General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! Aperture working/basic, how aperture policy works

I started with aperture and document mentioned "Aperture compares your user defined aperture policies to the data content and context to calculatre any policy violations"

I understood

Conext = data exposure

Content = Data patterns inside the acutal fil

...

Passive device dataplane interface and management interface

Hi Team,

Can we ping management IP of the passive device from the any one of the dataplane interface on the passive device.

Interfaces on the passive devices are up (showing green) --> passive link state is auto.

We have tried pinging the internet in

...

IPSec VPN not working before phase 2 negotiation

Hello,

I made an VPN Tunnel between paloalto and fortigate(3 tunnels).

Every config is same between them. 2 of them work well but 1 tunnel has an issue.

About 3 mins before phase 2 negotiation(by lifetime or other reason), traffics can't go through t

...

Is it ok to set ipsec phase 1 lifetime 24 hours when the peer set it to 86400 secs?

Hello

I made ipsec tunnel between paloalto and fortigate.

I keep have issue about rekeying, so I try to set different lifetime phase 1 and 2.

phase 1 : 28800 -> 86400

phase 2 : 28800 -> 28800

In paloalto I can't set 86400 sec, so I plan to set it 24 hou

...

Resolved! Whitelisting Load-Balanced Sites - Fetch DNS records as JSON

For sites (to be whitelisted) that are behind ever-changing IP ranges (e.g. Amazon load balancer), has anybody used a services like these?

https://dns.google.com/resolve?name=www.netflix.com

https://dns-api.org/A/www.netflix.com

Is there an e

...

Minemeld TAXII ISAC

Hi all,

I have the way to get feeds from ISAC with a TAXII prototype and I want to share with you all. Proabably it can help someone.

Firstly it's necessary to import the minemeld-taxii-ng extension on system>extensions and install extension from git

...

Resolved! How to enable API access for Minemeld

I have been working on syncing a manual localDB miner list via this Python script (https://gist.github.com/jtschichold/95f3906566b18b50cf2e3e1a44f1e785) When I use it, I get 'Unauthorized' when trying to access /status/minemeld. If I manually authe

...

Resolved! 'Content update job failed for user Auto update agent

i got this email alert from Firewall .

what can be the reason for this and which process i can check in Management plane?

Developing my first Extension: MineMeld Server now reports ERROR RETRIEVING EXTENSIONS LIST

I worked on my first extension today (based on the structure and files of youtube-miner).

As soon as I imported it into MineMeld I got the ERROR RETRIEVING EXTENSIONS LIST: INTERNAL SERVER ERROR red box of shame.

What log should I be looking i

...

Resolved! wlc monility and EoIp traffic

Hello All,

I have WLC and anchor-WLC with PA firewall in between, I have rule allowing EoIP and wlc-mobility APPs with application-default service selected, I don't see on monitor tab any single packet logged, even though I know for sure it is there,

...

Resolved! running-config to candid-config OR candid-config to running-config

Hello All,

Kindly help understand the concept.

I am preparing for my PCNSE and I was reading through the a manual provided by Palo Alto (EDU-255).

Under Configuration Operations, at one point the document reads that “the running configuration is copi

...

Creating Minemeld IPv4 Lists

I'm a newbie with Minemeld and Autofocus.

I'm looking to create a Minemeld Miner that will maintain IPv4 Whitelist based on an AWS Site that is load balancing and/or using DNS Round Robin.

The CDN that we're pulling data from lives in AWS and IP Addre

...

Resolved! What are you using to implement SNMPv3?

I'm taking on the task of setting up SNMPv3 on a firewall but will be starting from scratch with no tools, programs, scripts, etc. in place so I have a lot of flexibility (and also a lot of work ahead). I won't be doing traps but mostly looking at CP

...

Hardware failure recovery in an HA pair

What is the best way to recover the primary PA 5050 if the hardware completely dies?

Can we create same VLAN ID on two different aggregate interface on the same vsys enabled device ?

Hello All,

I want to assgin same vlan id two different aggregate interface which will be assign to different vsys created on the 5220 device and assgin public IP address as well which are in same subnet. The exact requirement is below :-

created tw

...

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! Aperture working/basic, how aperture policy works

Passive device dataplane interface and management interface

IPSec VPN not working before phase 2 negotiation

Is it ok to set ipsec phase 1 lifetime 24 hours when the peer set it to 86400 secs?

Resolved! Whitelisting Load-Balanced Sites - Fetch DNS records as JSON

Minemeld TAXII ISAC

Resolved! How to enable API access for Minemeld

Resolved! 'Content update job failed for user Auto update agent

Developing my first Extension: MineMeld Server now reports ERROR RETRIEVING EXTENSIONS LIST

Resolved! wlc monility and EoIp traffic

Resolved! running-config to candid-config OR candid-config to running-config

Creating Minemeld IPv4 Lists

Resolved! What are you using to implement SNMPv3?

Hardware failure recovery in an HA pair

Can we create same VLAN ID on two different aggregate interface on the same vsys enabled device ?

Are there signature release for following vulnerabilities?

PA-440: Bottom Face Screw Mounting Footprint

using Subinterfaces in different Vsys inder same phy interfa

SSO Activation

OSPF route suppression

Re: New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Re: sorting question

Re: How to add palo to multiple device groups

Re: New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Re: How to show connected remote users with Panaroma

Unlock your full community experience!

Resolved! Aperture working/basic, how aperture policy works

Resolved! Whitelisting Load-Balanced Sites - Fetch DNS records as JSON

Resolved! How to enable API access for Minemeld

Resolved! 'Content update job failed for user Auto update agent

Resolved! wlc monility and EoIp traffic

Resolved! running-config to candid-config OR candid-config to running-config

Resolved! What are you using to implement SNMPv3?