General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Threat log types

For threat logs in PA i see below options ( subtype neq vulnerability ) and ( subtype neq spyware ) and ( subtype neq packet ) and ( subtype neq scan ) need to know if this makes sense ?? where vulnerability is part of vul protection scecurity profile which is layer 7 ?? spyware is anti spyware profile which is also layer 7 ??? scan and packe...

Aplication Dependency commit Warnings after 8.1.8 upgrade

Hi, Recently we had to upgrade our customer PA-3050 from a 8.0.10 to 8.1.8 version.After we did it everything works fine, but when they did a commit of the configuration a lot of Aplication Dependency commit Warnings appears:We check all the policies and in every one all the applications are included. Anyone knows why this happened and how to so...

Unable to get into maintenance mode

Hello All,I was in the process of upgrading our firmware of our PA500 to 8.1 and when the device rebooted, it did not want to come back online. Checked the startup and noticed I was getting this error message. I did read online that it might be an issue with the hard drive? Is there a way I can resolve this? I cannot even get into maintenanc...

Critical system logs

Hello,I'am planning to install a monitoring tool, and i need critical system logs generated by the PAN-device. Is there any docs that mention it?Regards.

Overlaping subnets in IPsec VPN between palo alto firewalls hosted in AWS VPC,need help to configure

We have 2 VPC each having Palo alto VM-100 hosted in AWS ,both VPC are having overlapping subnet and we are try to setup ipsec site to site vpn ,kindly let me know the fesable configuration solution with configuration example if possible.Thanks .

Resolved! Connecting WildFire Private Cloud to firewall

When connecting WildFire Private Cloud to firewall (Device > Setup > Wildfire), It appears that we can only add one (1) appliance IP address. However with a cluster there's more than one appliance.1) Should this be the management IP address of the Primary cluster member?2) How does the Firewall know to send traffic to the other appliance(s...

Resolved! Disabling HA

Hi Community, Does disabling HA using the master switch ( Device -> High availability -> general -> setup ->enable HA checkbox) will cause the interfaces to go down and up ?. I understand that the interface mac has to be changed from virtual to physical one, does it cause a flap.I have faced an issue that disabling caused aggregate i...

Resolved! MineMeld engine failed to start.

I was attmepoting to configure Minemeld to pull AWS ip addresses, but nothing happened when I hit commit. I noticed the Supervisor had stopped, and came across this earlier article. I issued the commands: sudo service minemeld stop sudo service minemeld start sudo -u minemeld /opt/minemeld/engine/current/bin/supervisorctl -c /opt/minemeld/local/...

Resolved! URL Filtering Reports in Panorama - clickable URLs

When I click on the icon to open a web page in a report, it takes me to a "whois" page. I would like it to rather take me to the website.Is there a way to customize this behavior? I would appreciate any help, thanks!

Need to allow service for Ping application

Hi Team We have configured the one Destination NAT policy. My requirement is Ping the NAT IP (Public IP) from the external network. I have configured one security policy with application as 'ping' and service as 'any'. For the above configuration, I can able to ping the Public IP from the external network. But I want to allow the specific servic...

Resolved! Take PCAP from the mgmt interface using the UI

Hi All, Is there a particular reason why this option is only available from the CLI? Thanks,Myky

Resolved! User-ID not mapping all users

I'm using the PA's integrated User-ID Agent to setup User-ID. The moment I began monitoring DC controllers it begain to pull User-ID mappings. This is before User-ID was configured on any zone. However, when I configured User-ID on a source zone, the firewall doesn't getting any user mappings from that source zone. Select IP addresses (approx. 5...

Resolved! unable to get system info

This is a new one for me. My system is showing "active" (in active/passive) but the GUI is frozen and I see the following on the dashboard: PANOS 8.1.9 From the dashboard

MineMeld - need help importing and processing syslog data

I installed the MineMeld VM on my ESXi box yesterday and it came up just fine, I can login to it from the VM Console, the web console, and over SSH. I've edited the /etc/rsyslog.conf file and /etc/iptables/rules.v4 so that syslog data is coming in from the firewall to the /var/log/syslog file. Question: How do I get MineMeld to process the sys...

Migrating server from port based firewall to Pal Alto

My company is moving a few servers from an old data center with an ASA to a new data center with a Pal Alto. A lot of the rules for the old server on the old firewall are showing port numbers only. I would like to use application ID as much as possible and don't know how to find out what applications use these ports. I know I can google a por...