General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! Authentication error Gprotect

Hi,

we have a cluster of PA5020 with PanOS 7.1.12. Yesterday we had a problem, the Global protect authentication was failing. So we failover the cluster and it worked again. Today this problem has happened again. Looking in bug we could be hitting th

...

Seek for help: Failure to use Global Protect VPN

I came into a problem for global protect VPN connection, could anyone please help me?

After installing of the GlobalProtect64.msi program(finished installtion), it didnot work on my computer(cannot establish connection, windows 8.1, 64 bits system).

...

Multi site dual-isp with redundant VPN connections: PBF vs alternatives?

When we got out PanOS firewalls a few years back, we set them up with a single virtual router and PBF to handle our active/passive ISPs.

Time went on, and to support fancier topologies, such as fully redundant VPN connections between us an AWS, we m

...

Computer wakes up

Hello,

My laptop which is couple of months ol runs win 10 is constantly turning on when in sleep mode. Any advice and what causes this?

Resolved! Educator at Heart - Jobs for trainers PCNSE certified?

About to take the PCNSE in a few weeks. I don't mind being a consultant, but I like training the most. Are there many jobs out there for PCNSE certified individuals interested in training, and if so where are they needed most? Also, what is the s

...

Resolved! PANOS 8.0.7 SSL inbound inspection affects SSLLabs scroe

Hi,

When we do SSL inbound inspection for some of our web servers, SSLLabs test scores goes from A+ to B. I also tested with "openssl s_client -connect mailadmin.artvin.edu.tr:443 -showcerts" and it show the same problem. The problem is, when doing s

...

Resolved! How to export sample miner from minemeld app in autofocus

Hi experts,

I have a customer who uses Autofocus with Minemeld and, uses splunk.

This customer is using two minemeld. One of Minemeld is from Autofocus app and, another is Standalone Minemeld deployed on Splunk.

but, I found out difference numb

...

After installing update 8.0.8 PA3020 in FIPS\CC mode inaccessible. Device stuck in boot loop.

After installing update 8.0.8 on a couple of our PA 3020s they became inaccessible using the web access and SSH. We had to do a factory reset on the devices. Every time we tried to put the devices back into FIPS\CC with 8.0.8 installed the devices

...

Destination NAT not working

Hello all,

I am having issues with my NAT config. I have everything from this doc completed but not seeing any traffic hit my outside interface in the logs.

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/networking/nat/nat-configurati

...

Resolved! Policies > Tunnel Inspection

Hello Does any one have example of how to configuring tunnel inspection in GUI under the policy tab.

Thank you

Resolved! GlobalProtect and general Internet access?

Hey folks,

Using PAN-OS 7.1.15 and Globalprotect client 4.0.1.

Trying to confirm something. From what I can tell, when connected to VPN via GlobalProtect, my general internet access goes through the VPN tunnel route successfully (after security rule

...

List of Service Accounts

Does anyone have a running list of service accounts used/needed for best practices?

User-ID (per domain or per domain trust)

LDAP profile (per domain for Group Mappings)

What else?

Resolved! GlobalProtect client can't authenticate anymore after upgrade to 4.1

We have upgraded our firewall to version 8.1 and the GlobalProtect agent to 4.1.

We use a certificate to authenticate with our GlobalProtect Agent but after the upgrade (8.0.5 and 4.0.3) nobody can't authenticate anymore.

In the logs I always see this:

...

Resolved! SNMP Paloalto

Hello !

I want to do snmp polling to a palo alto firewall, but not using any management "software" (like zabbix). I'm trying to do it via bash command snmpget, in which i pass the object OID 1.3.6.1.2.1.25.3.3.1.2.1 (CPU util on the management plane)

...

Max session age?

Quick question here. If there is a perfect TCP or UDP session that is just sending stream data for example (say, an IP camera feed to a DVR server) and there are no app hiccups or dropped packets - is there a max session age for this condition? I c

...

Discussions