General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! VPN IPSec No Proposal Chosen

Hi,

I keep having issues with my IPSec sts VPN. Always have a No proposal chosen message on the Phase 2 proposal.

And then P2 proposal fails due to timeout.

I read that it could be IPSec crypto settings or proxy ID that don't match.

Proxy IDs are OK bec

...

SSL Decryption and Zoho Assist?

Does anyone have issues working with Zoho Assist with SSL Decryption enabled?

Does Zoho Assist do certificate checks at the client side?

skype for Business issue

Hi ,

I'm facing issue with skype for business through paloalto. very bad quality, it's not BW issue because we check it even at night.
any one support more with this subject.

Enabling TLS 1.1 in Decryption profile always allows 3DES even if unchecked

Scenario:

Decryption profile for traffic from the internet to GlobalProtect IP along with an SSL/TLS Service Profile for GlobalProtect, both set to TLS 1.1 or above; Decryption profile has 3DES unchecked.

PA-5020, 7.1.10

Scans from sites like ssllabs.co

...

Resolved! Malicious file not getting blocked

Hello,

An email attachment has been classified by Wildfire as malicious. However, it was not blocked and just an alert was logged.

Below are two screenshots from the Wildfire submission and threat logs.

Any idea why has the Vulnerability Protection cl

...

Resolved! Package Fetch/Repository Problem

Taken from the install guide, but is this still the correct repostitory:

:~$ sudo add-apt-repository "deb http://minemeld-updates.panw.io/ubuntu trusty-minemeld main"

:~$ sudo apt-get update

Hit http://security.debian.org wheezy/updates Release.gpg
Hi

...

Altering Cloned Template Changes Original?

I've been working with one of my customers on enhancing security across their firewall deployment.

After creating a template in Panorama including management hardening and protocol hardening configurations, they cloned the template so they could appl

...

Traps - Upgrading agents not working

Hi,

We are trying to upgrade agents to version 4.0.3 but its not working. Its failed. I attach an image.

How can we know whats happening?any logs???

Minemeld administrator rights

Hello,

I found how to add a new administrator. But I want this new administrator to get only read access on everything and write access on a miner - in order to add indicators (IPv4 and URL) on it.

Do you know if it is possible ? and how ?

Resolved! How To Add Output Feed Parameters When Using Autofocus Hosted Minemeld

I have a output feed that is serving up a list of URL's but I need to have http:// and https:// removed from the feed. It looks like I can use the ?v=panosurl output feed parameter but I am missing how to go about this when using the Autofocus hoste

...

SSL Decryption

Hello,

I have a PA-VM running on a ESX server.

I want to set up SSL Decryption on it using a SUBCA certificate chain signed by a PKI (windows server).

I check boxes "Forward to trust/untrusted certifcate"

I export the SUBCA to store it on a client machi

...

Resolved! Minimal System Requirements for Minemeld

I need to know the minimal system requirements to run Minemeld on Ubuntu 14.04 LTS.

How big does the HDD need to be and how many CPU's and RAM is needed minimal ?

Incorrect GeoIP location

Hi,

It came to my attention that our IP address: 94.23.154.203 according to paloalto geo database appears as it is located in Russian Federation, whereas RIPE and ARIN, NIC, maxmind and others state correctly it is a United Kingdom based IP address.

T

...

Resolved! IPSec VPN Tunnel - Tunnel interface IP address use?

Hi folks,

I am being asked to setup a new IPSec VPN Tunnel and one of the questions from their "worksheet" is what our Tunnel interface IP address is.

We have several IPSec VPN tunnels, each with their respective Tunnel Interface assigned. Most of t

...

App-ID for Tcp/1911 and Tcp/4911 used by Tridium Niagara

We are trying to add rules for Tridium Niagara application. What will be app-ids for TCP/1911 and TCP/4911? Thank you for you help.

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! VPN IPSec No Proposal Chosen

SSL Decryption and Zoho Assist?

skype for Business issue

Enabling TLS 1.1 in Decryption profile always allows 3DES even if unchecked

Resolved! Malicious file not getting blocked

Resolved! Package Fetch/Repository Problem

Altering Cloned Template Changes Original?

Traps - Upgrading agents not working

Minemeld administrator rights

Resolved! How To Add Output Feed Parameters When Using Autofocus Hosted Minemeld

SSL Decryption

Resolved! Minimal System Requirements for Minemeld

Incorrect GeoIP location

Resolved! IPSec VPN Tunnel - Tunnel interface IP address use?

App-ID for Tcp/1911 and Tcp/4911 used by Tridium Niagara

On premise RSA MFA setup.

No ping reply via Palo to Palo S2S

PA not be able to access internet

SSO Palo Alto Support Portal

IPv6 on public interface

SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: ACC shows ipv6 addresses in source/destination IP

Re: Howto delete sub-interace from cli

Unlock your full community experience!

Resolved! VPN IPSec No Proposal Chosen

Resolved! Malicious file not getting blocked

Resolved! Package Fetch/Repository Problem

Resolved! How To Add Output Feed Parameters When Using Autofocus Hosted Minemeld

Resolved! Minimal System Requirements for Minemeld

Resolved! IPSec VPN Tunnel - Tunnel interface IP address use?