General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! capturing ssl decrypted traffic

Hello group,

as I'm thinking that someone is doing nasty things in the SSL-traffic, I thought of decrypting the ssl, capture the decrypted packets and put the into wireshark to look at it.

Only I could not find a way of explicit tell the PA to capture

...

Resolved! Panorama plugin log(AWS&K8S) delay

Dear Team,

I linked Panorama to the VM firewall.

Of course, the Timezone was set the same for both devices. (asia/seoul)

However, if I check the plugin log (AWS&K8S) in real time on Panorama, I will only see logs from about 4 hours earlier than t

...

Resolved! Palo Alto PA-5220 - Data-plane traffic stops intermittently for 20-30 min

We have a PA-5220 which seems traffic through data-plane stops intermittently for 20-30 min comes back up by itself.

The issue does not affect our management access as we are using the dedicated management interface which from what I understand it ha

...

Millennium (mp)# について

はじめまして。

勉強用にpa820を購入しました

Millennium (mp)# と出てきたのですが、イメージの破損でしょうか？

どなたか解決方法を教えていただきたいです。

よろしくお願いします。

How to configure Local Server for IPSEC Tunnel

We have created the IPsec tunnel and need to configure local servers .Kinldy help on this request.

No Logs for DMZ zone

We have created a NAT policy to access the Server in the DMZ zone, we can able to successfully connect to the server from public network. But, we cannot see the traffic logs for the same.

Resolved! How to configure gre over ipsec？

Hello

For example, some implementations require multicast traffic to be encapsulated before IPSec encrypts it. If this is a requirement for your environment and the GRE tunnel and IPSec tunnel share the same IP address, Add GRE Encapsulation when yo

...

Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel

Hello everyone,

I am working on a project to deploy a Cluster of two Palo Alto VM's on Azure. While designing the solution with an internal and external Loadbalancer (you can see the picture in my post) i don't know if i need to configure Public IP a

...

Determine configuration size on Palo Devices

Hi,

How can we determine the configuraiton file size on Palo Alto PA devices.

We wish to determine were our configuraiton size is compared to the recommened size for each PA type 5K 7k etc.

Thank you

Export configuration change message failed via SCP

Hi Panorama export configuration change message is configured to be sent to SCP server. The SCP is installed at PC/Win10. When trying to test the connection between Panorama and the SCP, I launch the connection from SCP. but I got the below situation

...

Config (XML) import to device, using Panorama

, XML

Dear all,

The Panorama feature "Scheduled Config Export" is a great way to backup all device configs to a central backup repository.

I known one can import this XML config from the device itself,

But would there also be a way to import the complet

...

How can one go about identifying shadow rules? Are there any tools for this in the WebUI?

Are there any build-in tools in the WebUI to identify shadow rules?

I thank you in advance.

Resolved! Firewall cannot be added to panorama

Hi Serial number is got from palo alto firewall, we try to add the firewall into panorama. but I got the error message as below picture. This firewall is the first one to be added to panorama. why it has Maximum issue? Thanks

Resolved! HA active/active dual ISP load balancing

Hi all,

I am considering network design that have:

- Dual ISP (public IP /29 for each)

- 2 x PA with active/active HA

- PA connects directly to L2 networks (LAN)

Requires:

Load sharing between 2 ISP Internet links

Problems:

Is it possible to conf

...

DNS not populating when using DHCP server on PAN

We are using the PAN's DHCP server for some of our sites and for some reason its only pushing static entries to our Windows DNS. We need host names to resolve for all IPs at these sites. Was wondering if there is something we need to do on either sid

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! capturing ssl decrypted traffic

Resolved! Panorama plugin log(AWS&K8S) delay

Resolved! Palo Alto PA-5220 - Data-plane traffic stops intermittently for 20-30 min

Millennium (mp)# について

How to configure Local Server for IPSEC Tunnel

No Logs for DMZ zone

Resolved! How to configure gre over ipsec？

Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel

Determine configuration size on Palo Devices

Export configuration change message failed via SCP

Config (XML) import to device, using Panorama

How can one go about identifying shadow rules? Are there any tools for this in the WebUI?

Resolved! Firewall cannot be added to panorama

Resolved! HA active/active dual ISP load balancing

DNS not populating when using DHCP server on PAN

Template- Variable CSV greyed out

Can't find the "Republic of Kosovo" in the "Firewall Region Code Legend"

Device - certificate based authentication

Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

Wildcard URL for Non-HTTP/HTTPS traffic

Re: Allow all web addresses with .gov and .edu extensions

Re: Wildcard URL for Non-HTTP/HTTPS traffic

Re: Howto delete sub-interace from cli

Re: SSL Inspection issues with GlobalProtect users

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Unlock your full community experience!

Resolved! capturing ssl decrypted traffic

Resolved! Panorama plugin log(AWS&K8S) delay

Resolved! Palo Alto PA-5220 - Data-plane traffic stops intermittently for 20-30 min

Resolved! How to configure gre over ipsec？

Resolved! Firewall cannot be added to panorama

Resolved! HA active/active dual ISP load balancing