General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Resolved! Paloalto 6.1.15 cannot download dynamic updates

The Paloalto firewall stop to download the dynamic updates since 28 Jan for Antivirus and 6 Feb for Applications, is that beacuse of the PAN-OS, should i upgrade 8.1.6. Appreciate your help Thanks

Resolved! PAN-OS Version Numbering

I saw a strange PAN-OS version on the support site software updates and wanted to know what this version is. What does the "h2" designation mean? 8.1.6-h2

New to Palo Alto from Juniper SSG

I was wondering if someone could enlighten me on how to replicate the Mapped IP functionality from Juniper SSG to Palo Alto.We have a number of services on our current Juniper SSG. The way we firewall these services is using MIP's on the Untrust Zone then the traffic passing from Untrust to Trust using standard juniper policies. I was playing ...

Resolved! PA support SVTI

Hi @reaper Do palo alto support SVTI like Cisco.SVTI configurations can be used for site-to-site connectivity in which a tunnel provides always-on access between two sites. The advantage of using SVTIs as opposed to crypto map configurations is that users can enable dynamic routing protocols on the tunnel interface without the extra 4 bytes req...

Resolved! Mac OSX HIP check based on processes

I've recently turned on HIP profiles for our windows users, checking to see if our patch management and AV is running by looking at processes. I need to do the same thing for some of our Mac users, but I'm striking out. What is the best way to verify something running as a process via globalprotect on a Mac?

Antivirus/Anti-Spyware Response Page not working

Hey Community! I noticed that our Firewall (PA-3020, PAN-OS 7.1.6) does not serve an Antivirus/Anti-Spyware block page.When I use http://www.eicar.org/85-0-Download.html to test it, I can see that it is blocked.ThreatLog shows action "reset-both" but in the Browser (tested with Firefox 50.1.0 and IE 11 11.576.14393.0/Win10) I don´t get the desir...

Resolved! 8.1.5 BGP question

Hi I have some inserted routes into my BGP for redistribution.firstly I have a NAT address associated with a loopback. I had a redis rule saying connected and added in the interface. That didn't add the ip address into the BGP tables, tried just the /32 that didn't work either ! so I went into the router and bgp and redist rules an added in /32 ...

Support for eliptic curve x25519 for inbound SSL decryption?

On PAN-OS 8.1.2 I'm getting decrypt-errors when decrypting inbound traffic. I ran a test using SSLabs.com, and I found that newer browsers are requesting x25519 and getting a handshake error. It's showing that only secp256r1 are secp384r1 are supported. Does 8.1 support x25519 or plan to support it?

How to configure PAN to allow for SFTP traffic over public ip

Hi , How to configure PAN to allow for the SFTP traffic over public ip. ThanksKM

Increase Panorama logging

I currently have a virtual Panorama on esxi running version 8.1.x in legacy mode. The VM is configured with a system disk and an additional 500GB disk for logging. The 500GB is proving to be not enough as I'm only able to keep a little of 1 month of logs. I have asked this question to support, but could not really get a clear answer. Is it pos...

Resolved! Allow inbound concetion to multiple servers from single public ip

We have vendor device with public ip in internet.IT need to talk to multiple servers inside the company network. all the internal servers have private ip and connection need to come on different port numbers. Currently I am allowing the incoming connection from vendor to one of our public ip address and using static nat translation for destinati...

Test vlan network for rsa secureid

Hi all, I have project where I need to have a test vlan in my pan820 that will intergrate with Secureid authentication manager 8.4, my plan is to have this test vlan separate from the inside network, and also from globalprotect, we will be putting pc's in this test network where when they login, it will trigger the mfa authentication. So what wo...

Resolved! Global Protect + Captive Portals + Enforce GP for Network Access = Bad User Experience

Hi community Do you maybe also use Global Protect with the setting "Enforce GlobalProtect for Network Access" enabled? And does this also made you a headache? Even worse do you have https website configured on the client computers as default websites in the browsers? If if this is not enough does this website also use HSTS? By default a modern o...

Resolved! How can I run a report to extract users logged in via Global protect last month?

How can I run a report in PaloAlto Firewall to extract users logged in via Global protect last month?PA-500 5.0.2

Resolved! Connection from outside to Inside Server

We have specific device that has public IP and need to connect to Server inside our networkThat server has private IP address and that address is not in any physical interfaces of the firewall. Need to know how can I allow the connection from this specific Public IP to the server private IP?

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!