General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

block geo location IP version 6

Is palo Alto supporting Geo location blocking for IP version 6?

Resolved! Help understand TAP mode

Hello,

sorry for a dumb question but I am new to PaloAlto and I would like to understand the TAP mode on a physical PA firewall. We have Cisco Catalyst 6509 switch running in 1 of the offices as a core. PA firewall is used for users' internet traffic

...

Panorama PAN-OS 8.0.8 and always highlighted (Green) Commit button

I have recently upgraded Panorama from 7.1.x to 8.0.8. Although there are no changes and all firewalls are "in sync" for the configuration, the Panorama "Commit" button is Green/Highlighted. Is there anyone using Panorama with 8.0.x and seeing the sa

...

Resolved! PAN-89471 userid causes firewall to reboot ?

I am considering upgrading from 8.0.x to 8.1.x, but this issue seems like it might be a show stopper.

In 8.1.x known issue PAN-89471

"Firewalls reboot because the userid process restarts too often due to a socket binding failure that causes a memory

...

Palo Alto firewall generates SSL version / cipher suites errors

Hi, i have a very strange issue. I have a webserver protected by a palo alto NGFW, if i disable inbound ssl inspection policies everything works fine and i can access the server as intended.

However when i enable the inbound ssl inspection policy, w

...

USER-ID - Windows Server 2016 - Event Log Viever permission issue

I cannot read AD logs on Windows Server 2016 with the event viewer read group access. Is there anything special that needs to be on Windows 2016 Domain?

Thanks

Dynamic Update from Panorama doesn't work

I want to use Panorama to perform dynamic updates for the "Antivirus" and "Applications and Threat" sections.

On remote firewalls, I configured Panorama as the update server.
I also scheduled the automatic update via a template.

In Panorama, I have the

...

Resolved! Rule allowed but policy-deny?

Hi, We have something strange in our firewall. We have a client/computer with Sonos software and the software need to update. When we click update in the software we get a message that something is wrong. So I checked our firewall and in the monitor ...

DNS Format That sent to Arcsight it contain www?

Malicious domain names some of them contain www before domain name like www.xyz.com.

so if there is any solution to define that as domain name only like (xyz.com) to use it in correlation rules.

Why is this traffic allowed when the rule should not allow it?

I am tidying up some rules that were "rush" jobs as part of the initial deployment.

One rule "TEST-VI" was

SRC ZONE - TRUST
DST ZONE - Partners
DST Addr - I%%%%%A-VIP

Application - Any

I was going to get rid of this as there is another rule after it

...

Resolved! PA200 commit failed (file size limit)

Hi,

We are running commit from panorama to several PA200. Commit is failing, the reason is "Wildfire size limit" but we havent changed any value in Wildfire. If we restart management plane and run the commit again is working, the commit is done.

PanOS

...

GlobalProtect LDAP Authentication Fails

I have succesfully set up local login for GP but struggling to set up LDAP authentication. The CLI test says that its succesfull, but it fails whne using GP

Any tips please?

Resolved! How to configure URL Filtering SSL site

Hi all,

I have a question regarding URL filtering. I set up URL filtering in Security Profiles to "Alert" for Google Tag Manager. Test and work with the browser access to "https://www.googletagmanager.com/". When I use Wireshark to capture packets, w

...

Resolved! DHCP server relay service down from Palo Alto monitoring

We are using DHCP server relay in Palo Alto provide IPs to network.

We have faced issues aboutpalo alto stopped processing DHCP relay

It was not shown in system logs

It was shown in dhcpd.logs

==

Warning: pan_dhcpd_cfgagent_initial_config_callback(pan_d

...

Subject Alt: Email for GP authentication

I've been trying to setup this scenario. But I keep getting subject as username on GP portal.

Is there any trick? Because configuration is pretty simple.

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

block geo location IP version 6

Resolved! Help understand TAP mode

Panorama PAN-OS 8.0.8 and always highlighted (Green) Commit button

Resolved! PAN-89471 userid causes firewall to reboot ?

Palo Alto firewall generates SSL version / cipher suites errors

USER-ID - Windows Server 2016 - Event Log Viever permission issue

Dynamic Update from Panorama doesn't work

Resolved! Rule allowed but policy-deny?

DNS Format That sent to Arcsight it contain www?

Why is this traffic allowed when the rule should not allow it?

Resolved! PA200 commit failed (file size limit)

GlobalProtect LDAP Authentication Fails

Resolved! How to configure URL Filtering SSL site

Resolved! DHCP server relay service down from Palo Alto monitoring

Subject Alt: Email for GP authentication

Recommended Subscription Licenses for east west traffic

Global Protect App/Gateway Login Banner

Quick upgrade query

Push Scope isn't showing and Commit button grayed out after upgrade Panorama

PA Active/Passive and Cisco stacking LACP

SYSTEM ALERT : medium : MLAV: Unknown error

Re: ACC shows ipv6 addresses in source/destination IP

Re: Quick upgrade query

Re: Recommended Subscription Licenses for east west traffic

Re: Certificates not showing under Devices Certificates or CLI

Unlock your full community experience!

Resolved! Help understand TAP mode

Resolved! PAN-89471 userid causes firewall to reboot ?

Resolved! Rule allowed but policy-deny?

Resolved! PA200 commit failed (file size limit)

Resolved! How to configure URL Filtering SSL site

Resolved! DHCP server relay service down from Palo Alto monitoring