General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Asymmetric Routing and TCP Syn Check

Hello All,

I have a scenario where I will be having two ISP's (ISP-A and ISP-B) connected to the PA Firewalls via eth1/1 and eth1/2 interfaces. Both these Interfaces will be in the same untrust-zone. ISP-A will be the primary one and ISP-B the backup

...

Resolved! Vulnerability Signature action is Alert but traffic is getting reset both due to threat

In PA traffic is blocked due to threat signature.

In threat kogs it shows reset both.

When i check the signature it shows default action is alert only???

Why PA is resetting the connection when signature shows action as alert only???

NFR licenses vm-100

Hi,

How can I get and download NFR licenses for vm-100?

Global Protect and google play traffic from mobile

Hi all ,

I am running PAN OS 8.0.19 and GP 4.1.12 and users cannot access google play store while they are connected to the VPN from androids .

I have tried with spli tunneling including 63 subnets from google and I have tried full tunnel defining i

...

Resolved! SSL Exclude Option Missing in 8.1

Hi Community,

I noticed, that in 8.1.x (7,8,9, 9h4) the "SSL Exclude Option" in Device > Certificate Management > Certificates is missing.

The PAN-OS 8.1 guide mentions this option on page 198, and you can see it in a screenshot in this KB point 7:

ht

...

Resolved! LSVPN Satellite Deny specific subnet to Publish to gateway

In LSVPN VPN setup how can we deny specific subnet to not advertise to gateway.

I have selected Publish all static and connected routes and I want to deny some of static routes of them , how can we do that ?

I know we can disable public option manual

...

Resolved! Address object was saved with invalid IP address.

Hi All,

PA-5050 PAN-OS 7.1.24

Is it expected behaviour?

Thanks,

Myky

Multicast with Chromecasts confusion

Background:

I have a trust zone on ethernet1/2 192..168.1.0/24 and an iot zone on ehternet1/4 10.10.10.0/24 and I want to be able to cast things from endpoints (mobile phones and laptops) to the chromecasts on the iot zone.

It seems like multicas

...

Resolved! Ubuntu

Hello, can anyone tell me what version of Ubuntu I should use for MineMeld ?

Error when attemtping to delete node

I setup a couple nodes for miner, aggregator and output for Azure IPs to test. Now I want to delete some. When I try to Click "X" to delete any of the nodes, I get red error popup in corner that states "Error deleting node: Timeout".

I removed t

...

Autofocus MineMeld - how to access output node that requires authorisation

I need to create O365 IP/URL EDLs but when I try to access the output nodes I get "Unauthorised" message unless I sign into AutoFocus in the browser. Needless to say I cannot do the same on a firewall. How do I allow anonymous connections to a feed i

...

Config Files Backup

Hi.

I have PA850. According to this link (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm7yCAC) I configured backup with local Superuser account. Everything is OK. But then I created new Admin Role named backupadmin and ne

...

High memory usage on Palo Alto

I have an issue with a Panorama VM indicating high memory usage.

Using the following resources:

top - 10:59:58 up 82 days, 1:07, 1 user, load average: 4.22, 3.89, 3.87
Tasks: 156 total, 1 running, 152 sleeping, 0 stopped, 3 zombie
Cpu(s): 39.2%us, 1.8%s

...

Resolved! Data Center Firewall - Monolithic vs Virtualized

This is purely theoretical and does not represent a real network.

You can think of this as on prem or public cloud:-

Monolithic

This design utilizes 3 physical firewalls that are embedded in a data center fabric
• Perimeter
• B2B
• DC
The main focus of my

...

Development Palo Alto Networks firewall

I have supported Palo Alto Networks firewalls since the 3.x days. I currently support many of these firewalls, many including HA with all of the licensed features, linked to Panorama, Minemeld and other products.

I desire a lab setup so that I can t

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Asymmetric Routing and TCP Syn Check

Resolved! Vulnerability Signature action is Alert but traffic is getting reset both due to threat

NFR licenses vm-100

Global Protect and google play traffic from mobile

Resolved! SSL Exclude Option Missing in 8.1

Resolved! LSVPN Satellite Deny specific subnet to Publish to gateway

Resolved! Address object was saved with invalid IP address.

Multicast with Chromecasts confusion

Resolved! Ubuntu

Error when attemtping to delete node

Autofocus MineMeld - how to access output node that requires authorisation

Config Files Backup

High memory usage on Palo Alto

Resolved! Data Center Firewall - Monolithic vs Virtualized

Development Palo Alto Networks firewall

Template- Variable CSV greyed out

Can't find the "Republic of Kosovo" in the "Firewall Region Code Legend"

Device - certificate based authentication

Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

Wildcard URL for Non-HTTP/HTTPS traffic

Re: Allow all web addresses with .gov and .edu extensions

Re: Wildcard URL for Non-HTTP/HTTPS traffic

Re: Howto delete sub-interace from cli

Re: SSL Inspection issues with GlobalProtect users

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Unlock your full community experience!

Resolved! Vulnerability Signature action is Alert but traffic is getting reset both due to threat

Resolved! SSL Exclude Option Missing in 8.1

Resolved! LSVPN Satellite Deny specific subnet to Publish to gateway

Resolved! Address object was saved with invalid IP address.

Resolved! Ubuntu

Resolved! Data Center Firewall - Monolithic vs Virtualized