General Topics

🚀 Join us at Palo Alto Networks Headquarters for Ignite - November 14, 2024 🚀

Enterprises are embracing AI to revolutionize their operations, but with innovation comes new cybersecurity challenges. That’s why you can’t miss Ignite on Tour!

This event is your gateway to exploring how AI is transforming cyber defenses. Join us

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! Ping through PBF Policy intermittently dying

I think this might be related to DoS protection somehow, but I can't find anything being blocked in any of the logs. I'm sure I'm not looking in the right spot, though.

We have a normal Internet gateway (default route), and a separate point-to-point

...

Resolved! Understanding Virtual Firewall exported XML configuration

Hello. The XML configuration for the firewall was exported and I am trying to understand the XML tag meanings. Is there any good documentation for the firewall configuration XML tags or file itself? Thanks.

Resolved! Can't set management interface network settings on 8.0 ESX VM

Hi, I have configured the management interface by logging in to the VM and going into configure mode and executing:

set deviceconfig system ip-address 172.18.11.205 netmask 255.255.255.224
set deviceconfig system default-gateway 172.18.11.193

and then

co

...

Resolved! Incomplete traffic: custom appID and QoS

Hi,

I have traffic generated by Solarwinds NetPath probes that is tagged by the firewall as "incomplete".

I run a packet trace, and after the handshake, there are only TCP-keep-alive packets. I'd like to prioritize this traffic in QoS, currently I'm

...

Sophos Central firewall rules question

My company is trying to implement Sophos central throughout our network.

All clients need the access listed in the article below.

https://community.sophos.com/kb/en-us/121936

Currently Sophos central doesn't support the proxy solution we use.

what is

...

Resolved! Decryption Policy Rule - Profile is None

With my new employer I'm managing a 3050 unit with a couple of Decryption Policy Rules which are configured to decrypt using SSL Forward Proxy. The Decryption Profile under Options is set to None. I can't find what the behaviour is when the decryptio

...

Resolved! Content update 709 revoked?

All firewalls automatically downgraded content version from 709 to 708. Was 709 revoked? Anybody else having the same behavior?

Getting an error on Minemeld when trying to create a new miner node!

Hi, so I am new to MineMeld and I just installed in on my VM Ubuntu 14.04 LTS. I deleted the default miners and tried to add one myself but I keep getting an error during the polling:

Errno bad handshake [('SSL routines', SSL23_GET_SEVERE_HELLO 'unkno

...

Resolved! PA 500 Upgrade to PANOS 8.0.2

My PA500 is currently on PanOS version 7.1.7, can I upgrade driectly to version 8.0.2?

Or do I need to upgrade to verion 8.0.0 first and then version 8.0.2?

Thanks for your help.

GlobalProtect commit fail on PAN-OS 7.0

help me please.

config ip pool for client access but commit fail

commit log message

Operation CommitResult Failed
Detailsmissing ip pool from both dynamic ip pool and authentication server ip pool for config 'default' in gateway GP-Gateway (tunnel GP-Gat...

Detalied url log

Hi all!

i'm new in this community and we have put in work 2 PA-3020.

I configured ELK for log forwarding.

i've search every log and i couldn't find a filed with the url theat a user is visiting. Is there a way to achieve that.

Example! Now i'm writing fr

...

Internal traffic is hitting in the isp firewall

Palo alto is perimeter to customer which is connected to isp firewall.

Internal subnet traffics which are not allowed in isp/ untrust interface are hitted in isp firewall.
Routing is proper. ARP is proper in isp interface( only next hop arp is there)

Im...

Resolved! MP utilization high after the HA failover to primary

When Secondary Firewall became active, management plane utilization is not more than 10% for over months.

Last week manual failover made, Primary is active now. MP utilization is above 60% all the time.

All the configurations are same as it's in HA. B

...

From the Experts: URL filtering implementation and troubleshooting

I just wanted to check with anyone that can answer, that when the URL license expires, the whole feature is disabled in PanOS 8.0.1. It used to be different, the URL filtering would still work, but there were no more updates of the database.

Thanks!

Resolved! Panorama question

Why is it for

network / interface / <some interface>

I can't use a name for a zone.

I wanted to have a template that had all of my zones in it, but unlike policies and objects there is no shared attribute.

Which means I have recreate my zones for ea

...