General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Is higher latency normal on a VM compared to hardware?

Hi All

At home I run a PA-200, but I've been toying with the idea of moving to a VM (both lab-licences).. But whilst the VM runs WebUI runs 100x quicker, MGT interface is fine, but on the actual FW interface it has a much higher ping latency.

When pi

...

8.1.0 Upgrade issue: Group names in allow-list of an LDAP authentication profile no longer work

Group “Allow lists” no longer worked for LDAP authentications. We could no longer connect to GlobalProtect until set it to All or specified each LDAP user account.

We had to forcefully clear the ID Manager database

debug user-id reset u

...

Resolved! when doing commit from PA i get error

i am doing temp override on the PA so that managenet interface ip permitted list is as per panorama but when i do valid

commit

etails:vsys1
Error: No PROXY_OPTOUT notify page defined in vsys1.

Resolved! QoS Guaranteed Bandwidth question

We have a couple of tenants in our building and I was wanting to insure a guaranteed bandwidth of our 100 Mbs circuit for us regardless of what the tenants are doing. I was looking at something like this: I set all of our traffic to class 1 and all t

...

querying regarding URL filtering profile

I had created a custom URL category (for specific tiny url let say *.tinyurl.com/) & in the url filtering profile I had opted for option to continue for this custom url category to make user acknowledge the action & log the event. but the caveat here

...

Resolved! Dataplane Limitations - When to use a router for intrazone vlan routing?

Hi,

This is a question about when to use the firewall or a seperate core router to route traffic vor vlans in the same zone (intrazone).

As this traffic does not need to be inspected, it should only be using the network layer and cpu of the dataplane.

...

New NG PA implementation path URL

Hi all, we are replacing our aging ASA VPN with the new PA GlobalProtect. ASA has a path of someurl.com/path rather than just a default someurl.com. Makes it a bit harder for the bad guys to guess. Is PA capable of creating a path, rather than a defa

...

Resolved! Palo Alto - Dynamic Updates

Hi I'm new to Palo Alto alto. but my company have several diffrent versions of Palo alto firewalls, some with direct support via palo alto PA-3050 where i have access to download the Dynaic updates directly. Plus some that we have support through a r

...

Resolved! Recommended PAN-OS version for 820 and 220

Can one let me what is the recommended PAN-OS Verision for PA-820 and 220 ?

8.1.6 , 8.0.15 or ?

Resolved! Re-order BGP Import/Export Filters via CLI/API

Hi,

I'm looking for a way to re-order BGP Import/Export filters via the CLI or via the API (preferrably CLI).

I have not been able to find a set, move or edit command which does this and searching the API browser there doesnt seem to be a path that w

...

Resolved! Documentation bug? User-ID XML API has double closing tags

The XML API documentation for 7.1, 8.0, 8.1, and 9.0 appears to have an extra closing tag for the <uid-message> object. You can see it on the following pages:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-panorama-api/pan-os-xml-api-request-ty

...