General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Email Alert Formatting - PanOS 8.0

I'm looking to make my email alerts more readable, especially for certain cases where rapid response is key. I have log forwarding configured and all, but the defaults contain way too much information. If possible I'd like to add some custom verbage, and use variables for the data I actually need, while disabling the rest. Could anyone point me...

Resolved! User member of multiple groups. Software v 8.1.2

If a user is a member of multiple groups for web filtering and the groups are used in different policies will the user be able to access the sites in the multiple policies?

Adding additional public IP range

Hi all - I've been having a bit of trouble getting this to work - I've done it on Cisco & Sonicwall boxes before, but this is my first PA 3020. We were just assigned additional public IP addresses by our ISP. The existing block is 206.x.x.x/29 and the new block is 165.x.x.x/29, so they're note contiguous. I went into the Ethernet Interface...

The new Palo Alto Networks Certified Network Security Administrator (PCNSA) exam

Any info on this exam. On the PA cert web site it says it is coming soon.Thanks Al

Resolved! OS partition

Is there anyway to freeup space on the partition were the OS resides on the PA or is that automagically done when you upgrade the os. All articles dealing with clean up of the disk space has mainly to do with purging logs, the image repository, the configuration but not really the OS.

Security policy rule - allowing a specific host access to ftp.sophos.com

Hello, A colleague needs to access ftp.sophos.com (195.171.192.29) using Filezilla as their SFTP client, via TCP port 990. I set up the security policy rule as follows: They could not log onto the ftp.sophos.com site. The password credentials they used are correct. Is the rule set up correctly? On a Cisco ASA I would have used the following A...

Resolved! Using Minemeld for URL EDL

Dear MM comunity, I am trying to use MM for parsing a URL list to populate a PA NGFW which lacks Url filtering license. I have found that predefined miner urlhaus.URL which seems very well done. It is based on https://urlhaus.abuse.ch/ , which is free of charge. I have cloned it, then cloned a URL aggregator and a URL Output. I used the fo...

Resolved! Device maximum ospf peers

hi guys is there a document that list the maximum OSPF peers and OSPF Areas for PA5220(per device is better) since ther might be a hardware or software limit on it for stability purposes. Thanks

Downgrade Pan OS

Does the debug svm revert still work on the 8 os? https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcYCAS

redistribute global protect ip pool subnet into bgp.

I am running VM-500 in cluster on 8.1.4 . I have global protect configured with ip pool of /24.I need to redistribute this range via bgp. I can see this range in the routing table.

Odd NAT issue...

Had a very odd issue yesterday, I created two new Bi-Directional nat rules [seperate NAT IP's] to the outside world, one worked fine the other did not... One server could not get to the outside world..The NAT matched [OK],The Security Rule Matched [OK], Searched the configs [and old ones] for any possible clash with the NAT IP "X.X.X.115", Nothi...

Certificate Setup on HA Pair

Hello, I wanted to use the SSL/TLS profile facility to restrcit management GUI sessions to TLSv1.2 but am having trouble with the certificates/process to follow. We have an Active/Passive HA Pair, i have been trying to setup on the passive to test but it is not working, from having a look around i susepct this may need to be setup on the Active...

Resolved! Default Master Key lifetime

Dear Comm, I do understand that we use the master key for encrypting our private keys and passwords stored on the firewall. However I am wondering why we should touch this key at anytime? What is the default lifetime of the default master key? I assume it to be 0 (=infinite) as I cant find anything about this question even in the PANOS admin gui...

ldap user group unable to get access

I have ldap server setup with auth profile. User gets authenticate by ldap server and can login via global protect.User is part og the group and a policy is created for this group to access resources.If i change the group to any access is granted but not with specific group in policy.

GLOBAL PROTECT removes the windows 7 product key!

Whenever i install global protect on a new machine, it removes the windows 7 product key, making it non-genuine.Is anyone else having a similar problem?

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Email Alert Formatting - PanOS 8.0

Resolved! User member of multiple groups. Software v 8.1.2

Adding additional public IP range