General Topics

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

URL blocked - Application "incomplete" and Flag 0x400019 in traffig log

Hello, everybody!

I have a problem with a URL that is being blocked despite being explicitly allowed in the white list.

I have seen the traffic logs and for that destination IP address (i.e. a website on the internet) I see that Application is "incom

...

Resolved! A few questions

Afternoon

Firstly I want to say I really like this product, it has endless possibilities in improving internal security in our environment.

I have a few questions I hope you can help me clarify so I understand how to use the product better.

I am

...

Resolved! Panorama - How To Preview Changes to Managed Devices

Hi all,

Since upgrading Panorama to V8 I can no longer seem to find how to preview changes which will be pushed to managed devices.

I can preview changes to Panorama and 'validate' pushed configs, but that's not the same thing.

Any ideas?

Thanks very muc

...

Limit bandwidth for 4 subnets on trust interface

I have 4 subnets in trust which i would like to restrict bandwidth usage to 50mb.

PA3020 Panos- 8.0.12.

Resolved! Auto populate portal address global protect

We are looking at internal only with no tunnel for global protect for user-id. Is there a way to autopopulate the portal address so a user would only have to enter credentials and not enter portal address manually? Looking to push this out, and thi

...

Resolved! HA Link and Path Monitoring

We've configured HA Active\Passive on a pair of 5250's running PAN-OS 8.1.5 and it works a treat and pre-emption also works as expected.

I've configured Link monitoring so if we get an HA failure if the trusted links fail which works and it fails ove

...

Use XML API users in policies

Hallo,

I successfully configured an WLAN-Accesspoint to send users via the xml api.
I can see the users in the log entries but I cannot select the users in particular policies. Looks like the users are not known to the firewall.

Do I need to create loca...

Resolved! Dedicated Logging Export Interface on PA 5220?

By default, I know that you can send all of your logging messages out the onboard management interface, on a platform like the 5220. However, I would like to avoid the extra noise on my management network, by configuring separate, dedicated interfac

...

Static Route monitoring and NAT

I'm having an issue with my NAT policy.
I've configured a backup ISP connection with a static route and a higher metric. When the primary ISP connection fails the routing portion works correctly and I can see the primary default route get removed fro

...

Change interface virtual router cause network down

My network has 2 outgoing data lines. Using one virtual router and set static default route for the 2 interfaces. The 1st interface has its Metric set to higher priority. As I want to divide the traffic. Some zones were force to use the 2nd interface

...

Force to Use Certificate

Dear Friends !

as i study PAN 7.0 if there is no Certificate installed in Client PC, PAN can not read https secure sites

in this is if i block youtube or other social websites and client uninstall CA from its browser he/she will be able to open blocked

...

Blocked WebSites

Dear Friends !

i am using PAN 7.0 and blocked some secure websites, but PAN is not able to block websites by name

for exmaple when i access 53.55.125.73 it is blocked succesfully but when i type https://www.mydomain.com Certificate is verfying by PAN

...

Upgrade 3020 to new version?

Hey guys,

There are two 3020s in HA that run 8.0.7

I'm wondering if I can upgrade to a new version in 8.1.X train? Or should I stay at 8.0.7?

Can someone share their experiences?

Thank you.

Resolved! GlobalProtect when Palo behind ASA

Hi All

I've been tasked with getting GP working and as I'm not as skilled as many of you, I thought I'd ask the brains trust if this is possible.

We have a PA-3020 which sits behind a Cisco ASA. The ASA is the edge firewall and is a yes/no gateway, th

...

PAN-OS 9 - Wildfire Updates skipping; claiming that a newer version already is installed

I have upgraded to PAN-OS 9 yesterday, so far without 'bigger' issues, except:

EDL updates keep failing, claiming that the downloaded file is not a ext file thus using the old version
-> interim fix was to remove the checkmark "block unknown certifica

...

General Topics

Discussions

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free