General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

add policies to local vpn users

Hi

Can I add policies for specific local VPN users? - I can't add them from the source "users" field?

I am running PA500 4.1.1

Thanks

When does a rule go unused

I have a number of rules that are showing unused. I've read the threads on the counter resets etc. but I'm still looking for a definitive answer - hence my post. When does a rule become marked as unsed? Is it after a month, 2 months, a year, since

...

Blocked Applications cause Reset, not Block Page

On our firewall users are getting 'Connection Reset' errors in their web browsers rather than the 'Blocked Application' page.

While the end result is the same, it makes debugging connection issues a lot harder! Am I doing anything wrong - an applicat

...

VPN and client proxy

Hi

Does anyone know how to force PC clients that have authenticated to the PA using Global Protect (non licenced version) to use a particular proxy server.

Thanks

Rod

Resolved! Local DB User Name Character Restrictions

Hi All,

I noticed that when creating a Local DB User you are not allowed to use a "." (period) in the name, have have not had a chance to test this but does this extend to user name in AD or similar external databases or is this just a limitation of t

...

Thinking of upgrading to 4.1.0

We have two 2050's in an active/passive cluster running 4.0.5. We are looking to upgrade to 4.1.0. Had anyone had any negative experience with this version - particularly related to the SSL-VPN changes or User-ID functionality? I've heard a few th

...

Resolved! Wildfire

Hi I've a couple of question re wildfire.

1. I've configured my device to inspect .exe and .dll files and selected the aciton continue and forward under the file blocking policy. When I try to download a .exe im promoted with the message that the file

...

Resolved! View Log Size

Is there a way to determine the space size of log files? What is used and what is available?

PAN OS 4.0.9

Does the captive portal only stop http traffic on port 80

Just noticed that CP only pops up for port 80, any website that uses https or any other port doesn't seem to be prompted with CP. is anyone seeing this, is this normal?

PAN 4.1.1 Global Protect client and LDAP

I am running 4.1.1 and I am having issues authenticating Global Protect 1.1.1 clients via AD. I know my LDAP server settings are correct as I can browse the workgroups in User-ID Group Mappings. Howver I can't browse these in the 'allow-list' in the

...

PA 5050 Virtual System

I am configuring PA 5050 firewall. I have to configure Virtaul systems in this Firewall. Anyone can guide me for this configuration.

user-identification for VLAN Traffic

Hi Guys,

I am just wondering if any one could help me out on this as I am slightly lost creating and troubleshooting for the following issue:

It has been noticed that not all traffic had a user-id and it seems that any traffic originating from a VLAN

...

Quarantine functions

I have a customer who is familiar with ISS Proventias. This customer is trying to match capabilities of the ISS to PA. I have answered all his questiosn/ matchups with IPS rule to a Vulnerability Protection policy+ Malware/Spyware policy, but I a

...

VPN tunnel to Cisco ASA via GUI?

I need to setup a VPN tunnel with a Cisco device which we don't control or have any access to.

The intention is that I can allow a group of IP addresses on our LAN to have access to resources on the other side of the tunnel.

These are the settings that

...

Resolved! NAT to server on DMZ?

I have a PA-500. Our public block of IP addresses come in on Ethernet1/1 (Untrust Zone). I have no trouble NAT'ing in an outside IP to an internal device that is physically connected to a network on Ethernet1/2 (Trust Zone). Now, I created a "dmz"

...

Discussions