General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

PA firewall with unknown master key and recovery procedure

Hi Team

We have a firewall working in Active/Standby configuration. The firewalls has been configured with Master Key .We lost the master key secret ( in other context we not sure the current master key is default or custom configured but noticed its

...

Resolved! 3200 and 5200 Series New Interface Types

Can you please help us with the new 3200 and 5200 interface types, because it is not very clear in the hardware documentation?

The firewalls now have HA1 and HA1-Backup dedicated ports. The 5200 also have AUX-1 and AUX-2. Can we still use any other d

...

Resolved! Problem of PA-220 behind another router

Got a PA-220 to test.

Want to setup something like below:

Internet <-> Juniper SSG-140 (GW:192.168.1.1) <-> PA-220 <-> user's device (172.16.1.0/24)

1. The SSG-140 can reach internet

2. The PA-220 external port (192.168.1.100) can reach internet too

3. T

...

Resolved! [Minemeld 0.9.48] - Some prototypes not available in the GUI

Hello team!

I hope you are doing alright !

It looks like that since the last update (0.9.48), I am no longer able to setup new nodes with the prototypes:

stdlib.localDB

OR

stdlib.aggregatorIPv4Inbound

Moreover, a couple of my miners/nodes no

...

Resolved! PA-3260 hardware specification

Hi All,

Does anybody know what CPUs are used and how many ram is installed for PA-3260?

Our potential customer wants the hardware specification including CPU/RAM information but I cannot find those information. What I only found is following which onl

...

Resolved! GlobalProtect Access Route for a public website?

Hi folks,

We are using a PA 3020 PANOS 7.1.14.

We have entered all public IP addresses for Okta in our Global Protect Gateway Client Access route settings.

Our intention is for Okta to only see client IP requests come from our one corporate public IP

...

Resolved! How to disable Global Protect inside Firewall

Hi All,

I am looking for a way to have the GP client client NOT connect when I am inside the firewall of at a remote site with a VPN tunnel. Basically I would like to make a rule that says do not connect when connected to certain subnets.

Is there a w

...

Ignoring Users in Mapping

Howdy,

Sorry if this has been asked thousands of times, but I cannot seem to locate something quite similiar.

We have noticed recently, that some users are logging in with a local computer account and then obviously being able to browse the internet

...

Import kerberos keytab from CLI?

Hi,

Is it possible to import the kerberos keytab file directly from CLI rather than using the GUI?

I have noticed that if the keytab is imported via GUI, the command below is added to the config.

set shared authentication-profile my_profile single-s

...

Blocking TLDs with a URL filter

Hello all,

I'm attempting to block about 1340 TLDs with a URL filter. However, I can't seem to get the URL filter to not block any URL where the TLD string is part.

For example:

If I want to block the .able TLD, I block "*.able" via a URL Category th

...

Radius & OTP Globalprotect VPN

So if I am configuring a a VPN to use radius & OTP (multi factor authentication) and LDAP. Do I add the radius authentication to both the portal and the gateway? and if so where and how does the LDAP authentication occur?

static routes remain valid even when ipsec tunnel down?

I discovered that static routes associated with ipsec tunnels that are down remain valid and continue to be redistributed by, in our case, OSPF. This is not the behavior we desire. We'd like the static routes to become invalid and not be redistribute

...