If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users.
In the past six
...
Hi Luigi,
.yml file for DagPush node in /opt/minemeld/local/config shows password of the device in clear text. It should be at least hashed.
Thanks
Regards,
Bertrand
Is VMware ESXi with vSphere 6.0 supported?
The technical documentation for the 6.1 virtual appliances states: "VMware ESXi with vSphere 5.0, 5.1, and 5.5 for VM-Series running PAN-OS 6.1."
And the 7.0 documentation states: "VMware ESXi with vSphere 5.1
...
This is two parts:
1) I configured Destination NAT rules and corresponding Security Policies to allow inbound access to servers on private LAN. These all utilize the Primary ISP public IP address. If I want these internal servers accessible over the
...
I am putting a PA firewall in our datacenter and am looking to have the firewall advertise the protected subnets out to the rest of the network. However, the rest of the network uses EIGRP, so the datacenter switch and the PA firewall will need to b
...
How can I properly block youtube, because it's bypassing a PA-3050 on port 443 (https://)?
Unsure quite how to phrase my question. Under Policies >> Security:
I have a Rule way at the top for McAfee ePO; tcp; port 8443.
Settings that I have set are:
Source Zone: Trust Source: IP address for a specific internal host
Destination Zone: Un
...
Hi All,
Recently worked an issue where user wanted hip alerts displayed for users if they are missing ios, apple or windows patch updates. There is sometimes some confusion with regards to the match / not match messages and there is a known issue
...
So are there any response available from PAN regarding the topic which you can read below?
Like when are updates scheduled to be released, any mitigations you can perform before updates are available etc?
Or are they already disclosed (and fixed)
...
Hi All,
I'm currently experiencing some issues with user-id mapping. Some users are not being mapped to IP addresses.
Current setup: I have 3 domain controllers - all have Service Accounts with correct privileges. They are also showing as 'Connecte
...
Hi all, maybe someone can help me with this.
Just did a factory reset on a PA-200 via maintenance mode (via console) and now system reboots automatically in maintenance mode.
I followed instruction from here:
https://live.paloaltonetworks.com/t5/Mana
...
It's perfectly possible I'm being unusually dumb here, but I can't see an elegant way of allowing application usage on non-standard ports - for example ssh on tcp/32777. The obvious way of doing it is to allow a rule that allows appid:ssh on service:
...
Is it possilbe to show custom regions with gps coordinations on the threat/traffic map with the correct gps coordinates?
We have set custom regions for departments with private subnets and gps coordinations.
In the traffic or threat map we can only se
...
Converting config from Nortel Connectivty switch to PA200.
3 interfaces
untrust - public ip - 202.3.41.0/28
trust:private ip - 10.10.10.0/24.
dmz-203.4.42.96/28
There is one to one mapping of few untrust ip to trust ips( to access trust ips from ou
...
Hello
Question here , how can we move a VSYS from one device to another ? please note that in this scenario we cannot backup everything a restore on target since target is running other things that need to be running .
Any ideas ? what are important th
Hi
PA200 PANOS-7.03
Working Production Config:
I have captive portal working with local users. User are in 4 groups (1 to 4) . There are 4 url profiles(1 to 4) associated with 4 local user groups. When user tries to go to any site via browser he get
...
on:
PAN-PA-5220 Purchase
on:
sdwan interface down - recently upgraded to 10.1.6
on:
Session end reason=resources-unavailable, version 8.1.15.h3
on:
Admin credentials were not changing
on:
URL Filtering Wildard - ? in URL
