Community Blog

Customer Notice: we are currently experiencing login issues with Live. We are working to resolve this as quickly as possible. Thanks for your patience.

What are the recommended applications for internet access?

by Monday - last edited Monday (73 Views)

Last week I was asked by several people what the recommended applications are to allow out to the internet, check out how I solved their conundrum.


Fight ... errr ... Filter it out!

by Monday - last edited Monday (135 Views)

Ever felt like you’re missing out on something super nifty but can’t put your finger on it ? Check out this blog to see if you missed something!


Announcing the Live Community Sentinel Program

by Community Manager Friday - last edited Friday (71 Views)

It is time to recognize our users!  The Live Community team is very excited to announce the roll out of the Live Community Sentinel program to recognize and reward our most valuable contributors.


This video tutorial shows how to integrate DUO multi-factor authentication to the Palo Alto Networks v8.0+ firewall in an authentication policy for the purposes of Captive Portal or an authentication step-up.


Live Community team at Spark User Summit London

by Wednesday - last edited Thursday by (196 Views)

The live Community team presented a small segment on best practices at the Spark User Summit event in London, find a link to all the source materials, additional information, tutorial videos and more!


Inter VSYS NAT and how to hide Subnets

by 2 weeks ago - last edited 2 weeks ago (202 Views)

Reaper discusses how in some scenarios you may need to split off segments of your network into different VSYS, but still be able to have the segments communicate with each other, but requiring NAT to hide the original IP subnets.


Tips & Tricks: How to configure GlobalProtect and IPv6

by 2 weeks ago - last edited 2 weeks ago (217 Views)

If you have been wanting to know how to configure GlobalProtect and IPv6, then you will want to read this.



FYI: Panorama Certificate Expiration! June 16, 2017

by 2 weeks ago - last edited 2 weeks ago (589 Views)

Just in case you have not seen the "Customer Notice" at the top of the screen, I wanted to bring your attention to the fact that the certificate Panorama uses to communicate to PAN-OS devices is going to expire!



LiveWeek 12:2017

by Community Manager 3 weeks ago - last edited 3 weeks ago (397 Views)

50 top reports to get visibility in the network, The NAT saga continues, How to prevent SSH Tunneling while allowing normal SSH sessions, Protect against Shamoon 2, Share your story and win a t-shirt!


Tutorial: SSH Decryption

by 3 weeks ago (517 Views)

If you have ever wondered how to setup SSH Decryption, then you are in luck, as we have just published a Video Tutorial on this.


New IoT/Linux Malware Targets DVRs, Forms Botnet

by 3 weeks ago - last edited 3 weeks ago (188 Views)

Unit 42 identifies a variant of the IoT/Linux botnet "Tsunami". Read about how the "Amnesia" malware is delivered and distributed within the targeted network.


The NATfather, part II

by 3 weeks ago - last edited 3 weeks ago (310 Views)

NAT once again teaches us a lesson: keep your security policy close, but your NAT policy closer.


Do you have something to report?

by 3 weeks ago - last edited 3 weeks ago (241 Views)

Check out this article and you'll be reporting like a boss in no time!


Reporting like a boss!Reporting like a boss!


LiveWeek 11:2017

by 4 weeks ago - last edited 3 weeks ago (638 Views)

Detect and prevent malicious Disttrack activity. All the scoop and all the protection for Shamoon 2. Match different URL categories and verify which is used in a security policy. Untrust to untrust zone? There's more to NAT than meets the eye, especially considering the 'zone' factor. More about the pre-logon mode in GlobalProtect. The March issue of the LiveWire newsletter is here, lighting the way to your very own Live Community t-shirt for Ignite.


What's this pre-logon mode in GlobalProtect exactly?

by a month ago - last edited a month ago (255 Views)

We already discussed on-demand and user-logon modes in GlobalProtect. So what exactly is pre-logon mode and why would you need it?


I'm gonna make him a NAT rule he can't refuse

by on ‎03-22-2017 09:13 AM - last edited on ‎03-24-2017 05:03 PM by Community Manager (492 Views)

 Most of the time, your NAT rules will be pretty simple, there's going to be a trust to untrust so your users can go out and surf the web, and then there's the untrust to untrust so your webserver is accessible to the outside.


DotW: URL Categories - match different categories

by on ‎03-20-2017 12:55 PM - last edited 3 weeks ago (226 Views)

This week's discussion of the week talks about what happens when a single URL returns more than one URL category and how to verify which one is used in a security policy.



LiveWeek 10:2017

by Community Manager on ‎03-17-2017 08:30 AM (670 Views)

March Madness is in full swing - use Custom App-ID to manage it.  Go beyond default response pages.  Set up your log forwarding like a pro!  Learn about GlobalProtect on-demand and get more security with GlobalProtect in user-logon mode.  Step by step demo on how to configure the Panorama access domain to limit administrative access.  Threats and Dynamic Updates for U. 


Azure to PAN VPN (A is for..)

by ‎03-15-2017 11:36 AM - edited ‎03-15-2017 11:38 AM (208 Views)

Do you want to know more about Microsoft Azure and how to configure a VPN to a Palo Alto Networks firewall? If so, please click to read all about it.



There's a key?!

by ‎03-14-2017 04:28 AM - edited ‎03-14-2017 11:12 AM (330 Views)

Every door has a key. Did you know your firewall has one too?


Custom Response Pages

by ‎03-13-2017 04:54 AM - edited ‎03-13-2017 10:51 AM (355 Views)

Don't want no dull or default response page? Find out how to make more dynamic and explanatory response pages!


LiveWeek 9:2017

by ‎03-10-2017 06:17 PM - edited ‎03-13-2017 04:54 AM (485 Views)

Use things to block stuff. Running into a wall trying to make sense of all the logging? Learn how to set up logging like a pro! Do you want GlobalProtect but still want full control over connecting and disconnecting? GlobalProtect on-demand is exactly what you want. As an administrator, you want to control those naughty users and make sure they follow company policy at all times. Let GlobalProtect with user-logon take care of that for you! T is for Threats and U is for Updates and this is all 4 U!


Make more sense using filtered log forwarding

by ‎03-07-2017 06:17 AM - edited ‎03-10-2017 10:13 AM (314 Views)

Are you running into a wall when trying to make sense of all the logging? Don't be that guy and check out this article to find out how you can set up your log forwarding like a pro!


Blocking stuff with things

by ‎03-06-2017 02:12 AM - edited ‎03-06-2017 08:00 AM (312 Views)

If you need to block a certain type of application but are not sure how, there may be an interesting trick you haven't considered yet.


LiveWeek 8:2017

by ‎03-05-2017 10:36 PM - edited ‎03-08-2017 01:31 PM (574 Views)

Check out our closed captioned video and Harden Your Configuration while watching...or reading along! A user new to Palo Alto Networks needs to migrate the configuration from a Cisco ASA firewall to Palo Alto Networks. Migrating a configuration can be tricky if you have more than a few rules. If you have copious rules, and thousands of objects, groups, and IP addresses, you'll want to abandon the manual mission and use our tool instead.


LiveWeek 7:2017

by ‎02-27-2017 10:15 AM - edited ‎03-06-2017 05:14 AM (561 Views)

Our Solutions Engineers are sentries on the watch. Joe helps defeat the threats knocking at your door. Tom wants the door closed and your firewall secured. Kim helps with any trouble committing the latest change, so you're assured your firewall performs as you expect. Get the latest news and views-- straight from our Solutions Engineers -- as they share info, insight, and tips exclusive to the Live Community. Read our blogs, join our discussions and jump on board. Register and become a member now.


More security with GlobalProtect in user-logon mode!

by ‎02-27-2017 07:16 AM - edited ‎03-10-2017 02:11 PM (523 Views)

As an administrator, you want to control those naughty users and make sure they follow company policy at all times! GlobalProtect with user-logon will take care of that for you! Check this out to prevent your assets from being infected with all sorts of nasties!


What’s this security policy ‘type’ thing anyway?

by ‎02-21-2017 06:36 AM - edited ‎03-10-2017 08:29 AM (280 Views)

Ever sat behind your keyboard cursing because you needed to create 1001 security policies and wished there was an easier way?



Full control with GlobalProtect on-demand!

by ‎02-20-2017 08:53 AM - edited ‎03-10-2017 01:44 PM (735 Views)

So you want GlobalProtect but still want to have full control over connecting and disconnecting? GlobalProtect on-demand is just what you need ! Read all about it right here!


LiveWeek 6:2017

by ‎02-16-2017 07:47 PM - edited ‎03-02-2017 01:42 PM (633 Views)

The community speaks of love -- everywhere -- in the cloud, in your network, in your data center, with your SaaS apps, your users all. We LOVE Joe, Tom, and Kim's new signature blogs about threat, leaving your firewall open like your front door (not!), and keeping up with all your logs. You've got questions, we've got answers, for PAN-OS 8.0 and more. Join thousands of other subscribers to our YouTube channel, subscribe to our newsletter, follow us on Twitter, all good things.


Register now
Ask Questions Get Answers Join the Live Community