General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Global protect to restrict certain source IP

Can Global protect restrict or only allow certain external public IPs from accessing the VPN?

GlobalProtect VPN - restrict which devices can VPN?

Is there a way to prevent employees' personal computers (not issued by company) from connecting to VPN? If so is there a license for this and where do you configure the settings?

Website getting blocked

Hi Team

We have PA 220 firewall with 8.1.5 PAN os version.

We have tried to reach one particular website but its not reachable. When we checked the traffic logs that application was shown as "incomplete" and the end session reason was aged-out.

Note

...

Palo Alto Firewall Packet Capture on drop state

Hi Team, I have an issue in production for SMTP traffic, when i do packet capture in Firewall for drop state, could see packet are getting dropped in syn packet

Co-related Events Logs Gathering

Hi,

How can we gather the Beacon Detection logs for Co-relation logs in our Syslog Server.

Regrads

Karthikeyan Balamurugan

Resolved! migrating config from 7.0.12 to 8.x.x

hello.

we have a replacement of a palo alto coming up.

the actual migration is I believe from a 3050 model running pan-os 7.0.12

and the config needs to be migrated to a pa 5220 (whic I believe can't run pan-os 7.x but comes with 8.0.0 minimum.

due to

...

Display SSL/TLS version in traffic logs (app coloum), instead of just (ssl)?

Hi

is there a way to display SSL/TLS version in traffic logs (app coloum), instead of just (ssl)? i have worked on another firewall vendors it's too easy to deteremin SSL/TLS version for troubleshooting instead of packet capture for many many custom

...

How to upgrade a Panorama server from 7.1.x to 8.1.x

Hi,

How to upgrade a Panorama server from 7.1.x to 8.1.x. Also, I heard about the log migration after upgrading to 8.0. So what should be the procedure to follow for this upgrade.

ipsec site to site vpn

Hi,

Do I need a tunnel interface for site to site vpn ?

If yes How can I do that and what is the benefit

Thanks

firewall using wrong LDAP attribute to find user in active directory

Hello Community,

I´d like to check with you the following issue:

created a LDAP authentication profile which is not working, when using the "test.... " command I get an authentication failed with "Received empty DN for user User12345"

I made a traffic

...

Resolved! update from pan-os 4.1?

is it possible to update an old box for lab purposes that is currenlty running 4.1.6 pan-os? It can't be updated to 6.x without being at 5.0, but 5.0 is not available for download. Is a fresh install (skipping upgrade paths) of 8.1 not possible? Is t

...

Orange attack on GP

https://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html?m=1

Any word from PA on this ?

Global Protect One session One user

GP can support One username login one session or not. If yes where is configuration at GUI

Why is decrypt failing for this site

Hi

myeverythingdisc.com

my PA's use the unsecure CA..

tring to work out why.

Last I checked there was no log so ...

GP client fedora certificate

HI,

We are trying to go up a VPN using Global protect client in fedora device. We have read that global protect 4.x requires that the certificate be signed by a trusted CA. Our certificate is self-signed. So we have GP client version 3.1.x because we

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Global protect to restrict certain source IP

GlobalProtect VPN - restrict which devices can VPN?

Website getting blocked

Palo Alto Firewall Packet Capture on drop state

Co-related Events Logs Gathering

Resolved! migrating config from 7.0.12 to 8.x.x

Display SSL/TLS version in traffic logs (app coloum), instead of just (ssl)?

How to upgrade a Panorama server from 7.1.x to 8.1.x

ipsec site to site vpn

firewall using wrong LDAP attribute to find user in active directory

Resolved! update from pan-os 4.1?

Orange attack on GP

Global Protect One session One user

Why is decrypt failing for this site

GP client fedora certificate

Template- Variable CSV greyed out

Can't find the "Republic of Kosovo" in the "Firewall Region Code Legend"

Device - certificate based authentication

Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

Wildcard URL for Non-HTTP/HTTPS traffic

Re: Allow all web addresses with .gov and .edu extensions

Re: Wildcard URL for Non-HTTP/HTTPS traffic

Re: Howto delete sub-interace from cli

Re: SSL Inspection issues with GlobalProtect users

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Unlock your full community experience!

Resolved! migrating config from 7.0.12 to 8.x.x

Resolved! update from pan-os 4.1?