General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Global Protect Portal Feature Request

Am I posting this in the right place?

I would like the ability to display available VPN gateways for my users based on AD group membership.

E.G. I have 4 available gateways:

gw1 - no AD group requirements

gw2 - no AD group requirements

gw3 - no AD gro

...

Disble GlobalProtect Agent on internal - corporte lan

Hi,

is it possible to disable the globalprotect agent autoconnect on the corporate lan ?

scenario:

-outside the corporate lan the vpn connection must be autoconnecting to the globalprotect portal to enforce webfiltering etc..

- inside the corporate lan

...

"Facebook-apps" And "Facebook Chat" block

Hi all,

Appreciate if you can guide me to block facebook-apps and facebook-chat in Palo Alto but allow other facebook features. I already implemented it in Application layer but failed, is there something i am missed? I am using PA-3020 and 7.0.3 ve

...

Service route destination option

What is the purpose of adding destination in service route?

We have a default gateway in management interface config and we also have specific route in vr so why we need it?

NAT after Proxy

Hi

I have to set up a PA-200 as a NAT. That it self would not be the problem but between the PA-200 and the modem is a Proxy. I have no information about that proxy. The only information i have about the network is the IP settings given by DHCP. Is

...

Resolved! How to block www.youtube.com completely

Dear All,

Appreciate if you can advise how to block www.youtube.com completely. I have try using URL-Filtering and application layer level but still failed. I am using PA-3020 OS version 7.0.3

Imran

Resolved! arp not found

Yesterday I attempted to move our Internet connection from a copper interface on ethernet1/1 to fiber optic on ethernet 1/13 on a Palo Alto 3020.

I ensured both interfaces were members of the same security zone and modified the Default route of def

...

Resolved! Reduced bandwidth after 7.1.2 upgrade

After the upgrade to 7.1.2, I've notice that my bandwidth has reduced by 80% over a Metro E Gig connect. Any one else seen this problem or has a resolution for it?

Resolved! RADIUS authentication: MS-CHAP v2?

Currently, my PA-3050 devices (PAN-OS 6.1.12) utilize RADIUS authentication. I know that this uses the completely unencrypted PAP protocol.

I have asked PAN about MS-CHAP v2 support in the past and was told that the device must be placed into FIPS m

...

Multi AD Account login - Captive Portal

Hi,

Can we limit the login per account using Active Directory as an authentication profile at Palo Alto Captive Portal? I believe by default, you can login using a single AD account with multiple devices.

Error with PDF Reports

when i do a test email for the email profile it successfully delivers the email. however in my system logs I get this error.

"failed to email pdf reports to #####@#####.com for email profile #####"

any ideas?

Resolved! User based ssl decryption

Hi,

I try to test ssl forward proxy decryption. It works fine if I use IP address as a source but if I use Users(domain) as a source it doesn't work. I can't use IP's for testing because our IP's floating. What I need to check in configuration?

Toni

Resolved! GlobalProtect 3.0.2 setting VPN DNS on WiFi adapter

Hi,

I'm having a single client, running Windows 10 Pro, that we're having issues with.

When the user connects to their network at home, they are unable to connect to VPN, and it seems like the issues is caused by GlobalProtect setting the WiFi adapter

...

Resolved! QOS & Aggregate Interfaces

Hello,

In our QOS Aggregate Eth. Interfaces we cannot assign an egress value greater than 1000.

(LACP Bundle is 2 x 1Gbit on eth4 + eth5)

Why ?
Do we throttle down throughput to 1 GBit/sec. in the Aggregate ?
Shall we leave egress value in profile and Int

...

Resolved! Is there any restriction for application to add in Policy based forwarding

Is there any specific reason that all application is not avaialbe to add in policy based forwarding.

For ex: I am trying to add "panorama" in policy based forwarding, it is not there.

I have to addd port 3978 instead of application. Is there any reason

...

Discussions