General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! NAT Security rule

I'm used to working on Cisco ASA and I'm having a hard time understanding why the security rule states Untrust-L3 for both the source and destination zone. Typically wouldn't that be Untrust-L3 to DMZ? Is there a specific reason for this behavior?

Screen Shot 2018-01-06 at 6.57.18 PM.png

Aws S3 application ??

Hi.
How can i permit trusted network to access S3 only?
I cant find an app for that.

DNS proxy not working

Hello,

We are currently getting resolve-fail events for DNS.

Failed to resolve domain name: after trying all attempts to name server(s): 8.8.8.8 8.8.4.4

DNS server is in loopback.2 Interface/Untrust/IP:203.44.x.x

Below are some pics of DNS proxy setti

...

A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

A wrap of our summer question leads into fall or autumn, as your preference may be, wherein we ask:

What is your favorite Palo Alto Networks feature?

Did it help solve a problem you were facing?

As a former support engineer, I always like to hear

...

Is it possible to permit SSH, HTTP, HTTPS and PING in one rule ?

I can't seem to find an application for HTTPS traffic. Is it possible to group all these traffic in one rule ?

Thanks a lot

Outlook and Global Protect

In the past when our users disconnected Global Protect, Outlook would disconnect immediately.

Seems like this no longer the case. When GP is disconnected Outlook continues to work.

I'm wondering if anyone has every eperience this before?

Thanks

Resolved! Expressway-E and C and NAT and VW

Hi,

I have deployed Expressway (cisco ToIP) E and C as per the diagram below .PA is in VW mode .

Does it work without any changes in the PA ?

Or Is there any policy must be created ?

Thanks

CLI command to get security policy for p2p applications ( allow action)

I would like to know the CLI command to retrieve info of security policies which have p2p applications left allowed.

Idea is to find out on all sites and block it.

Resolved! How to escape special characters (i.e. colon) in miner rule

Hi,

I have a rule for Panos syslog miner to block FTP brute force login attempt that is not working. I suspect this is because the threat_name has a colon in it, and is not being parsed properly. This is what my rule looks like:

conditions: - t...

Response Page Issue

https://mail.yahoo.com (web based email) and https://web.tresorit.com (online storage and backup) are both blocked via url category filter as per screen shot. But... I am only getting the response page for mail.yahoo.com.

web.tresorit.com just gets

...

IPSEC VPN Tunnel Failover and Nexus 7K VPC Design

Hello,

A and B question:

A. We have two Palos in A/S. The active has a functioning IPSEC VPN tunnel terminated to it. Is there any way to have the tunnel renegotiate to the S when it becomes A?

B. What is the proper way to design an A/S PA/Nexus 7k

...

Halloween challenge: take your shot at winning a Live Community hoodie!

In the wake of the success we had at the Live Community booth at Ignite2017, I'd like to start a new tradition and what better time to have a little fun than Halloween?

So I'd like to challenge you guys and girls of the Live community to either flaun

...

Resolved! LDAP group member enumeration problem

I am running PAN OS 8.0.7 and having a problem with getting the members of a group enumerated by the firewall.

The group is shown by the firewall in the GUI and can be added to security policies, and the CLI if I run the "show user group list" comman

...

Strange packet drop

Hello guys,

I have a PA820 in active/passive mode who has a strange behaviour. I have created a rule that permits that traffic but the device drops it. I see "allow"in the logs, but with a capture I can clearly see the SYN in the dropped section and

...

Any issues not documented on version 8.0.6?

Hello Community,

Since the security advisories were released yesterday, we are looking to upgrade to the newer version. Has anyone experienced any issues with 8.0.6 from 8.0.5 that are not in the release notes?

https://securityadvisories.paloaltonetw

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! NAT Security rule

Aws S3 application ??

DNS proxy not working

A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

Is it possible to permit SSH, HTTP, HTTPS and PING in one rule ?

Outlook and Global Protect

Resolved! Expressway-E and C and NAT and VW

CLI command to get security policy for p2p applications ( allow action)

Resolved! How to escape special characters (i.e. colon) in miner rule

Response Page Issue

IPSEC VPN Tunnel Failover and Nexus 7K VPC Design

Halloween challenge: take your shot at winning a Live Community hoodie!

Resolved! LDAP group member enumeration problem

Strange packet drop

Any issues not documented on version 8.0.6?

On premise RSA MFA setup.

No ping reply via Palo to Palo S2S

PA not be able to access internet

SSO Palo Alto Support Portal

IPv6 on public interface

SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: ACC shows ipv6 addresses in source/destination IP

Re: Howto delete sub-interace from cli

Unlock your full community experience!

Resolved! NAT Security rule

Resolved! Expressway-E and C and NAT and VW

Resolved! How to escape special characters (i.e. colon) in miner rule

Resolved! LDAP group member enumeration problem