General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Support for inspecting SSL message for kafka connect

We are using Kafka for messaging and have a requirement to inspect the SSL message sent to kafka broker from kafka connect. Kafka using binary tcp protocol with kafka broker listeners on PLAINTEXT://9093 (without SSL)

Can paloalto decrypt and inspec

...

Does Palo Alto (VM) firewall supported in VirtualBox?

Has anyone managed to installed and run Palo Alto (VM) firewall successfully in VirtualBox?

I've been trying to setup my own lab for learning purposes. Basically, this lab contains client, firewall, and server with different network segment.

Client --

...

VPN certificate expires

Hey!

My firewall is a PA-3020 with 8.0.7. There is a Global Protect gateway and portal, users can connect via Global Protect.

As portal address in the global protect app, we are using an address that is availabe in public dns.

Additionally, there is a p

...

What is application db = 0 and app.id c2s node (0, 0) s2s node (0, 0) in session id command

Hello Folks,

I am looking for some more information on session id command outputs. I see a session in free state with

application db = 0 and app.id c2s node (0, 0) s2s node (0, 0) . What does this mean ?

Is this that app-id engine of PAN is not

...

sync to peer failing

all of a sudden my sync to peer is failing anything I need to look at?

Resolved! Panorama 8.0 : Device Groups

Can you have 7.1 and 8.x firewalls in the same device group? Any issues with commits.?

Resolved! Use Domain EDL for purposes other than DNS sinkholing?

Can you use a domain EDL for other purposes or only for DNS sinkholing?

In other words, can you use a domain EDL in any policy rule in the same way an FQDN object can be used?

I would expect that you can, but wanted to ask.

Linux and TCP keepalive

Hi

Is there some reason that PA have a 1 hour keepalive value, where linux has a 2 hour timeout value.

Whats considered best practices ... reset the PA to 2 hours or bring down the linux keepalive value to say 1800

A

Resolved! No devices in deploy content window

I am having a problem trying to push Apps&Threats or AV from the panorama to the firewalls. We have a Panorama M100 at 8.0.5 (recently upgraded from 6.1.10) with 5020 FW's at same release. We are NOT able to do the reachback to Palo Alto servers sinc

...

Trouble installing manually or from ISO on ESX

Have followed all the articles I can find. Trying the ISO, I can login and basically gets stuck right after login at "initializing minemeld, this can take some minutes......", and left it for minutes/hours/days, just never finishes. Tried canceling

...

Resolved! The total number of dynamic_ip_port NAT translate called

Hello,

could someone explain me what means this counter, please?

The total number of dynamic_ip_port NAT translate called

thank you in advance

Palo Alto firewall does not display traffic log

I've just installed Palo Alto firewall VM version in virtual box.

I was able to access it via WEB (https) and SSH.

However, when I check traffic log it was empty.

I generated a few traffic such as ping and nmap scan against firewall IP, but still no t

...

PA-VM network setting in VirtualBox?

Here is my basic network topology.

1. Linux Client (PC01)
2. Palo Alto Firewall (PA-VM)

Both configured with 2 interfaces enabled in VirtualBox

Adapter 1: Host-only. This is for out of band management interface
Adapter 2: Internal Network. This is for ac

...

July content update brings new AirWatch and SharePoint applications

The July Application and Threat Content Release introduced AirWatch and several SharePoint applications.

To ensure all of our customers have all the information they need to safely enable these new applications in their security policy, we created

...

Resolved! Challenge with Cisco ISE (Identity Service Engine) Integration for user-id mapping

Hello All,

I am currently trying to integrate the cisco ise (radius server) to the Palo Alto Syslog filters so that the users that be tagged and policy applied to different categories of guest based on ISE permission.

Currently ISE seem to be sending a

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Support for inspecting SSL message for kafka connect

Does Palo Alto (VM) firewall supported in VirtualBox?

VPN certificate expires

What is application db = 0 and app.id c2s node (0, 0) s2s node (0, 0) in session id command

sync to peer failing

Resolved! Panorama 8.0 : Device Groups

Resolved! Use Domain EDL for purposes other than DNS sinkholing?

Linux and TCP keepalive

Resolved! No devices in deploy content window

Trouble installing manually or from ISO on ESX

Resolved! The total number of dynamic_ip_port NAT translate called

Palo Alto firewall does not display traffic log

PA-VM network setting in VirtualBox?

July content update brings new AirWatch and SharePoint applications

Resolved! Challenge with Cisco ISE (Identity Service Engine) Integration for user-id mapping

On premise RSA MFA setup.

No ping reply via Palo to Palo S2S

PA not be able to access internet

SSO Palo Alto Support Portal

IPv6 on public interface

SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: ACC shows ipv6 addresses in source/destination IP

Re: Howto delete sub-interace from cli

Unlock your full community experience!

Resolved! Panorama 8.0 : Device Groups

Resolved! Use Domain EDL for purposes other than DNS sinkholing?

Resolved! No devices in deploy content window

Resolved! The total number of dynamic_ip_port NAT translate called

Resolved! Challenge with Cisco ISE (Identity Service Engine) Integration for user-id mapping