General Topics

Discussions

Sorted by:

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Global Protect with Azure MFA issues

PA3020 PANOS-8.1.7 GP-4.0.7

Using Radius server for auth.

Radius talks to Azure MFA for 2 factor auth.

Having timeout issues.

Sometimes user not getting MFA prompt on the phone.

If the get MFA prompt they will get auth errors.

Panorama help : How to reset rules hit count

Hello everybody,

I have to reset three policies usage in Panorama 8.1 firewall but in this version is not available this option in the GUI.

I guess I can do it from the CLI.

Can anyboy help me?.

Thanks in advance.

Restart is disabled because no ike sa was established

We have IPSEC tunnel to vendor.

Tunnel is up

Gui shows Phase 1 is red.

I can ping the IP on the tunnel on vendor side which is Gateway for Vendor LAN.

Unable to ping the LAN IP on vendor side.

PA shows traffic is passing but nothing coming back from ve

...

Firewall rules suggestion

Hello

I would like to have advices regarding firewall rules. I'm deploying a PA-3220 on my main site (site A). On this main site, I have several zones configured on my PA3220 (user, servers, dmz Intranet,). I have also 5 remote sites.

I must create a

...

Application is identified ad rtp-base and PA still doing PCAP

Under traffic logs we see pcap green arrow for this application rtp base.

What is the reason that PA is doing pcap for this if app is identified.

Resolved! Any document to setup VPN between palo alto to AWS

Any document to setup VPN between palo alto to AWS

Panorama device group

I am looking for cli cmd to fetching device group info using device name .

Any suggestions..

Resolved! PAN Next Generation Firewall 3020 can't Forward Logs Properly to External Syslog Server

Hi,

I'm trying to forward all logs from PAN Firewall 3020 to an external Syslog server. I have followed the guide here and have tried to debug the problem by accessing the firewall through CLI but to no avail. However, I think I might have noticed an

...

Resolved! File Blocking rule logic

The following KB article states that the File Blocking rulebase is not top-down but based on action precedence. The article fails to mention anything on the function of the application column with regard to processing logic:

https://knowledgebase.palo

...

Resolved! Allow traffic after "decrypt-error"?

Is there any way to allow traffic after "decrypt-error"? I get a lot of decrypt-errors showing up in the logs when SSL decryption is enabled. Most of it is from amazonaws.com (even though I excluded it from decryption). I would rather just allow the

...

Resolved! Why is this getting denied?

How can traffic be both allowed and denied?

Global protect agent file cant upload

Hi,

i cannot upload global protect agent files to my lab PA-VM 8.0 qcow2 file. any suggestions why i cant do that?

The command "Show systems statistics session" in a daily report?

I would like the information displayed in the "Show systems statistics session" CLI command to be packaged into a daily report so that I could see the previous day's throughput, packet rate, TCP sessions, etc and displayed in nice line graphs. Is th

...

Can rapid fire spam phone calls be blocked by the PA

Can rapid fire spam phone calls be blocked by the PA, they seem to be similar to a dial of service and they are making it possible for us to make outgoing calls or recieve incoming calls by using all our phone sessions? Is there a way to block them u

...

Resolved! Threat log forwarding from unlicensed PA device?

Hi folks,

I believe I know the answer, but wanting to make sure I understand. I am configuring log forwarding to a Varonis server for testing. I've been sending the traffic log, but Varonis will only process the Threat log.

I've configured the Thr

...