Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature
...
I need to move a tunnel from a PAN with 6.1.10. The tunnel today uses aes256 for IPSec crypto and for IKE. The tunnel established fine to our biz partner.
In configuring the tunnel on the other PAN with 7.1.9 I notice that my options are aes-256-cbc
...
I only get a dynamic public IP from the ISP on the outside interface of the PAN box. I'd like to configure Destination NAT to use the single public IP for number of servers running inside network on different ports. I've followed the documentation on
...
Hello!
I've spent the last 2 days trying to get an IPSec tunnel working between a PAN 200 and Cisco ASA5505 but all my attempts have failed. I am not sure what the issue is and would reall appreciate any assistance to point me in the right direction
...
Hi all,
One of our resellers has reported a problem to us. A condition, configured in a Traps environment, is not working anymore after they updated from version 4.0.0.24417 to 4.0.1.25216. Is there something known about this problem?
This is the con
...
Hi
At the moment what is most annoying is the blocking external emails, for example, Gmail, depending on which browser you open appears as "gmail", as "ssl" or as quic. We have configured a block list for that, the problem is that users are starting
...
Hello,
I am currently in the process of moving our threat feeds into Minemeld.
One of our providers is Recorded Future, which i have enabled as a node, and set the API access key.
when i go to run a the mode, it gives me a 401 client Error: Unauthoriz
...
Can someone give me a break down of what the process flow is like? For example, Is a lookup done for the user then an IP mapping happens? Are the user-ip mappings being used for the decision in the filtering process?
The reason I ask is that I have
...
Hi all,
I've currently got a site-to-site VPN tunnel already configured for one of our cloud services but we've got a request to add another service from another provider. Our current config has a single floating IP address with the associated tunne
...
Hi all. I am playing with security policy, and seeing a result that I am not expected.
Basically I would like to allow connection from the Local (trusted) zone to a specific server in the DMZ zone to allow port 443 (ssl) traffic only
In the Source sec
...
is there a way to see on the PA , what global protect client version is using ?
Hello,
1. I unstalled the GlobalProtect for Windows 7(64 bits) then tried to install ProductVersion = 3.1.5.
But I encountered the same error as follows over and over even after I followed up the comment in the link(https://live.paloaltonetworks.com/
...
The web console throw the bad gateway error, also status of minemeld-web service is FATAL except for minemeld-engine and minemeld-trace which has RUNNING status. How can I fix this?
Hi, new user here trying out a local instance of minemeld.
I would like to know if there is any way to set up a miner node that will parse and pass along more than just the 'indicator' from the source feed. Specifically, some source feeds contain mor
...
I have multihop BFD session between two zones through a 7050 firewall. Sessions originating from zone A to zone B work fine. Sessions originating from zone B to zone A do not work. Policies exist. There is a valid session in the session table with on
...
Hi guys,
We are using Certificate Authentication Profile for Pre-Logon and then Username and Password before VPN can be established.
GP is working fine and we would like to validate when certificate is revoked, it will stop the machine from connectin
...
