General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! show routing resource

When using show routing resource command. Why is there a overlimit value when we are under the 2500 limit count

LOBAL ROUTING RESOURCE USAGE:
==========
All Routes (total): 1088 (limit 2500)
All IPv4 Routes (total): 1088 (limit 2500) (overlimit counts

...

BlackNurse Denial of Service Attack

http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack

Has anyone here tested the effect of this on any PAN-devices ?

http://blacknurse.dk says:
LIST OF REPORTED AFFECTED PRODUCTS :
Cisco ASA 5515, 5525 (default setting

...

URL category shown in URL-Log is not equal as shown by command "test url ..."

Hello,

I have test a site for blocking via url-category. If I test the url via cli "test url cams.dnsalias.com" I got the category "dynamic-dns". But in the url-log I see "computer-and-internet-security" What's wrong?

MfG Ralf

Resolved! Different subnets on the same interface

Hi,

my ISP has assigned me with a /30 for the p2p connection and it is routing a /24 public subnet towards that /30. Meaning the WAN interface in the Palo will have to respond to many different ips on two different subnets. I haven't found any Kb tha

...

Block page for security policy matches

Is there a way to return a block page to users when their connection is blocked not by the URL-filter but by a security policy?

We have a security policy that blocks all outbound traffic to a list of foreign countries. The problem is when users atte

...

how to install PANOS in new HD

Hello Community,

I have my PA2020 with issues. The device is booting from PanOS Bootloader.

What is the proceess to upload and install again the PANOS?.

Is there any reason that tunnel interface will go down

Hi There,

I configured two IPSEC VPN on PA, as PA has two ISP connectivity. Configured a PBF to forward the traffic through primary tunnel interface and enabled monitoring to monitor trust interface of remote PA. A route was configured to forward the

...

Resolved! Snapchat

Has anyone had success blocking Snapchat? We have a rule for blocking "bad" apps and Snapchat is presently in this list. In testing I can see that a reset-both occurs when the firewall detects the traffic and the application is recognized as Snapchat

...

Resolved! Miner polling interval ?

I can't find information about polling interval in Dev guide or 'How to Write a Simple Miner'. What's the minimum, 1s, 60s ? Can it be cron like with day of the weeks or months etc (but less than 60s) ?

Resolved! Put Cisco MAC on PAN firewall? / Change interface MAC address

We're migrating from Cisco ASA to PAN firewalls.

The ASA is default gateway for many subnets & hosts.

To achieve a smooth migration, one thought is to put the ASA's MAC address on the PAN firewall, so that the hosts don't need to ARP for the new MAC.

...

multi-vpn

Is it possible to use a single install of globalprotects with multi vpn connections? I know you can set it up on a cisco vpn client but I don't see a way to do it on the GP client except for manualy changing the portal and lately that hasn't worked a

...

Change HDD in PaloAlto 5000 raid

Hi,

We have a PA-5000 with 2 HDDs. One of them had an error and we asked for RMA. We have received 2 HDD for replacement.If the new HDD has the same part-number as the old HDD working , we wil only add a new HDD but if the model is different we have

...

Resolved! BFD yet?

Has PaloAlto implemented BFD yet? I searched the previous discussions and found a thread from 2011 that indicated it might be looked into.

Disk Space problem on root

Dear All

I'm facing issue with low disk space on root in my palo alto PA-3020.

Please see below

> show system files

/opt/dpfs/var/cores/:
total 4.0K
drwxrwxrwx 2 root root 4.0K Mar 13 2016 crashinfo

/opt/dpfs/var/cores/crashinfo:
total 0

/var/cores/:
total 3

...

GlobalProtect Remote User VPN Connection Issues

Hi All,

We deployed PA3020 firewall to our production. We have given vpn to client side and it working fine but the problem is they are no any disconnection button to disconnect from vpn client.

Please advice me

Thanks.

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help