General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

HIP without license

Is it possible to use HIP Profiles with just custom checks without a HIP license? (Sort of the way you can with URL filtering.)

Resolved! How to keep overview on Security Policies

Hello,

I´m in a project of migrationg a Juniper SSG to a Palo Alto FW. While migrating the existing policies I find it where confusing to list all policies in one list. Juniper separted the policies by the source an destination security zone. Is ther

...

Setting Up the PA-200 for Home Setup question?

Hey folks,

Newbie here.  I had this going successful before, but after a factory default, not working for me for some reason.

I've followed this helpful article before and worked on my first try, but not now for some reason.

https://live.paloaltone

...

VM-100 Virtual Wire doesn't show any sessions

Hi guys, I'm new to PA so I hope this is not a stupid question.

I configured my VM-100 with two interfaces (plus manegment), the two interface were setup as Virtual Wire. I can capture traffic going through and everything works from a user perspecti

...

Packets dropped: invalid interface (route to second public network in trust interface)

Hello All,

My system is multi vsys environment, I need to route traffic from untrust to trust.

My source is internet and destination is my second Public IP subnet in trust interface.

I investigate and found log from Global Counters "Packets dropped: inv

...

IPv6 Point to Point prefix

Hi,

Trying to setup a IPv6 Point to Point link between the PAN and SRX. Does PAN support IPv6 prefix like /127 for point to point connection?

(Yes I read RFC 3627 -> RFC 6164 -> RFC 6547 already)

Before any one starts about the IPv6 address space is

...

Cert key import

What is the best way to import a key for a globalprotect portal? I already have CA installed.

Some Applications not being submitted to wildfire

Hello

I am testing my wildfire configuration .

1- When I download wildfire test PE file , I get an entry under Wildfire submission log & data filtering log.
2- I intend to test if copying the PE file is also caught by wildfire , so I download a new PE

...

Resolved! VPN clients IPsec vendors

Hi,

We realised after upgrading to 7.1.8 when we access to VPN GP using CISCO VPN CLIENT (IPsec) is not working. In previous version was working.

This is the error ikemgrlog:

2017-03-30 13:11:52 [PROTO_ERR]: isakmp_inf.c:1362:isakmp_info_recv_d():

...

Map any TACACS+ user to local account

Anyone aware of how to map TACACS+ accounts to a single local account? For instance, I have my ACS server using AD for its user database. I created a policy in ACS to allow access to the PA if they are in a certain group. When I want to give someone

...

Resolved! DoS Protection

How do I go about triggering and monitoring DoS Protection in 7.1.5? I cannot find anywhere in the GUI to help me with this.

How to Safely Enable/allow Skype (URL filtering)

To allow skype you need to allow next applications in security rule:

Next step you need to make URL filtering profile. Deny any categories. But allow next URLs:

mobile.pipe.aria.microsoft.com

*.microsoft.com

*.skype.com

ocsp.msocsp.com

login.live.com

auth.g

...

Resolved! Migrate Config between PA-500 and PA-2050

Hello,

we own a PA-500 Firewall but are some Versions behind in the OS. Now we want to update it but got an downtime estmiate from our local Palo-Alto vendor from 8 hours. (From Version 5 to  Since we have some 24/7 Callcenters in house that's not a

...

Resolved! OCSP is incorrectly spelled OSCP in the documentation

C'mon guys, really?

https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/authentication/deploy-shared-client-certificates-for-authentication

https://www.paloaltonetworks.com/documentation/80/globalprotect/globalpr

...

Qos profile

Hi ,

In the above which class will get high priority ?

Thanks

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free