log Forwarding-Email alert sending multiple message customization to avoid huge email

Resolved! check now and Invalid image, Failed to download file

Resolved! 4 AD servers and only one shows as Connected user-id agentless

Resolved! block all facebook but one page

Resolved! Ethernet aggregate group

Check Point R77 firewal security rules +400 rules policy migration

What's new in MineMeld 0.9.32

Sync Between Active Directory and User-ID

Proper way of using Search Filter in Group Mapping Settings

Resolved! Error at task npm install on RHEL

Panorama: Bulk Edit Security Policy to update Security Profile Group

Resolved! Palo Alto VM, Layer 2 bridge (transparent), 802.11q sub interface mac flapping on cisco switch

Software packet buffer depletion

PA not be able to access internet

SSO Palo Alto Support Portal

IPv6 on public interface

Template- Variable CSV greyed out

Can't find the "Republic of Kosovo" in the "Firewall Region Code Legend"

Re: Allow all web addresses with .gov and .edu extensions

Re: Wildcard URL for Non-HTTP/HTTPS traffic

Re: SSL Inspection issues with GlobalProtect users

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Re: How can I filter disabled rules in the 'policies'-tab

Unlock your full community experience!

Resolved! Can alternate usernames be used for Credential Detection?

Resolved! check now and Invalid image, Failed to download file

Resolved! 4 AD servers and only one shows as Connected user-id agentless

Resolved! block all facebook but one page

Resolved! Ethernet aggregate group

Resolved! Error at task npm install on RHEL

Resolved! Palo Alto VM, Layer 2 bridge (transparent), 802.11q sub interface mac flapping on cisco switch