General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

9.0.3 -h3 - Possible bug?

Hi, anyone had issues after updating to this version? We had strange behaviour accessing some websites stating that 'File Transfer Blocked' there was nothing showing in the logs. We rolled back to 9.0.3 and problem went away. Possible bug ? D.

BPA First Time Configuration Merge with Production configuration

Hi Team, I have completed BPA Day one Configuration and would like to merge those best practice with my Production configuration back. Please suggest the best way to implement. thank you

Global Protect external IP address - Best practice?

Hello, We are a moderately-sized customer without an assigned sales or engineering resource due to account transitions. We are in the process of moving to a new ISP and it has been suggested by internal resources, for other reasons, to utilize the same IP for the Global Protect Gateway as is already assigned as the outside IP on the public inte...

Resolved! False positive threat

Hello, PA-3020 is falsely identifying some adobe-creative-cloud-base traffic as being a threat. I can't add an exception for this as the log view does not contain a threat ID as it normally would for a threat. All of my dynamic updates are up to date.The URL filtering profile is set to ‘alert’ for computer-and-internet-info (I have most of the...

Resolved! debug dataplane for vwire and flow

if we have PA in vwire mode for troubleshooting purposes we can do pcapAlso we can do debug dataplane packet-diag set log feature flow basic Other then this can we use any other flow for vwire troubleshooting?

Cisco ASA multi Context migration

I am migrating a configuration over from a Cisco ASA that uses multiple contexts and have several questions about how to replicate that in a PA. 1. The ASA's use port-channel groups and for the internal and external those are shared. On the inside interface each belongs to the same group but uses a different VLAN tag. On the external interface, ...

Resolved! DNS security and cloud lookup

With PAN OS 9.0 Does PA do cloud clookup for everydomain or only for domains which are not in DNS sinkhole of Antispyware profile? I was told DNS security is a part of PAN DB so when clouds verdict is that particular domain is bad hows does this info come to PA in real time? I know it comes via Management interface but which security profile...

Resolved! Turning Off DNS Lookups When Performing Dataplane Packet Capture?

Is it possible to turn off DNS lookups when performing packet captures on the dataplane? I was hoping to run some pcaps, without taking up too many unnecessary resources through DNS lookups. Thanks.

Resolved! Policy rule hit-count data is not stored on the firewall or Panorama

For link below https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/management-features/rule-usage-tracking Policy rule hit-count data is not stored on the firewall or Panorama so after you clear the hit count using the reset option, that data is no longer available. Where is this data stored??

Resolved! commit error

today i got commit error Client websrvr requesting last config in the middle of a commit/validate. Aborting current commit/validate. Commit failed Fix was i just need to run the commit again.Need to know why this commit error occured?

Setting All traffic of a specifif URL to the primary ISP

Hi Everyone! How will I set all traffic from https://www.siteground.com/ to my primary ISP? Because Currently we have two isp and running in a balanced round robin. The issue is whenever we go to the website it shows an error "Due to ip changed instantly"What are the procedures and confgurations should I do? Thank you

Panorama reset Authentication Profile (Certificate Profile based Authentication) via CLI

Hi, I have configured (on a test Panorama VM - luckly not on the production one) a SSL Certificate Based authentication following the steps provided on the Panorama Administrator's Guide; somehow It didn't quite worked out and I'm currently locked out.I do have admin access to the Panorama VM via CLI -> is there any chance to reset the GUI au...

PBF state is dicard

I have 2 internal test IPs, 172.16.16.2 and 172.16.16.3. These 2 IPs are respectively PBF, which implements different paths. And these two IPs have done two-way NAT. Map them to a public network address. The problem that arises now is that 172.16.16.2 can normally access an address on the external network, but 172.16.16.3 cannot be accessed. Som...

How to make PA side as intiator for VPN with Azure

We want to make Palo Alto side as intiator for VPN with Azure . Currently we have IKE settings as aes256,3des , sha1 sha256 and group 2 .with lifetime less that azure standard 28800 still we are seeing PA acting as responder. Basically issue is with PA is responder we are facing packet loss with azure resources. below is article we reffered. htt...

Resolved! minemeld-web FATAL, CENTOS Latest Dev Edition

I performed a recent git pull and performed the standard upgrade due to we were having issues on the edition we were on. However the minemeld-web will not load. I tried the revert back to pip 9.0.3 command for others having the with no luck.When trying to install minemeld stable it won't install at all so I continued with dev (as that is what we...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

9.0.3 -h3 - Possible bug?

BPA First Time Configuration Merge with Production configuration