General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! Application incomplete

Hi,

Why Palo Alto is detecting sometimes the application like SSL and sometimes like incomplete??????

if the connection has 134bytes is not detected, but with more than 134b is detected..........

Resolved! Always on Global Protect and Open Wifi

I'm in the initial stages of a support case, but am curious if you all have had issues or success with this scenario:

A GP user that is:

pre-login / always-on / machine cert auth / no split-tunnel (0.0.0.0/0 include route) with access to their local

...

How configure Taxii miner for API Authentication

Dear All,

I need create Taxii miner with API Key Authentication

I don’t know about how enable API Key authentication.

I need configure API on my mimer as " VitusTotal".

Which should miner I use? How configure it?

Thank you

Resolved! User-ID Group Mapping Settings - automatically fetching groups that start with name ABC_

Hello! Our goal is to use AD groups in firewall policy rules that start with ABC_xxx_xxx. So I am wondering how we could achieve this without manually adding new groups to PaloAlto Group Include List.

I have already tried Custom Group filter with (CN

...

Signatures Minimum OS Version??

critical

18754

DemonBot Command and Control Traffic

reset-both

8.1.0

I noticed the above threat in releas 8096.. Which says minimum PAN-OS 8.1.0...

We are on 8.0.x , does that mean the above would not be applicable?

Thanks

Rob

Resolved! Port 0 in the session details

Hello,

Can someone please advise why our session list would have To/From port 0?

Resolved! Tunnels status VPN between Palo Alto-3260 and AWS VPC.

Folks,

Typically when we build a IPSec tunnel from the AWS VPC to the on-prem Palo Alto box we get an option of 2 tunnel's from the AWS. I have options of configuring both the tunnels as UP/UP when the end point is something like a Juniper ISG-1000/IS

...

Traffic Logs - Resolve Hostname - Micrsoft Public IPs

Dear Commuity,

I am very new to Palo Alto Firewalls. I saw, that you can check the "Resolve hostname" checkbox when viewing Traffic Logs. Sadly a lot of IPs are not being resolved. I examed a few random samples and notices, the IPs mostly belong to Mi

...

Resolved! Interface Monitoring / See if traffic gets send to interface

I am having a weired issue with a PaloAlto and a Telekom Router.

I configured a specific client address to always use a second Router (with internet connection) to communicate to the WAN.

Everything on the PaloAlto looks good to me but when I plug-in

...

Resolved! Firewall - Interface High availablity

Hi All,

In my scenario, i have single PA-220 for guest access. In trusted zone i would like to keep the interface lelvel (active/standby) high availablity.Interface type as L2. I couldn't do aggregate interface since it's connected to two seperate s

...

FQDN TTL shorter than refresh time

I have a problem with some sites that uses DNS round robin as loadballancer.

As an examble:

vs-ssh.visualstudio.com

This has the TTL set to 300 sec, the PA's FQDN refresh is default 30 min.

So the firewall won't cache all IP's used in the round robin, b

...

Dynamic NAT IP & PORT with STUN

Hello,

Is anyone already configured it ?

We want to use STUN but the NAT seems to be a problem.

David,

Resolved! SAML and GP minimum requirements

Hello

are there any minimum requirements for PAN OS version, GP client version to successfully use SAML for GP client authentication?

BGP flapping every 15seconds.

Upgraded VM-ESX firewall from 8.0.12 to 8.1.4 and seeing bgp flapping to all the 3 peers.

Its happening every 15sec. Checked timer match.

Active/Standby network design and usage as network gateway?

I have some questions on the Active/Standby deployment model. Right now I'm on A/A which requires all network config between the two units to be different since they're both active at the same time. From looking at the documentation, it looks like

...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Resolved! Application incomplete

Resolved! Always on Global Protect and Open Wifi

How configure Taxii miner for API Authentication

Resolved! User-ID Group Mapping Settings - automatically fetching groups that start with name ABC_

Signatures Minimum OS Version??

Resolved! Port 0 in the session details

Resolved! Tunnels status VPN between Palo Alto-3260 and AWS VPC.

Traffic Logs - Resolve Hostname - Micrsoft Public IPs

Resolved! Interface Monitoring / See if traffic gets send to interface

Resolved! Firewall - Interface High availablity

FQDN TTL shorter than refresh time

Dynamic NAT IP & PORT with STUN

Resolved! SAML and GP minimum requirements

BGP flapping every 15seconds.

Active/Standby network design and usage as network gateway?

WTH is process 'touch' and hwy is it showing zombie?

Add Virus exception

Migrate model FW to virtualwith panorama for policies (recommended procedure)

Newly Registered Domains configuration

Panorama 11.1.8 supports Azure VM series Palo Altos

Re: Virus/Win32.WGeneric.esuykr(752144200) via filename=msvcp140_2_app.dll

Re: Excel downloads being blocked

Re: Panorama 11.1.8 supports Azure VM series Palo Altos

Re: Newly Registered Domains configuration

Re: Changes to sinkhole?

Unlock your full community experience!

Resolved! Application incomplete

Resolved! Always on Global Protect and Open Wifi

Resolved! User-ID Group Mapping Settings - automatically fetching groups that start with name ABC_

Resolved! Port 0 in the session details

Resolved! Tunnels status VPN between Palo Alto-3260 and AWS VPC.

Resolved! Interface Monitoring / See if traffic gets send to interface

Resolved! Firewall - Interface High availablity

Resolved! SAML and GP minimum requirements