General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Guest Captive Portal Auto-Registration Page

Hi, my customer have an PaloAlto 5050 , and he need to configure captive portal wifi guest access,my question is : is it possible using palo alto captive portal to have a form with the following information to fill (by the guest) first namelast nameemailphonethe customer have to accept the terme and the use condition ; before getting access , an...

Resolved! SSL Decryption just some users

Hello everybody, I'm struggling thinking how i can do this. I've implemented SSL Decryption in the Palo Alto FW and i just tried with two IP's with a succesful result. Now i would like to open the range. I want to apply that decryption rule to an OU of my domain but i don't know how to do it. Well, actually, i don't know if it's possible. So, t...

Deleting Security-Policy Rules from CLI

I'm trying to find a way to mass delete a couple of rules from the CLI. Is there a way to do this?I know you can run something like: > show running security-policy | match Minemeld|MineMeldBut I have not found a way to actually remove one of the matches the command above returns.

Resolved! Office 365 and SSL decrypt

Hi I have my PA's setup with O365 ip address and URL's using minemeld. Cool. But I would like to decrypt that traffic and I find that de crypt ssl breask lots of O365 stuff. Does somebody have a list of stuff I can de crypt or what I can't decrypt or is there a way of asking MS O365 to change my tenant to allow decrypt ? Or do i have to just put...

PA 820 MM Fiber interface will not come up with WAN Provider

I have a palo alto 220, a switch with fiber port, and a palo alto 820 with fiber port. We use AT&T 1G fiber for wan connectivity. If a palo alto is connected directly to the MM fiber wan the interface will not come up. When a switch is used as a media converter, the fiber interface/sfp on the switch does come up, and using a copper connx ...

DMVPN router traffic through DMZ to trusted LAN

We are setting up DMVPN routers for on-demand VPNs from our remote sites to HQ. our DMVPN routers have the front end exposed to internet and the back end is on our special DMVPN DMZ. When the VPN is built from the remote site traffic from the site comes into the DMZ and needs to be routed through the PA (5050) to the trusted interface (HQ LAN ...

Resolved! GP 4.1.1 wanting me to downgrade to 2.1.1 as an "Update"

I haven't had this issue with any other 4.1.1 clients I have installed for my users. We have been slowly rolling out 4.1.1 while upgrading machines and replacing them with users. This morning when I came in to finalize a deployment GP 4.1.1 is now prompting me that I haven't heard from my users that this is happening to everyone so I am thinki...

Query on wildcard certificate

Hello, Our wildcard certificate doesn't have any SANs associated with it. Is this a requirement for usage of a wildcard cert?Can I use the same certificate for both web management and GP? Thanks in advance.

Resolved! Dynamic Updates for Antivirus Fails to show up allow me to download and install

Just setup a PA-200 has a lab bundle, threat prevention, pan-db-url filtering, Global protect, and wildfire license. I reset to default upgraded to 8.1.3 have the latest content features show "Apps, and Threat". When I click on Check now button antivirus still fails to show up. Any ideas what to do?

Resolved! HA Connectivity between 2 Data center with Fiber connection

Dear All, Can anyone please help regarding an HA configuration between 2 different data centers far in distance from each other, and connected to each other using a Fiber link. is that configuration possible? how to do this over only one link between the 2 locations? Thanks,

Resolved! Global Protect 4.0 upgrade to 4.1

Is this an easy upgrade, can I just upgrade the GP/ and gateways to 4.1 will they work with the 4.0 clients

Resolved! Check other Panorama admin accounts last login time

Hi, Please can someone tell me if there is a way to check the last login time of administrator accounts other your own account on Panorama (8.1.1) ? We have multiple administrators and need to be able to identify accounts which are not being used. I am aware you can check the last login time of the account you are logged in with yourself, but I ...

Resolved! downgrade from 8.1.3 to 7.1.16

I am trying to develop an upgrade path from 7.1.16 to 8.1.3 and i have a test PA220 that I am working with. I don't want to have to to a factory reset to my test firewall but so far it has allowed me to upload a 7.1.16 image, but they when i try to install it it give me the error" failed image wrong for platform" then my software file for 7.1.16...

Resolved! Site / urls you don't want to decrypt

Hi I have a set of decrypt rules 1 to no decrypt based on src addressor dst addressor url - the usl is from custom objects / url category where I add in url's lile *.lync.com then i do my decrypt line so the above gets hit first and then the decrypt I also notice there is device / cert management / ssl decrypt exclusion << which seems to b...

ssl decryption and temp cert management

Hi I ran into an issue with the decryption cert being provide by my PA it had expired. it was 30 days in. I believe this is an issue with the date time comparision and timezones as it has fixed itself today. How do i find / look at these temp certs via the clihow can i delete / renew or purge them from the cli A

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!