General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! SMB versions

I currently have ms-ds-smbv2 and ms-ds-smbv3 permitted but I am seeing ms-ds-smb-base getting denied.

What is ms-ds-smb-base? Is this the same as ms-ds-smbv1?

Thanks!

SMB : SMB: User Password Brute-force Attempt

Hi,

my customer had a problem with this threat. They have a internal app which was failing when palo alto updates changed the action to reset-both. Customer told me that this problem started last 15/06 but i went to the PA updates mails and i didnt s

...

Resolved! How does link monitoring work in High Availability ?

Hi All,

I am working on the following HA design -

As you can see above, each firewall will have two interfaces connected to Juniper routers on the inside and outside zones. The firewall peers will also be directly connected to each other for the H

...

(Vendor - PAN) 40 Gig PRD Firewalls Topology (1).jpg

Issue with NAT over Site-2-Site VPN

Hi there,

I am reasonably good with Palo Alto Firewall however struggling with the NAT over VPN. I am trying to hide some internal IPs behind 9.9.0.1/32 and 9.9.0.1/32 is configured in Proxy ID as Local host. VPN phase 3 comes up but i think the way

...

Panorama High availability

Are there any issues with running 2 Panorama servers in an HA configuration across a WAN? Recommendations for configuring hold timers and various interval settings?

Judy

Panorama Problems!

Any ideas how to fix the following error: Failed to establish SSL connection to Panorama Server: Port:3978? We are unable to view the logs on Panorama or push the firewall policy from there as a result so it's causing a few issues to say the least. A

...

Multiple Globalprotect Gateway using Same ISP on same firewall

We have to implement a Globalprotect VPN Deployment using 3050 in HA Pair in which we have to use a single Portal and define Multiple External Gateways somewhat we call in Cisco Anyconnect as multiple profiles.

Is it possible to define Multiple Exter

...

Proxy server for PA services

Hello,

We are using a proxy server to control Internet access from internal resources, including the PA firewall. This proxy can only be used to reach external destination.

Also, we had to configure the proxy server on the PA device (Setup -> Services

...

Resolved! BGP filtering question

I am trying to migrate from RouterOS BGP setup.

I have filter rule like

chain=BGPINFilter-common prefix=10.32.0.0/14 prefix-length=14-32 invert-match=no action=discard set-bgp-prepend-path=""

basically it drops all prefixs for 10.32.0.0/14 down to /32

...

Resolved! License/Eula for GlobalProtect Portal client v3.x

We have a client that requires GlobalProtect for connecting to their network. Their site provides the installers which is version 3.1.1.27. We have an internal team that insists on receiving a license description or EULA for using the client binaries

...

Panorama standby password expired

Hi,

One of my accounts on Panorama standby doesn't let me login. I get "Password expired" message. I tired to change password for active unit and that still did not fix issue. I tired to delete and recreate account from active unit that still did not

...

xForward for IP

Does the Palo Alto support the xForward for IP in relation to content delivery networks? We have the content delivery network fronting traffic and in some cases we see requests coming back showing the CDN IP, we are more curious about the details aro

...

Resolved! Disk not detected at startup

Hi Community,

Yesterday we had an issue with our air-conditioner which caused the Palo Alto Firewall to restart due to high temperature. After the device booted up, I noticed some logs saying that disk is not detected/degraded. I tried restarting it

...

Resolved! panorama adding a new device. replacement of another that had fails

I have added a new firewall to Panorama. The new appliance shows a onnected state. This is a replacement of a firewall that had failed,
Now i want to delete the other firewall (with fails) that has several vsys,
no matter what i do, i cannot to change

...

PPPoE, static IP and Brittish Telecom

Hi.

I'm having trouble with using a static ip adresses while connecting using PPPoE.

Using none on IP adress works.

Logs says "'PPPoE session failed to connect for user:user@hg7.btclick.com on interface:ethernet1/1. Reason: No network protocols runn

...

Discussions