General Topics
Showing results for 
Search instead for 
Did you mean: 
We are conducting regularly scheduled maintenance over the weekend, which could cause some downtime on LIVEcommunity. We apologize for any inconvenience.
General Topics


Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 


In the past six


jforsythe by Community Team Member
  • 1 replies

External DNS resolution for specific domains



I am trying to look for a solution to an issue we have whereas we don't want to add routes from Azure (via ExpressRoute) to an on premise for public IP's for which Azure devices need to connect to via a Palo Alto firewall and across a VPN to


StuartS by L1 Bithead
  • 1 replies

Remove Multiple Saved Config files from CLI?

I recenlty received an alert for /opt/pancfg at 80% full.  It looks like there must be a bug in a PAN-OS version that seemed to be saving off configs every hour, with a random naming convention of "5rkswfabcbep_5syszjl7hw0j.txt" There are hundreds of


Global protect enforcer and public wifi captive portal

Dear community,


We have deployed Prisma access Global protect [agent 5.2.9], enabling network enforcer and captive portal detection [ 10 min timer and captive portal message].

We are experiencing mixed results with users getting an error web page when


FTP Inbound Decrypt Issues

Ok, I'm at my wit's end with TAC.. after 7 months of explaining the issues, collecting logs, and then starting over when a new agent takes the case, I'm hoping the community can help me.


I've had inbound decryption set up for our FTP server for some


jsalmans by L4 Transporter
  • 1 replies

Allowing PIA VPN in home network

Hi all,

Quite new to managing NGFW, please be patient.

I have PA-820 looking after my home network, no domain, few computers, using it to learn more than anything else, but since I have it want to use it fully.

I want my Private Internet Access VPN to a


trybar by L0 Member
  • 2 replies

Resolved! PA-VM 10.0.4 Deployment

Hello all,

I requested for a PA-VM evaluation license using 10.0.4, tried using VMware Workstation import the .OVA using 6Gb RAM and 4 cores, everything looks fine, until it gets a management IP a few seconds later says "Broadcast message from root" a


Palo Alto Firewall VM

I have installed a Palo Alto Firewall VM trial version. Now whenever I have tired to login / after successful login it is suddenly going to runlevel 0 and shutting down.

Resolved! Traffic Monitor Log Slowness - Upgraded to 10.1.4-h4

I've just upgraded to 10.1.4-h4 from 9.x code and have noticed that the traffic logs take at least 30 seconds or longer to load. On the previous code it was only a couple of seconds. Mgmnt pane cpu is very low 5%.


Anyone have similar problems and fix


roma by L2 Linker
  • 8 replies

Dual ISP VPN failover with single VR

Hi All, looking for some assistance to configure VPN failover for DR/BCP.


I've attached a basic diagram below


Currently, static route monitoring is set up on the outside interfaces of the firewalls at Site A, so if upstream from Site A ISP 1 fails Si


Screenshot 2022-06-28 at 15.52.22.png

Palo Alto - Barracuda IPsec VPN problems

We've a IPsec-VPN IKEv2 between Palo Alto (10.0.7) and Barracuda (8.0.5-0341) with 10 IPsec tunnels, one VPN-tunnel per subnet-pair, on Palo side "proxy IDs".

At least once every day, some of these ipsec-tunnels go down and can only be forced to come


ChrisCon by L2 Linker
  • 10 replies

PAN-PA-5220 Purchase

Dear All,


I am planning to purchase PA firewall 5220 for our Datacentre. and came across below model

I am not mistaken then I need to purchase PAN-PA-5220-DC i(f DC power supply) and PAN-PA-5220-AC ( If AC power supply)


However I am clueless for what


IPSec Tunnel fails after 1 packet

Hi Guys,


We have a number of Palo Alto firewalls at our satellite sites configured in a Mesh VPN.


Site A, Site B, and Site C (Internal) all work successfully.

Site C DMZ can establish a tunnel to all the other sites, however as soon as the VPN is used


Basic Setup.png
Top Solution Authors