General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Moving from a single PA500 to HA pair of PA820

As the subject states we are single PA500 shop now moving to Dual PA820 in HA.What can I expect when moving to this type of setup coming from a single FW setup.Is there anything I need to look out for any "Gotchas"? So far I know I am using 5 copper ports on the PA500 and the PA820 only has 4 so I know I will need a module. Can anyone think of ...

Resolved! Panorama import config of firewall

Hi So setup my HA cluster woo hoo. So now I have setup panoram I have gone to managed devices and added in my 2 PA from above - by serial number, I can see then, I can change context into them. I went to each PA and add in the FQDN for the panoram in the setup panoram section Now I go Device / Setup / Oprations / Import / IMport device configur...

Resolved! Where are the administrator access logs on Panorama?

In Panorama where are the adminsitrator access logs? I.e. if I want to see when a adminsitrator user last accessed the system. I know where that is on the PA firewalls, but on Panorama??

Does "rate severity" add context to the value from interface counter?

When one is looking at interface counters, does "rate severity" provide context for the "value"?Since in some cases 1000 drops is not a big deal while others it may be. name value rate severity category aspect description--------------------------------------------------------------------------------...

Resolved! forward logs to panorama without managing or on-boarding firewalls in panorama

I am looking for the best solution on forwarding taffic and audit logs to a Panorama without registering the firewalls in panorama. The goal is that Panorama should not manage those firewalls as they are in lab environment but would collect logs only. Please let me know if you have done something similar.

Outbound decryption and PAN-OS 8.0.2

we recently upgraded from PAN-OS 7.1.10 to 8.0.2 and some (but not all) websites are no longer decrypting For instance, gmail doesn't decrypt anymore and we have a rule that allowed that application. Since that traffic isn't decrypted, it comes up as SSL and isn't applied. Any known issues in 8.0.2 that would cause this? Any way to fix it? Heath

Resolved! Consuming mind meld feeds on Firewall

Hi, I have minemeld running on Azure and it processes and creates feeds as I would expect and can view them in a browser. The only change from the inital Azure build I have done is to install my own go-daddy SSL cert so out the box browsers will trust minemeld. My lab has a PA-220 running 8.0.2 and when I add an external dynamic list it erro...

Resolved! Failed to Fetch Packages

Getting error while executiing sudo apt-get update && sudo apt-get install -y minemeld rsyslog-minemeld rsyslog-mmnormalize Error Failed to Fetch http://minemeld-updates.panw.io/ubuntu/dists/trysty-minemeld/main/binary-amd64/packages 403 Forbidden [IP:54.XXX.36.XXX 80]

Resolved! GP Access Routes

Is there any way to negate adding a prefix to the GP Access Routes? We have an app that we don't want to change the communication path when a machine connects with GP. So if it was accessing this app through an external method it should remain that way.If the app is using address 1.1.1.1 prior to connecting with GP, then the access routes would ...

Resolved! Dropped Traffic

We have PA3000 running 7.1.10I have issue where tarffic is being droped by the Deny All rule , the last rule even though I have allowed this tarffic to come in ext zone ext zone.Also for some reason the destination seems to be Internal where as the interafce is the public one. Does any one have an explanation

User ID WiFi and LAN

Hello Our organisation does not use 802.1x authentication in our environment. We have LAN and WiFi for our employees. We want to implement User ID with PA with AD domains and User ID Agent. However I could not find documentation on User ID behaviour in following scenario:Our users have laptops and they use LAN when laptops are docked into dockin...

Blank page when logging into Panorama 7.1.9

Just wondering if anyone else has come across a situation where they were unable to load the Dashboard when logging into Panorama 7.1.9; or is this a one-off issue that only we have hit? Didn't matter which browser we used (ancient version of Firefox, older version of Firefox, latest version of Firefox, older Chrome, latest Chrome) the symptoms ...

PAN-OS 7.1 Resource List

Hi, I am looking to upgrade Panorama and firewalls from version 7.0.8 to version 8.0.2. Is there a requirement to upgrade PA and all firewalls to 7.1.0 prior to moving to 8? My main concern is if i am able to manage firewalls with 7.0.8 from Panorama running 8.0.2 Many thanks Craig

Changing HA Active/Active to Active/Passive

I was wondering if anyone has changed HA from AA to AP and if so were there any problems doing so? Thank you

SYSTEM ALERT : high : Request made to PublicCloud server returned with HTTP response code : 456

After upgrading to PANOS 8.0.2 , I'm seeing the following messages periodically SYSTEM ALERT : high : Request made to PublicCloud server returned with HTTP response code : 456 Not sure what these mean and not sure where these come from. Any thoughts?Dannon