General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Issues with ipsec traffic from PA3020 to Cisco 871.

I have a working tunnel between Netscreen and Cisco 871. I tried to move this from Netscreen to PA3020.

The tunnel comes up. PA3020-local network-192.168.2.0/24 and remote-192.168.235.0/24.

Traffic from 2.0(palo side) to 235.0(cisco side) network is fi

...

Resolved! Application Dependency question (l thought l knew it)

Heys,

A bit confused now :0

My policy as below:

So port 80 is allowed when l attempting to connect to the device over the web browser (Chrome) but after Palo actually identified that this is not a "panos-web-interface" app (based on tcp 3 way handsh

...

What's new in MineMeld 0.9.36

Release Date: 2017-03-21

How to update: Updating MineMeld

Nodes

JSON Miner now supports Basic Auth via prototype (suggested by @Kimwii)
TAXII Miner now supports subscription_id, client cert support has been improved, added support for LinkObjectTy

...

Resolved! DMZ to inside LAN

I know you need a security policy to go from dmz to Lan but do you need a nat statement. On all the Palo Alto documents that I have seen no nat rule is used. If I am wrong could some one send me a link.

Thank you

Global Protect: Two preferred NIC listed

Windows 7 laptops with global protect client installed.

When I plug my laptop into a wired(ethernet) connection, the wireless IP and the wired IP are showing up as preferred. If I remove global protect from these laptops the wireless IP goes away whe

...

Created new certificate for decrypt, now I can't commit because of global protect error

Hello everyone,

I created a new certificate for SSL proxy and now for some reason I cannot commit. The error I get is "error applying transform globalprotect-pre-transform.xsl to config tree", AFAIK there was/is a completely different certificate for

...

Resolved! Reset pass user admin via web

Hi,

How I do reset the password user admin again??? I have this messages "bad gateway" when I put the credencials on the access web.

I can't login

Do you kwon something about this, please?

Thx

Resolved! Problems users with Windows 10 and User ID agent

Hello,

I need your help with the following scene:
I have some machines with Windows 10 Operative System and I have detected a problem with the PA Firewall. The Firewall is not detecting the user (UIA), so the policy rules are denying the access.

Panos

...

QoS theory / functionality

Hi,

We have an interface which is 100Mbps. There will never be more than 20 IP addresses connecting on this interface.

I wish to guarantee each connection 5Mbps and allow them to use the entire 100Mbps if the additional bandwidth is available.

I can

...

Resolved! Package minemeld not found

Refer to the KB below and install it.
However, even if you implement 5. Installing MineMeld,
The following error will be output.

https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-14-04/ta-p/98454

Sinc

...

DNS traffic identified as sophos-live-protection

Some DNS traffic is classified as sophos-live-protection in our traffic logs. Has anyone else seen this? I only have logs 5 days back in time, so I cannot say when this started but it wasn't with the latest apps update. Our firewall is PA-5050 runnin

...

Globalprotect client

I want to do some testing on new global protect clients but I don't want to make it update anyone tell I can test it, How do I get the software to test with out making it the default cleint on the firewall?

Security policy: exception question

Hi, I'm trying to create a security policy that would block all critical traffic from source zone "A", to destination zone "B". However, I want to allow traffic from a specific IP in zone "A". How can I make an exception to allow that IP? I assume I

...

Resolved! message security over http

How does PA handle message security over http ?

Whereas https secures the communication, message security secures the content.

I would expect PA does not touch http content. But we are having issues with an application that connects to a partners serv

...

Resolved! Replace ASA5505 with PA200 Teleworker

I have a remote user that's setup with an ASA5505 configured for teleworker. They move around and don't always have a static IP address at their locations. It's configured to call home to my ASA5540s and create the tunnel.

My question is if the PA200

...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free