General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Access to Panorama after upgrade to 8.1

Hello

After upgrade Panorama to 8.1.11 I can't connect to GUI via proxy server (proxy server just substitute own certificate) I can reach login page but after putting credentials to Panorama I see blank page.

Before upgrade access was ok.

Direct access

...

Resolved! Global Protect User Groups

I want to user map configuration to AD user group for Global Protect clientless VPN. This works quite will if authentication is LDAP.
Have you any idea how can I get it to work with Radius authentication? Presuming that the user has the same name as

...

Difference between making a report with "Run Now" and making it with the "Scheduled" option.

Hello,

I have created a custom report with the following settings in Panorama:

set shared reports "Threat Summary-Diario" type panorama-thsum sortby count
set shared reports "Threat Summary-Diario" type panorama-thsum group-by srcloc
set shared reports

...

Resolved! scp export log traffic to a server not using port 22

Hello,

I'm trying to send an export of traffic log to a server that use port 40111 instead port 22.

I'm using this command in Panorama:

scp export log traffic to pppp@1.1.1.1:40111

But receive a timeout indicating that host 1.1.1.1 hasn't available po

...

Resolved! Rule usage report in PanOS 8?

Is it possible to create (scheduled) rule usage reports in PanOS 8, ideally from Panorama on a per device group basis?

I see the rule usage data present, seems silly there wouldn't be a capability to query against it.

Rules (not) used withing last X d

...

decrypt-cert-validation while performing windows update

Hey Guys ... I am doing a normal Windows Update and i am getting error.

While analysing the application type is ms-update and reason for session end is decrypt-cert-validation.

Appreciate if you guys can support.

Debugging packet flow.

Hi there,

We have just moved from a Juniper SSG-550 with around 700 policies to a PaloAlto 3050.

Naturally this has thrown up a few issues!

Can anyone explain how to do the equivalent of a Juniper “debug flow basic” on the PaloAlto?

On the Juni

...

Blocking vs. logging throughput

If I have a security policy applied to all my zones which includes profiles for everything (AV, spyware, vulnerability protection, etc.) but the actions are all just logging or alerting and not blocking, would that affect my throughput? I was wonder

...

Threat / AV signatures after OS EOL.

Will AV / Threat Signatures still up date on 8.0 after EOL?

I only found out it was going EOL when I logged into another of our clusters with 8.1 which told me on the MOTD..

The MOTD on the 8.0 has no such message.

I have had look through the "Palo

...

Resolved! Replacing a Palo

Hello -

We had one of our Palos die on us, we have the replacement and I have read this document:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHFCA0

But, I'm hoping someone on here can give me some real world experience

...

Resolved! PA-500 VPN with Amazon VPC

Hello,

have someone a howto about connecting a PA-500 with the Amazon VPC Service?

It would be nice to take a look on it

best regards

Dietmar Otto

PA session end reason is decrypt error -

In PA i saw this behavior for session end reason is decrypt error and traffic is working fine.
I check with users where session end reason is decrypt error they told me they have no issues.
we have ssl decryption enabled and PA is running 8.1.9
IS th

...

Resolved! PA-850 & Radius PEAP

We had purchased a pair of 850s to replace a pair of 3020s. Over the weekend I had put the 850s into place and we immediately saw problems with clients authenticating to our radius server behind the 850. We're working with PA support but they seem

...

VPN S2S and Description ssl in Wires mode

Hello, I have a couple of doubts and I would like you to help me about it. 1.- Is it possible to perform an Ipsec VPN when the firewall is in V-Wires mode? Only having an IP in the administration interface? 2.- Is it possible to perform SSL decryp...

Resolved! DSRI for VPN Tunnel

I can't seem to find a clear answer to this, and there may not be one. I have a VPN tunnel between 2 sites, both on PA-820's. Would "disable server response inspection" on the VPN policy on both sides benefit from this? What are the potential downsid

...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free