General Topics

🚀 Join us at Palo Alto Networks Headquarters for Ignite - November 14, 2024 🚀

Enterprises are embracing AI to revolutionize their operations, but with innovation comes new cybersecurity challenges. That’s why you can’t miss Ignite on Tour!

This event is your gateway to exploring how AI is transforming cyber defenses. Join us

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Modify application

One of the applications (a default one in the Palo Alto) sometimes connects over an other port than the defined standard port for the application. Since I defined the plicys service as 'application default', this traffic gets blocked.

Its the applica

...

Resolved! Difference between pkts/sec vs conns/sec

Hi All,

In Zone Protection Profile, a unit of rate changed from packets/sec to connections/sec when I upgrade into PAN-OS 8.0.

It sounds defferent thing, though is this only changes on GUI and nothing changes on this feature, I mean way of counts is s

...

Recommened PAN-OS as of April 2017 (Q2)

What PAN-OS are people running these days? I am currently 7.0.8 and it is time for the care-and-feeding of the firewall code at my company. I am looking at upgrading to 7.1.8 (but 7.1.9 just came out today).

I do not use any SSL Decryption features.

...

Resolved! ike2 and globalprotect VPN

Can you configure a globalprotect VPN with ike2?

Resolved! BGP filtering question

Hi

Quick question, pretty sure I know the answer.

But I want to redistribute some of the OSPF routes I have into BGP.

So I create a redist profile, say the source is OSPF

then I can use the BGP export filtering to stop what I don't want out.

So lets s

...

Proxy ARP

Hi

I have a 5220 in the DC and a 850 in the office

On the 5220 I have an interface onto network 2.7.3.0/24
On the 850 I have a NAT for 2.7.3.129/32
the 5220 get this via OSPF

How can I make the 5220 response on the interface 2.7.3.0/24 for arp requests f

...

Resolved! CLI command to get the unused/zero hits security policy.

I see unused check box on GUI, what is the command to get similar results on CLI

How does one create an output filter to exclude IPv4 indicators in a CIDR range?

I have various miners. Various miners are connected to various aggregators which are inturn connected in various ways to different types of output.

Some of these miners receive RFC1918 IPv4 indicators. These are aggregated and send to outputs.

...

OSPF and Cisco Routers

Greetings all,

I was doing some Core routing work during an outage this last week and ran into a repeat of some issues we had when we initially put our PAN boxes in to place. The original scenario:

A subinterface existed on the Palo Alto with the ta

...

PA-820 Firewalls Won't Come Back up After Upgrade to 8.0.7

I have two PA-820 firewalls that won't come back up after upgrading to 8.0.7. We have power-cycled to no avail. Support doesn't really have any answers beyond that at this point. We also upgraded an 850 that was fine. Any help?

Resolved! NAT Security rule

I'm used to working on Cisco ASA and I'm having a hard time understanding why the security rule states Untrust-L3 for both the source and destination zone. Typically wouldn't that be Untrust-L3 to DMZ? Is there a specific reason for this behavior?