General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

CSR Certificate Issue

Hello Team, Three year before ,One of my customer is generated the certificate from linux machine and sent it to comodo for third party sign.Now they got new palo alto firewall and he is trying to install that certificate on palo alto but while installing certificate we are facing "Mismatched Public and Private keys" I have one more doubt that, ...

Interrogate External Server for UserID

Hi,We have a use case where, upon detection of a session with an unknown userID, we'd like the Palo firewall to interrogate an external service via REST API for the UserID/IP address mapping. I appreciate the normal way is to prepopulate the Palo or UserID Agent servers with data from external sources, but this is not possible in this case.Any ...

Resolved! How to enable all disabled application in fast way

Hello Team, Please let me know how we can enable all disabled application in faster way.During dynamic updates of Application and Threats customer clicked on 'Disable new apps in content update,' so there are total 700 application disabled and i found only two way to enable on both way i need to select disabled app manually one by one.

How to change DNS IP for "set deviceconfig setting management initcfg dns-primary x.x.x.x"

Palo Alto Firewall has following configuration. set deviceconfig setting management initcfg dns-primary x.x.x.xset deviceconfig setting management initcfg dns-secondary y.y.y.y I was trying to change DNS ip address to another ones, but I couldn't.It was giving me "Invalid syntax" error message."initcfg" option was not there when I check command ...

Resolved! GloablProtect

Hello Community, I am new to palo alto. we have deployed some firewalls in our company. I am trying to configure globlalprotect on the branch offices to add more gateways. I have an extra internet connection at one location and wanted to know if its possible to configure global protect on one of the interfaces. the firewall is currently behind a...

Resolved! Application vs Service? Specific to traffic being classified as APPs using the same ports

I use both but running into an issue with Lab specific traffic where I will allow a list of applications with service set to ANY but the PAN classifies some 443 traffic as (for example) 'windows push notification' or 'soap' but I am not allowing either of those APPs so it drops it. I am allowing web-browsing and windows push/soap both use tcp/44...

Gateway ssl - The server certificate is invalid

Hi everyone,I have a connection issue using GlobalProtect. Could anyone help me?Thanks a lot

Blocking Google Images

Howdy everyone, We have a strict internet usage vlan where users can only hit an Approved List of URLs that we manage through Panorama. The issue is that some of these fights reference Google as part of the CDNs so we've had to allow them in to the Approved URL filter. This has been working for a long time, but a few users learned that they can...

Email Alert Subject Line.

Hi team, Is it possible to customise the Email alert subject line ..?? For Example : Default - Sub: "The VPN XYZ tunnel is down"Customised - Sub: "The VPN XYZ tunnel is down, Need immediate attention".

Resolved! Palo Alto keep client IP

Hi, Is possible to keep in Palo Alto the client IP although PA is doing a source NAT to reach internet?. A service in the cloud needs to know the client IP. Something like XFF.

Resolved! Traffic log shows decrypted for blocked traffic

We have not enabled ssl decryption for specific subnets.When I see the traffic logs I see ssl decrypted is checked and traffic is denied. I verify that I see decrypted flag for all traffic that is blocked in url category. Need to know reason for this? RegardsMike

Resolved! PanOS version number

Am I correct that the naming scheme is considered Major Version . Feature Release . Maintenance Release - hotfix?8.1.6-h3

Resolved! Port used by the user id agent to talk to AD server

We have PA user id agent running on the windows server.Need to confirm Port used by the User id agent to talk to AD for user to ip mappingsis this port tcp 5006? where should i look for?

Packet Descriptors spike

Hi All,I've been collecting and plotting CPU, Session, Packets Descriptors, Packets Per Second, as well as some other metrics. Once in a while I see a spike on the Packet Descriptor graph.According to KB article How to Interpret: show running resource-monitor :The cores specified in the CPU usage output have dedicated functionalities:Core 0: use...

Resolved! 5220 data plane cpu utilization in GUI

Need to know on PA 5220 when we see DP utilization in GUI does it mean that it is average CPU of all the cores?

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

CSR Certificate Issue

Interrogate External Server for UserID

Resolved! How to enable all disabled application in fast way