General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Issues with ipsec traffic from PA3020 to Cisco 871.

I have a working tunnel between Netscreen and Cisco 871. I tried to move this from Netscreen to PA3020.

The tunnel comes up. PA3020-local network-192.168.2.0/24 and remote-192.168.235.0/24.

Traffic from 2.0(palo side) to 235.0(cisco side) network is fi

...

Resolved! Application Dependency question (l thought l knew it)

Heys,

A bit confused now :0

My policy as below:

So port 80 is allowed when l attempting to connect to the device over the web browser (Chrome) but after Palo actually identified that this is not a "panos-web-interface" app (based on tcp 3 way handsh

...

What's new in MineMeld 0.9.36

Release Date: 2017-03-21

How to update: Updating MineMeld

Nodes

JSON Miner now supports Basic Auth via prototype (suggested by @Kimwii)
TAXII Miner now supports subscription_id, client cert support has been improved, added support for LinkObjectTy

...

Resolved! DMZ to inside LAN

I know you need a security policy to go from dmz to Lan but do you need a nat statement. On all the Palo Alto documents that I have seen no nat rule is used. If I am wrong could some one send me a link.

Thank you

Global Protect: Two preferred NIC listed

Windows 7 laptops with global protect client installed.

When I plug my laptop into a wired(ethernet) connection, the wireless IP and the wired IP are showing up as preferred. If I remove global protect from these laptops the wireless IP goes away whe

...

Created new certificate for decrypt, now I can't commit because of global protect error

Hello everyone,

I created a new certificate for SSL proxy and now for some reason I cannot commit. The error I get is "error applying transform globalprotect-pre-transform.xsl to config tree", AFAIK there was/is a completely different certificate for

...

Resolved! Reset pass user admin via web

Hi,

How I do reset the password user admin again??? I have this messages "bad gateway" when I put the credencials on the access web.

I can't login

Do you kwon something about this, please?

Thx

Resolved! Problems users with Windows 10 and User ID agent

Hello,

I need your help with the following scene:
I have some machines with Windows 10 Operative System and I have detected a problem with the PA Firewall. The Firewall is not detecting the user (UIA), so the policy rules are denying the access.

Panos

...

QoS theory / functionality

Hi,

We have an interface which is 100Mbps. There will never be more than 20 IP addresses connecting on this interface.

I wish to guarantee each connection 5Mbps and allow them to use the entire 100Mbps if the additional bandwidth is available.

I can

...

Resolved! Package minemeld not found

Refer to the KB below and install it.
However, even if you implement 5. Installing MineMeld,
The following error will be output.

https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-14-04/ta-p/98454

Sinc

...

DNS traffic identified as sophos-live-protection

Some DNS traffic is classified as sophos-live-protection in our traffic logs. Has anyone else seen this? I only have logs 5 days back in time, so I cannot say when this started but it wasn't with the latest apps update. Our firewall is PA-5050 runnin

...

Globalprotect client

I want to do some testing on new global protect clients but I don't want to make it update anyone tell I can test it, How do I get the software to test with out making it the default cleint on the firewall?

Security policy: exception question

Hi, I'm trying to create a security policy that would block all critical traffic from source zone "A", to destination zone "B". However, I want to allow traffic from a specific IP in zone "A". How can I make an exception to allow that IP? I assume I

...

Resolved! message security over http

How does PA handle message security over http ?

Whereas https secures the communication, message security secures the content.

I would expect PA does not touch http content. But we are having issues with an application that connects to a partners serv

...

Resolved! Replace ASA5505 with PA200 Teleworker

I have a remote user that's setup with an ASA5505 configured for teleworker. They move around and don't always have a static IP address at their locations. It's configured to call home to my ASA5540s and create the tunnel.

My question is if the PA200

...

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Issues with ipsec traffic from PA3020 to Cisco 871.

Resolved! Application Dependency question (l thought l knew it)