General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

is there autofocus artifacts miner

Hi, I am looking for autofocus artifact miner, and in minemeld app, I found "autofocus.artifactsMiner". But when I check my vm ubuntu, I could not find it. How Can I copy and re-use this "autofocus.artifactsMiner" to my ubuntu minemeld ? Thanks.

Resolved! NAT configuration - DMZ zone to Trust zone

I've had a total brain fade, and am unable to figure this out. Hoping you guys can help. Network topology is relatively simple. Firewall has three zones - outside, inside and DMZ - DMZ has a /25 of "real" Internet addresses on it. Outside has a /30, also of "real" address, and most traffic from inside is translated to the interface address of th...

Tcp service report for rules

Is there a report that I can run that will show me every rule that has tcp service applied? For example let's say migration tool is not an option and I do not want to scroll through 3000 rules to manually look. Or can I can export all rules and somehow use excel filtering on service field

Restrict Any Any from Security Policy

Hi There, At one of our sites we fell vicitim and have the dreaded any any security policy in place. We are trying to determine the best course of action to lock it down. Would I create tap firewall ports and span all the traffic, then create new rules based on it in tap zones? Any guides out them to assist for this specific situation?

DOS protection rule

We are thinking of creating a DoS rule and I was wondering what the group thinks of this rule and what affect it would have.

Resolved! Content s and Apps Updates

We have two 3050 units managed by Panorama. I have two related questions: What is the difference between Apps and Contents in Dynamic Updates? If we have a support contract for the firewalls and Panorama but don't subscribe to Antivirus, Threats and Wildfire do we need Content updates or just Apps?Thanks for any help.Jeff

Moving from a single PA500 to HA pair of PA820

As the subject states we are single PA500 shop now moving to Dual PA820 in HA.What can I expect when moving to this type of setup coming from a single FW setup.Is there anything I need to look out for any "Gotchas"? So far I know I am using 5 copper ports on the PA500 and the PA820 only has 4 so I know I will need a module. Can anyone think of ...

Resolved! Panorama import config of firewall

Hi So setup my HA cluster woo hoo. So now I have setup panoram I have gone to managed devices and added in my 2 PA from above - by serial number, I can see then, I can change context into them. I went to each PA and add in the FQDN for the panoram in the setup panoram section Now I go Device / Setup / Oprations / Import / IMport device configur...

Resolved! Where are the administrator access logs on Panorama?

In Panorama where are the adminsitrator access logs? I.e. if I want to see when a adminsitrator user last accessed the system. I know where that is on the PA firewalls, but on Panorama??

Does "rate severity" add context to the value from interface counter?

When one is looking at interface counters, does "rate severity" provide context for the "value"?Since in some cases 1000 drops is not a big deal while others it may be. name value rate severity category aspect description--------------------------------------------------------------------------------...

Resolved! forward logs to panorama without managing or on-boarding firewalls in panorama

I am looking for the best solution on forwarding taffic and audit logs to a Panorama without registering the firewalls in panorama. The goal is that Panorama should not manage those firewalls as they are in lab environment but would collect logs only. Please let me know if you have done something similar.

Outbound decryption and PAN-OS 8.0.2

we recently upgraded from PAN-OS 7.1.10 to 8.0.2 and some (but not all) websites are no longer decrypting For instance, gmail doesn't decrypt anymore and we have a rule that allowed that application. Since that traffic isn't decrypted, it comes up as SSL and isn't applied. Any known issues in 8.0.2 that would cause this? Any way to fix it? Heath

Resolved! Consuming mind meld feeds on Firewall

Hi, I have minemeld running on Azure and it processes and creates feeds as I would expect and can view them in a browser. The only change from the inital Azure build I have done is to install my own go-daddy SSL cert so out the box browsers will trust minemeld. My lab has a PA-220 running 8.0.2 and when I add an external dynamic list it erro...

Resolved! Failed to Fetch Packages

Getting error while executiing sudo apt-get update && sudo apt-get install -y minemeld rsyslog-minemeld rsyslog-mmnormalize Error Failed to Fetch http://minemeld-updates.panw.io/ubuntu/dists/trysty-minemeld/main/binary-amd64/packages 403 Forbidden [IP:54.XXX.36.XXX 80]

Resolved! GP Access Routes

Is there any way to negate adding a prefix to the GP Access Routes? We have an app that we don't want to change the communication path when a machine connects with GP. So if it was accessing this app through an external method it should remain that way.If the app is using address 1.1.1.1 prior to connecting with GP, then the access routes would ...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

is there autofocus artifacts miner

Resolved! NAT configuration - DMZ zone to Trust zone

Tcp service report for rules

Restrict Any Any from Security Policy