General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Global Protect external IP address - Best practice?

Hello,

We are a moderately-sized customer without an assigned sales or engineering resource due to account transitions.

We are in the process of moving to a new ISP and it has been suggested by internal resources, for other reasons, to utilize the s

...

Resolved! False positive threat

Hello,

PA-3020 is falsely identifying some adobe-creative-cloud-base traffic as being a threat. I can't add an exception for this as the log view does not contain a threat ID as it normally would for a threat. All of my dynamic updates are up to da

...

Resolved! debug dataplane for vwire and flow

if we have PA in vwire mode for troubleshooting purposes we can do pcap

Also we can do

debug dataplane packet-diag set log feature flow basic

Other then this can we use any other flow for vwire troubleshooting?

Cisco ASA multi Context migration

I am migrating a configuration over from a Cisco ASA that uses multiple contexts and have several questions about how to replicate that in a PA.

1. The ASA's use port-channel groups and for the internal and external those are shared. On the inside in

...

Resolved! DNS security and cloud lookup

With PAN OS 9.0 Does PA do cloud clookup for everydomain

or

only for domains which are not in DNS sinkhole of Antispyware profile?

I was told DNS security is a part of PAN DB so when clouds verdict is that particular domain is bad hows does this

...

Resolved! Turning Off DNS Lookups When Performing Dataplane Packet Capture?

Is it possible to turn off DNS lookups when performing packet captures on the dataplane?

I was hoping to run some pcaps, without taking up too many unnecessary resources through DNS lookups.

Thanks.

Resolved! Policy rule hit-count data is not stored on the firewall or Panorama

For link below

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/management-features/rule-usage-tracking

Policy rule hit-count data is not stored on the firewall or Panorama so after you clear the hit count using the reset option, tha

...

Resolved! commit error

today i got commit error

Client websrvr requesting last config in the middle of a commit/validate. Aborting current commit/validate.

Commit failed

Fix was i just need to run the commit again.

Need to know why this commit error occured?

Setting All traffic of a specifif URL to the primary ISP

Hi Everyone!

How will I set all traffic from https://www.siteground.com/ to my primary ISP? Because Currently we have two isp and running in a balanced round robin. The issue is whenever we go to the website it shows an error "Due to ip changed ins

...

Panorama reset Authentication Profile (Certificate Profile based Authentication) via CLI

Hi,

I have configured (on a test Panorama VM - luckly not on the production one) a SSL Certificate Based authentication following the steps provided on the Panorama Administrator's Guide; somehow It didn't quite worked out and I'm currently locked ou

...

PBF state is dicard

I have 2 internal test IPs, 172.16.16.2 and 172.16.16.3. These 2 IPs are respectively PBF, which implements different paths. And these two IPs have done two-way NAT. Map them to a public network address.
The problem that arises now is that 172.16.16.

...

How to make PA side as intiator for VPN with Azure

We want to make Palo Alto side as intiator for VPN with Azure .

Currently we have IKE settings as aes256,3des , sha1 sha256 and group 2 .

with lifetime less that azure standard 28800

still we are seeing PA acting as responder.

Basically issue is with

...

Resolved! minemeld-web FATAL, CENTOS Latest Dev Edition

I performed a recent git pull and performed the standard upgrade due to we were having issues on the edition we were on. However the minemeld-web will not load. I tried the revert back to pip 9.0.3 command for others having the with no luck.

When tryi

...

Top urls by Bandwidth for a user

Hi Everyone,

This is probably a very simple task, however i am not getting the result I am after.

I am trying to create a report that shows me the top URLS by bandwidth for a user for the last 7 days

, in the User Activity Report ( predefined) it shows

...

Resolved! Destination NAT

Hi there,
I have few URL acessible publicy one of them is WWW and HTTPS. I have dedicated HTTPS URL(xyz.com) however all other www URL(abc.com) is also accessible though https and redirecting to that https url(xyz.com). i am not sure what i am missing

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource