General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Cybersecurity Thoughts

Hi,

I have recently read many Plao Alto and TrendMicro research articles, predictions and reports on subject of cybersecurity. Regardless of personal opinion there are possible catastrophic results that could happen in case of abuse of certain sectors

...

PA-5220s Active/Passive HA with Single VWire but multiple vSys's and Zones

Hi folks

Have pair of 5220s in Active/Passive HA. I'm reading that multiple zones cannot be used on VWire, well actually i'm finding that documentation not so clear and it could be functionality added in later releases of code.

Anyway let me try to e

...

Resolved! pa200 two interfaces in same zone

hi everyone,

we have a pa200 with three L3 interfaces currently in use:

eth 1/1 - untrust - dynamic ip

eth 1/2 - trust - 192.168.18.1/24

eth 1/3 - dmz - 10.10.10.254/24

eth 1/4 - currently unused

Now we would like to configure eth 1/4 just like eth 1/2,

...

Resolved! Latency on Internal Interface

Hello,

Using PAN-OS 8.0.7. When we ping a trusted interface, we see latency up and down. Any clues?

root@test-machine:~# ping 10.2.2.100
PING 10.2.2.100 (10.2.2.100) 56(84) bytes of data.
64 bytes from 10.2.2.100: icmp_seq=1 ttl=63 time=3.46 ms
64 bytes

...

UserID Factor Completion Time - Bad Data

We are seeing some random UserID entries being fed into our firewall that have a Factor Completion Time of "1969/12/31 19:00:00"; these always have a timeout of "0" so effectively kill the user mappings for that user.

Has anyone seen this before? We

...

Zone protection - alert only

I have been investigating zone protection and DoS protection for awhile now and I think I would have already implemented it if you could configure all the settings to alert when you begin testing.

Resolved! pan-os 8.0 ntp not sync

Hi,

I have a problem with test VM-300, NTP not sync and use local clock.

But if i try to set timezone - clock set not correct

>show ntp

NTP state:
NTP not synched, using local clock
NTP server: 178.124.164.107
status: rejected
reachable: yes
authentication

...

Resolved! How to configure a specific event to be sent via email

Hi Guys,

How would I go about configuring my PA to email me everytime another device with the same IP address of the Palo Alto joins the network, please? I didn't want anything else to be emailed to me, just that particular event. I remember I was abl

...

H/A Clustering Query

Hi,

I have a query regarding H/A clustering, I potentially have a requirement for H/A clustering with 3 firewalls and not just 2 (i.e. Active/Standby or Active/Active).

I believe that presently a 3 firewall cluster is not currently supported however

...

Data Plane high PA - 5020

i have problem about data plane, and the TAC say : packet rate is high, but i cannot find, how much PA-5020 can handle packet rate maximum.

i use command "show system statistic sessio" packet rate is 130K - 150K and dataplane 77% at 11:00 AM, but i se

...

Block recently registered domains

Is anyone successfully blocking domains that have been registered recently (last 30 days)? My testing has shown in the last three days, 380k domains have been registered. My PA-3020 capacity for External Dynamic Lists only supports a total capacity o

...

Resolved! Download PAN-OS from GUI failing, potential MTU Problem ...

Ok folks

Here's an interesting one for you.

This is to do with connectivity between Panorama and updates.paloaltonetworks.com

We can retrieve licence info and download list of updates available for downloads (SW and Threats), but when clicking on dow

...

Resolved! Zone protection show wrong severity

We are doing a lab and making test attacks and see if the PA can detect them, we have an interface in tap mode and it is doing the span, we did all the configurations in a PA-200 but when we lunch brute force attacks or sql injection, the logs shown

...

Dynamic NAT

We are moving NAT from the routers to the firewall (5050), the routers do not release the session's efficiently so we are constantly running out of IP's in the pool. Is there a rule of thumb for the number of IP's to sessions on a PAN 5050? We run at

...

Best Practices of log filter

Hello,

As a network admin, when user escalates that he cannot access some specify website, what's the best way to find the property log which was triggered by use's browsing activity?

Of course we can apply filer as "username", but even though, we w

...

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free