General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Global Protect Commit Warning

Hi,

I'm getting a slightly perplexing commit warning from Global Protect. I am using almost entirely defeault settings for the Portal Agent, so I'm not entirely sure what this warning is pertaining. My only guess is its referring to the setting I hav

...

Screen Shot 2017-03-15 at 1.03.48 pm.png

Resolved! Cannot authenticate to the GlobalProtect website to get the client.

Users cannot authenticate to the GlobalProtect website to get the client. Users that downloaded the client before this issue was reported can authenticate with the client.

HA3 Port Link Monitor Yes or No

Hello,

Would it be best practice to monitor the HA3 port in Link Monitoring, or is that something the PA would be doing anyway, as its a HA link?

Thank you,

Resolved! ACC Network Activity logging

I'm wondering if the data that shows up in ACC is dependent upon session end (since that's when we're logging) to be reflected in the ACC data graphs.

For example: If I have a host doing a large data transfer, will that information not show up in ACC

...

OS 7.0.12 to 7.1

Can you upgrade from 7.0.12 directly to 7.1? Is there anything you loose?

Fetching WildFire server eu.wildfire.paloaltonetworks.com:443 info failed

Anyone else seen this? All service routes are the same. File upload to WildFire works fine. Nothing blocked in the traffic logs.

Resolved! Getting parity with Checkpoint Anti-Spoofing for an interface

https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/92703.htm#o92878

Say I want to build parity configuration that Checkpoint offers here (above in the URL), but with PANOS.

How would I go about doing that ?

PA 7.0, GP and RSA-ID double authentication

Hi,

There is a deployment with RSA-ID as OTP and GP as VPN client (3.1 or 3.0). PAN-OS version 7.0.14.

After the recent upgrade from 6.x to 7.x an issue showed up - when authenticating from GP - login information is asked twice.

This seems like a known

...

Best way to prevent brute force attacks (LDAP) on public facing Microsoft RDWeb login page

We are using Server 2012r2 RDS gateway and have the PA configured to with a security policy to allow the untrusted traffic (ssl, rds, http) that is NATed to the internal rds gateway. We are seeing a lot of failed audits in the logs on the terminal

...

Resolved! SSL decryption & not working VPN

Hi guys,

We wittnessed a very strange phenomenon this morning.

First we received a call that our VPN gateway was not accepting any VPN connections.

At the same time we received calls that certain websites were not accessible. These websites had in comm

...

How to ignore routes learned by OSPF

I would like to ignore some of the routes learned by OSFP so they don't install in the forwarding table. Important, I'm not talking about suppress/filter routes that my PA announce through OSPF.

For explaining me better, I'm looking for "OSPF Inbound

...

Problem with nodes minemeld

Hello,

I have problem after restarting minemeld it works for about 3 hours and them i can`t load nodes tab. I have loading indicator but nothig happens.

Does anyone know what is going on?

Best Regards

Adrian

Resolved! Testing HA with unsupported PA-200 devices?

Hello folks,

I am considering buying a couple of PA-200 devices from Ebay to some testing and self training.

They do not come with support or licensing...

Would I be able to configure HA (lite) on these devices?

Does HA configuration require both devic

...

Resolved! PA DHCP log search

Is there a way to do a specific search for and IP address or mac address in the DHCP logs? I can find and get into the logs but I have to manually look through all the logs to find what I need

Block youtube videos after allowing 5 videos.

Is it possible to allow a user say only 5 youtube video/day and then send customer page saying you have used your 5 videos for today or if someone is watching video for 1hr and then stop youtube video access.

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Global Protect Commit Warning

Resolved! Cannot authenticate to the GlobalProtect website to get the client.

HA3 Port Link Monitor Yes or No

Resolved! ACC Network Activity logging

OS 7.0.12 to 7.1

Fetching WildFire server eu.wildfire.paloaltonetworks.com:443 info failed

Resolved! Getting parity with Checkpoint Anti-Spoofing for an interface

PA 7.0, GP and RSA-ID double authentication

Best way to prevent brute force attacks (LDAP) on public facing Microsoft RDWeb login page

Resolved! SSL decryption & not working VPN

How to ignore routes learned by OSPF

Problem with nodes minemeld

Resolved! Testing HA with unsupported PA-200 devices?

Resolved! PA DHCP log search

Block youtube videos after allowing 5 videos.

Global Protect - split tunnel catching too much

A palo alto command doesn't stay after reboot?

Where did the critical issues page move?

Zero-Trust Strategy for Prisma

Undetected APP dependency?

Re: Undetected APP dependency?

Re: Query on URL category change

Re: IPSec VPN not getting any response from peer

Re: New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Unlock your full community experience!

Resolved! Cannot authenticate to the GlobalProtect website to get the client.

Resolved! ACC Network Activity logging

Resolved! Getting parity with Checkpoint Anti-Spoofing for an interface

Resolved! SSL decryption & not working VPN

Resolved! Testing HA with unsupported PA-200 devices?

Resolved! PA DHCP log search