General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! Can I enforce security based in AD Computer groups yet?

I see history here indicating the user-id agent has been blind to computer names when the group membership is added to user IDs. The CLI DOES show the computer name as a userID (with a post-pended $) and the groups are mapped correctly to the comput

...

Anti-spyware Profile Rule category explanation

Does anyone have some document that explain the different categories in Anti-Spyware profiles? They're kind of self explaining, but does anyone have a document similar to the URL category explanation?

Thanks

Resolved! FTP Protocol Injection Bypass Palo Alto Firewall

Hi

About News SMTP over XXE attacks against Linux-based firewalls.

- link (https://www.bleepingcomputer.com/news/security/java-and-python-contain-security-flaws-that-allow-attackers-to-bypass-firewalls/)

How we can create custom signature or disab

...

palo alto interrupting web server traffic

Hi,

I have web server , in some computers website load properly and some not loading properly .

I suspect pa is interrupting

Please advise

Resolved! User-ID. Is WMI really needed?

Hi all

I have an end-customer who is using ServerMonitoring and User-Id agent at the same time. His AD has been audited by Microsoft and discovered that their performance is affected by thew WMI probbing. My questions is. If they remove all ServerMon

...

Resolved! HA scenario questions?

Hi folks,

I am learning (self training at this point) about my company's two Palo Alto 3020 devices in our datacenter. We are currently only using one device for our routing, firewall, etc. I am tasked with eventually configuring the second one as

...

NAT question for stretched external IP and different internal IP

The setup is 2 data centers with 2 sets of PANs (5060). An AS is stretched between the 2 data centers /24 primary in each data center, so if one ISP fails /24 block will enter the other data center. Normally for just internet failures internal IP i

...

New Minor Support

One of my customers wants to see new Minors for these feeds below. Is there anything planned? If so, what is the timeframe?

Thanks!

1) Crowdstrike
2) CCIRC - I can see one for Australia named AusCERT. Anything for Canada?
3) R-CISC – Retail Industry

...

Youtube streaming not blocking

We want to block youtube streaming via Palo Alto. We create the Custom URL Category "testing" and enter the site "*.youtube.com" (with quotation). We select the testing category in Decrpytion profile and Action "Decrpyt" and Type SSL Forwarding. We c

...

Resolved! O365: No Indicators, Miner not working

Hi,

we use Minemeld for grabbing the Microsoft Office 365 IP's and URL's.

It run's on a VMWare Server, build with the "Full" .ova with Ubuntu & Minemeld.

The installation works fine. After importing the config "office365-config.yml" no indicator

...

Resolved! Single IP List

Just getting started with Minemeld - I noticed that even if a single IP feed is provided (e.g compromised IP list), the inboundfeedmc list still shows as an IP range, e.g

1.179.202.22-1.179.202.22

It is possible to get jts a list of single IP addresse

...

AusCERT and Anomali credentials configuration

Hi,

Can someone please tell me where I can configure the credentials required to access the AusCERT and Anomali threat feeds?

Rgds,

Brett.

Info: GlobalProtect VPN with iOS 10.2 and T-Mobile LTE network not working

T-Mobile appears to no longer be issuing IPv4 addresses on their LTE network for iPhones running iOS 10.2 and Carrier Profile 27.1. This caused GlobalProtect VPN on our iOS 10.2 phones with T-Mobile LTE to stop working.

Summary of the testing - See

...

Any way to remove the config/commit lock button in a custom admin role?

Hi all,

I'm wanting to set up a "Monitoring and Reporting" only role on Panorama. I've gone throughe and disabled commit/validate as well as all of the tabs except Dashboard, ACC, and Monitor.

The thing is I've noticed the commit/config lock button

...

What's new in MineMeld 0.9.34

Release Date: 2017-03-06

How to update: Updating MineMeld

This is mostly a bug fix release.

Core

Fixed a pesky bug affecting O365 Miners
Added a new parameter to output feeds to translate IP Ranges in indicators to CIDRs, see tr parameter in htt

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! Can I enforce security based in AD Computer groups yet?

Anti-spyware Profile Rule category explanation

Resolved! FTP Protocol Injection Bypass Palo Alto Firewall