General Topics

🚀 Join us at Palo Alto Networks Headquarters for Ignite - November 14, 2024 🚀

Enterprises are embracing AI to revolutionize their operations, but with innovation comes new cybersecurity challenges. That’s why you can’t miss Ignite on Tour!

This event is your gateway to exploring how AI is transforming cyber defenses. Join us

...

Join Us in Welcoming LIVEcommunity's 2024-25 Cyber Elite Experts!

LIVEcommunity is pleased to announce the 2024-25 Cyber Elite Program!

LIVEcommunity's Cyber Elite Program recognizes community experts who demonstrate excellence in participation and contributions to other members and Palo Alto Networks customers

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! QoS on Tagged VLAN Sub-interface

Hi there,

I try to implement QoS on Tagged VLAN sub-interface. Found some configuration on main interface but not sub-interface one.

Any suggestion? ^^

Thank you

Resolved! BGP Graceful restart in an Active/Passive cluster?

All,

Quick query, we are in the process of implementing a HA cluster that will be BGP peering with several upstream routers, both route import and export, and in trying to reduce the interruption due to a failover we are looking to implement the Grac

...

PBF with NAT, how does it works?

Hi Guys

According to document , if there's destination NAT , there'll be second routing lookup to decide outbound zone & interface. But I'm very confused when there's routing and PBF together, In the second routing lookup, how does PBF rule work? Does

...

Join the Fuel User Spark Event on March 19: Dealing with Threats !

Join us at the Fuel User Group Spark Event on March 19!

Get ready to ignite your cybersecurity knowledge and connect with industry experts at our upcoming Spark event hosted by the Fuel User Group. Whether you're a seasoned professional or just

...

Secondary IP and DHCP

Greetings,

Say we have an interface that is configred the following way:

e1/2.240

Tag: 240

IPv4 Address (two addresses on the interface):

-10.10.100.1/24

-192.168.100.1/24

Now, if that interface is configured as a DHCP relay, which network is it going to se

...

nslookup on the management port ?

I would like to check a few DNS issues I'm seeing on the management port.

I had hoped to find nslookup in the CLI, but it isn't there.

Is there something equivalent ?

Thanks.

Shutting down/disabling subinterfaces

I am very new to the PANOS world so I will apologize in advance if this is obvious, however my search of documentation and knowledebase did not yield anything. I have been looking for a way to administratively shut down sub interfaces. Is this possib

...

Resolved! About address object with FQDN and apply it to security policy.

If I have a FQDN "abc.com" that have two DNS records 10.0.0.1 and 10.0.0.2.

Then I create a address object with FQDN type, and the value is "abc.com"

When I use this object into security policy, how does it working? Does it become 10.0.0.1 or 10.0.0.2

...

Resolved! HOW TO CONFIGURE .1q - VLAN TRUNK

Hi guys ,

I have a lots of doubts about how to configure .1q vlan TAG / TRUNK on PALO ALTO FIREWALL.

It`s possible to work with layer 3 interface ?
I don`t found any documents here.

Does anyone have something to help me.

Nbest Regards

THiago LIma.

Avaya 9611G/4610SW VPN to PA-500

Has anyone had success connecting Avaya IP phones via VPN to PA devices? I am able to complete IKE Phase 1 authentication, but fail Phase 2 due to local/remote proxy IDs not found:

'IKE phase-2 negotiation failed when processing proxy ID. cannot fin

...

User mapping - IdleTimout and MaxTimeout architecture with GlobalProtect only (no User ID agents)

We have a setup for up to 2.000 employees. Every employee has the GlobalProtect installed, but we are not using any User ID agent.

We have only one portal configured, for both internal and external (vpn) connections.

On both gateways (internal and exte

...

Resolved! IPSEC Tunnel to ASA - PeerID issues

I am setting up an IPSec tunnel to an ASA. I am getting an error message about the PEERID type only allowing IP but received FQDN. Per the other KB article, I changed the PAN Exchange mode to Aggressive.

Now the PAN received a FQDN of the ASA side an

...

GlobalProtect client behind a proxy, configuration help

I am trying to establish an ssl vpn connection using the globalprotect client, but the client is behind a proxy using a configuration script. I have tried calling paloalto support but they said their client is not proxy aware. Does anyone know of s

...

Palo Alto BGP: Conditional Advertising

Dear All,

Recently we have been migrating to a non-trivial BGP setup, and I have had to experiment with the conditional advertising BGP feature in Palo Alto. I was familiar with this concept from cisco, but alas I still found the documentation availab

...

Resolved! Aggregate Ethernet Interface with Subinterfaces

Hi there,

I'd like to set up a PA-5060 with an aggregate Layer 3 ethernet interface with no address:

Aggregate Interface

Name: ae1

Type: Layer 3

Address: (none)

Virtual Router: (none)

Tag: (none)

Security Zone: (none)

and then add subinterfaces to it, each of

...