General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Pricing and Licensing of Firewall Products for On-Premises and Azure Cloud

We want to use the Palo Alto security firewalls so that we can enable IPS/IDS on the domain resources. Please guide us about pricing and licensing of Endpoint Protection and Firewall Licensing. Do we have to pay extra per entry point and also how the Palo Alto differs from the Barracuda virtual appliances.

Cannot add SNMP

Hi, I am trying to add Palo Alto firewalls to our monitoring system but one of our PA-220 is failing to be added. We use Panorama and PAN-OS 8.1.3. Any idea how to fix this issue?

EDL HTTP response code said error

Hi, I am facing an issue where the External Dynamic List shows an error when tested by cli command "request system External-list show", the error is "HTTP response code said error", but whem the list is tested from any other device it is accessable and working fine, this list is a Domain list, and I dont think it is a bug as the list is not work...

Resolved! FTP_Passive_Antivirus_Profile_Performance

Hi Guys, quickDescription => paloAlto networks physical firewall and antivirus profile for FTP.Task => Using a script to get/put a file (few hundred kilobytes) from/to the FTP server every 100ms (ten times per second or 20 times per second) . The FTP server is behind paloalto. FTP mode = passive. Has someone tested or knows the performance...

Resolved! phase 1 up phase 2 down

( description contains 'IKE phase-1 negotiation is failed. Peer\'s ID payload 10.175.150.0 (type ipaddr) does not match a configured IKE gateway.' ) and ( description contains 'IKE phase-1 negotiation is failed as responder, main mode. Failed SA: 198.160.191.5[500]-173.182.112.167[500] cookie:5357205146f1b40c:a194d23cbec27a50. Due to timeout.' ...

ALB Health Checks -> Palo Alto -> ALB

Trying to get the Palo Altos to register as healthy. Can anyone provide some assistance on NAT policies, or configurations for getting TCP 80 checks from ALB to Palo Altos to ALB which sits in front of two App servers? ALB (Palo Altos) |Palo Altos |ALB (App Servers) | App Servers

Resolved! IpSec VPN between Palo and Vyatta

Hi all, I try to configure an IPSec tunnel between PA-500 (version 7.1.4) and vyatta.Config seem to be ok, phase 1 is ok but nego for phase 2 is block in "No Proposal chosen". I select in phase 2 all possibility given by the palo. Any body already succeed to do that ?help .. please 🙂 Vincent

Resolved! Custom URL Filter - Site Definition Format

We started using Custom URL Categories, and it seems when we define a site, we have to add both a wild card to cover any subdomain, and a / to cover all URI/URL of the domain, IE:*.acme.corp (To cover subdomains)acme.corp/ (To cover all URLs/URIs to the domain) My question is (I'm getting into this deployed late) is that my predecesso...

Resolved! GUI does not show system logs

On GUI i see traffic logs but no system logs.LAst system logs are from yesterday. Ran the below command show log system direction> equal equaladmin@EOCDC-G3-NGFW-2(active)> show log system direction equal backwardTime Severity Subtype Object EventID ID Description=============================================================================...

How do I see what the value of variables on remote firewall from the command line?

I've had a problem when I change the value of a variable for a firewall in Panorama, for some reason it doesn't get pushed to the remote firewall. I can log in to the GUI of the remote firewall to see the variable value where it's applied in the config. But, that takes a lot longer than if I could see it in the CLI. For example, I have a ser...

UserID

Hello Is Userd Identification feature works only whith Active Directory users account or also with Computers accounts ? I would like to create a security rule who allow access on our internal ressources only for computer with an active computer account in our AD and for computer without an valid computer account or disable account, the traffic m...

Knowledge Base Single Sign-On Error

Hello! Every few days I get this error and can't access knowledge base. It is VERY FRUSTATING!!!! Error started to appear after last tool upgrade. Does PAN have mailing list for resolving partner access issues? Regards,Maja

Resolved! Open port

I need to create security rule and/or not to allow port 6965 to a device. Do I need both a NAT and security rule? Need to find out from vendor if port is TCP, UDP or both. I have PA-3020 running PAN-OS 8.0.13.

Asymmetric traffic and URL log retention

shown below is my log storage quota settings. My traffic logs can show past 16 days data but URL filtering logs has only past 8 days data. how can I ensure I store same log retention period for traffic and URL filtering?

Resolved! Minemeld with AWS Guard Duty Integration

Hi, I just went through the python extension install successfully of the Guard Duty miner for Minemeld. It looks like it installed successfully, but after I restarted Minemeld I can't see anything. I create a role for my Minemeld instance to have access to Guard Duty. Is there something I am missing in this install that would get this in...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Pricing and Licensing of Firewall Products for On-Premises and Azure Cloud

Cannot add SNMP

EDL HTTP response code said error