General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

HTTP redirect at firewall level(currently being done in IIS

I'm currently doing http redirect at the web server(IIS) and allowing http and https traffic into the web server. Is there a way to do http redirect at the firewall level and that way I only allow SSL traffic and block http coming into the web server

...

Resolved! Management CPU keeps 100% usage

Hi experts,

We are using PA-2020 in our environment and its firmware version is "4.1.6"

PA-2020 was working smoothly but now it appears very slow process when we click commit action. We have searched and followed many reference such like 1) disable e

...

MineMeld - how to prevent age out of DShield in a TAXII output DataFeed

Here is the basic setup that I'm having trouble with:

Miner:

dshield_blocklist: output: true prototype: dshield.block

Aggregator:

aggregator_dshield: inputs: - dshield_blocklist output: true prototype: minemeldlocal.ag...

Modify application

One of the applications (a default one in the Palo Alto) sometimes connects over an other port than the defined standard port for the application. Since I defined the plicys service as 'application default', this traffic gets blocked.

Its the applica

...

Resolved! Difference between pkts/sec vs conns/sec

Hi All,

In Zone Protection Profile, a unit of rate changed from packets/sec to connections/sec when I upgrade into PAN-OS 8.0.

It sounds defferent thing, though is this only changes on GUI and nothing changes on this feature, I mean way of counts is s

...

Recommened PAN-OS as of April 2017 (Q2)

What PAN-OS are people running these days? I am currently 7.0.8 and it is time for the care-and-feeding of the firewall code at my company. I am looking at upgrading to 7.1.8 (but 7.1.9 just came out today).

I do not use any SSL Decryption features.

...

Resolved! ike2 and globalprotect VPN

Can you configure a globalprotect VPN with ike2?

Resolved! BGP filtering question

Hi

Quick question, pretty sure I know the answer.

But I want to redistribute some of the OSPF routes I have into BGP.

So I create a redist profile, say the source is OSPF

then I can use the BGP export filtering to stop what I don't want out.

So lets s

...

Proxy ARP

Hi

I have a 5220 in the DC and a 850 in the office

On the 5220 I have an interface onto network 2.7.3.0/24
On the 850 I have a NAT for 2.7.3.129/32
the 5220 get this via OSPF

How can I make the 5220 response on the interface 2.7.3.0/24 for arp requests f

...

Resolved! CLI command to get the unused/zero hits security policy.

I see unused check box on GUI, what is the command to get similar results on CLI

How does one create an output filter to exclude IPv4 indicators in a CIDR range?

I have various miners. Various miners are connected to various aggregators which are inturn connected in various ways to different types of output.

Some of these miners receive RFC1918 IPv4 indicators. These are aggregated and send to outputs.

...

OSPF and Cisco Routers

Greetings all,

I was doing some Core routing work during an outage this last week and ran into a repeat of some issues we had when we initially put our PAN boxes in to place. The original scenario:

A subinterface existed on the Palo Alto with the ta

...

PA-820 Firewalls Won't Come Back up After Upgrade to 8.0.7

I have two PA-820 firewalls that won't come back up after upgrading to 8.0.7. We have power-cycled to no avail. Support doesn't really have any answers beyond that at this point. We also upgraded an 850 that was fine. Any help?

Resolved! NAT Security rule

I'm used to working on Cisco ASA and I'm having a hard time understanding why the security rule states Untrust-L3 for both the source and destination zone. Typically wouldn't that be Untrust-L3 to DMZ? Is there a specific reason for this behavior?

Screen Shot 2018-01-06 at 6.57.18 PM.png

Aws S3 application ??

Hi.
How can i permit trusted network to access S3 only?
I cant find an app for that.