General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Filter default route

WE have configured OSPF between a Palo Alto firewall and the CORE to which it is physically connected, within this CORE there are several VRFs that interconnect with the firewall (VRF1, VRF2, VRF3). Is there a way to filter the default route in the P

...

why policy for captive portal redirection has no hit counts

We are using MFP for port 22.

we have CP configured and also we have rule in PA to allow traffic for CP url on specific port.

But we see no hit counts on this rule

If i remove the rule then CP redirection does not work?

Can someone please explain this

...

Resolved! Restrict Amazon-Cloud-Drive-Upload

Is there any way to restrict amazon-cloud-drive-upload for certain websites?

For example, say the website is www.mywebsite.com (public IP 1.1.1.1) and has an applet that allows users to upload files. When the user attempts to upload the files, the

...

Traffic showing from same zone

This is not a new setup. It was working fine before.

No change was made recently.

Firewall logs show traffic hitting the right policy, however from the same zone (NET to NET) instead of SZ104-ITSupport to LAN.

How to fix this issue?

Resolved! [BUG] EDL using wrong Service Route

Hello everybody!

PAN OS build 9.0.3-h3.

According to the PAN documentation the "External Dynamic Lists" (Object-> External Dynamic Lists) )are supposed to use "External Dynamic Lists Service Route" (Device-> Setup -> Services -> 'Service Route Configu

...

Communication performance issues between zones

Hi

I have a firewall configured with different zones (users, servers-prod, servers-dev). At network configuration level, 4 network interfaces are linked to 1 aggregate group and under this aggreate group, I have on subinterface linked with each secui

...

Global protect VPN

Hi,

We are using Global protect VPN. Whenever we connect the VPN with office network the system gets slow and we run any command it takes a lot of time to run.

Whenever we connect the VPN with an open network the commands and the websites are working

...

WiFi calling will not work

Has anyone already got wifi calling via PA to run? I see in the session log the connections udp 500 and 4500 but wifi calling does not work on my iPhone 8. I have already excluded my AP, that's not the reason. At home router with itss integrated AP i

...

Resolved! IPv6 IPsec Site -to-Site VPN Phase-I issue

Hi ,

If anyone there who have a solution for this IPv6 IPsec Site -to-Site VPN Phase-I issue, I checked all the Phase-I and II parameters and took help from PAN TAC engineer as well. they don't have an answer for this. I am getting an this error. Your

...

Resolved! GlobalProtect 5.0 for iOS 12 and User Certificates

I have several customers (and my homelab) that leverage user certificates issued from Active Directory Certificate Authorities as a second authentication factor. Since upgrading to the new 5.0 client for iOS, the client errors out on connection to t

...

Resolved! SIP ALG

I just want to make sure I'm thinking through the use of SIP inspection. If I have the sip application configured on a security rule, then the ALG will be in affect.

If I have defined port-based services in a security rule with no sip application defi

...

Interface flap email alert on Palo Alto 8.0

Hi Folks,

I want to configure email alert for interface flapt i.e ( subtype eq port ).

On email server profile under custom log format if I add $subtype eq port , would it be sufficient to trigger alert ?

Feature request: Log Nat Rule in traffic log

I think the subject says it all, if a session is processed via nat, log which nat rule was used.

Resolved! SMTP Authentication

Hi guys,

According to this document, at the bottom, it states that SMTP authentication is currently not supported. This was in 2014, so does anyone know if this is still not supported?

https://live.paloaltonetworks.com/t5/Learning-Articles/How-to

...

split tunnel issue

I have set up a GlobalProtect gateway in Panorama (software version 9.0.0.0) and configured it for split tunnel, however the configuration is not applying to the firewall (PA850 - software version 8.1.6)

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free