General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Resolved! Commit not needed for operational mode

Need to verify when on operational mode PA> No commit is needed right?IT was save the config automatically

Resolved! Panorama Device Static Routes

Hi, I have a a requirement to configure alternative static routes on a Panorma instance other than the default route. Essentially the network my instance is deployed in is dual homed and needs to have routes for certain networks pointing a different direction that is not the default. I feel like this is a super simple task, but I cannot find any...

Total Objects and Device Groups

Hello! I want to start this off for apologizing if i do anything wrong here or miss any processes as this is my first post. I had the question for the community to see if anyone has ever ran into something like this, or what my best course of action would be. We started migrating our environment off of the PA-500's to PA-220's (in the effort to ...

Resolved! how to unblock this sub-url?

I have a URL filtering list with *.github.com in custom blocklist. but I want to allow one specific sub-url https://github.com/abc .added the sub-url to the custome allow list but didn't work. I'm assuming because of the url filtering order of preference(i.e blockl list first).how can I get this working without creating another security policy? ...

Resolved! How is Global Protect SAAS licensed?

Hi; In addition to having to have a licensed Panorama appliance, do you need to have a per user or per device license? KindlyWasfi

change standalone node to HA

I have Standalone PA 3020 up and running , is being manged by Panorama and now I need to add another PA 3020 to bring in High Availability.Please help me with the steps that I should follow. In Panorama We have template stack and Device group for already running standalone PA 3020.Should I configure HA setting on both firewall and simply push th...

GTP & SCTP Protection

Can someone in this forum tell me about GTP & SCTP Protection features? Is there any deployment reference for GTP & SCTP feature?Can we only inspect GTP-C (Control Plane) only?

Resolved! Polling Error with Miner

Hello I was wondering, I was trying to fix one of my miners that the URL seems non-existant. The URL is from Palo Alto : https://minemeld-updates.panw.io/deprecated-feed.txtI was wondering if any of you found the new URL to which it could be moved, I checked feodottracker but they are only providing me with IP feed and MD5 feed while I'm looking...

Client Authentication Sequence only works for 1st item in the list

I configured Client Authentication Sequence for both GlobalProtect Portal and Gateway for both LDAP and local database. For some reason, only the first item in the list works. It does not seem to try the rest of the sequences in the list. If LDAP is first in the list, then LDAP authentication works but not Local database. If Local databse is...

How to migrate config from expedition tools deploy to panorama

Hi Expert, Please suggest to me about how to deploy config from Expedition Tool (Migrate config old firewall other vendors such as juniper )to panorama in the case doesn't config on the local firewall of multiple firewalls per sites. Thank you

Minemeld Installation OVA + ISO : LiveCD or removable?

Hi everyone, I want to install Minemeld following the official tutorial [1] that uses an Ubuntu OVA + MineMeld ISO that installs the software during the first boot. My question is if that ISO can be removed after first boot and the consecuent installation, or it's a LiveCD that needs to be plugged in all time. Something like the following proces...

Azure Datacenter IP Dynamic List Issues

Hi all, We have the azure_cloudIPS miner, processor and outpur working and can view the list of IPs via the link (https://minemeld.mycomp.com/feeds/AZ_DC_IPS). We have simplar feeds setup of Office365. However, the on teh PaloAlto, the dynamic list is empty). Test URL Source is successful, and the Office365 feed populates just fine. There...

Advise on using AD user-id in local PA groups?

I am struggling with utilizing ActiveDirectory groups in firewall policy. My concern is then our AD administrators have control over transversing our firewall policy. Generally speaking say for example we have a FW policy setup where AD group ServerAdmins has <some type of> to a resource, they (the AD administrator) could very easily throw...

Resolved! How often does the Integrated User Agent query the Domain controller for security logon events?

Hi; How often does the Integrated User Agent query the Domain controller for security logon events? Is this period the same if you run the agent on a separate host? Can you change this time. KindlyWasfi

Resolved! New GP deployment - DNS, ping, and tracert work, but no app traffic

I've set up a new GP config on a new PA-820 firewall. I have an old firewall I'm replacing, but I'm running them side by side. On the new 820 GP, I can connect with a GP client, and then ping internal servers. I can verify that DNS is working with nslookup using our internal DNS servers and all of the internal resources resolve and can be pinged...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!