General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! File blocking profile for Evernote application

Looking for a custom file blocking signature to block uploads within the Evernote client application.

Resolved! Public IPv6 DHCP Support

Since many ISPs are adding support for IPv6, I wanted to know if PAN firewalls support receiving an IPv6 via DHCP from the ISP? When I go to IPv6 on the interface, I don't see a DHCP or PPPoE option. It appears one can only set a static address ?

User IP-user-mapping incorrect

(PA3000 series FW running 6.0.2) Getting users being blocked by the captive portal from a local service account running on their machine.. only way around it is to disable the service and/or account and then flush the user to ip mapping cache. Any w

...

VRFs on a Palo Alto - can it displace a Cisco ASR router?

Hello, we recently purchased a pair of PA-3020s to run HA with and replace a pair of ASA's. Think we've mostly got them configured to replace the ASAs with the assistance of the reseller's engineer and so far, so good - everything is working great.

H

...

Is it possible to load config from a firewall up to Panorama?

Hello,

The last 4 months of config changes seem to have fallen off our Panorama server but the firewalls it manages are still up to date.

Is it possible to gather the config from them and push it to Panorama?

Thanks in advance for any help.

Resolved! Weighted dynamic routing on edge - possible?

Folks.

Current company is looking to expand to another site (yay for me - I get to upgrade my 2020's to 3020's at the head office!), however I'm in a bit of a quandary on getting the new site working.

The new site is going to have two internet links fo

...

Commit times

I'd like to hear some feedback from users on the 3050 hardware. We currently use the 2020's and commit times are between 30-60 minutes. We've been using this platform for several years and been through tech support dozens of times on this issue. I un

...

Panorama HA Pair setup question

I have two new PA-500 firewalls and want to install it in Active/Passive setup. Right now only the management interfaces are connected. I did the initial setup, updated the software to 6.0.4 and connected both firewalls to Panorama. I did not assign

...

Resolved! Multiple bidirectional NATs with multiple public IPs

Hello,

I have /26 public IP addresses (164.67.80.65 - 164.67.80.126). I bound ethernet 1/1 to 164.67.80.77/24. Then I created a bidirectional NAT connecting 164.67.80.77 to 192.168.1.77. Works great. Now I want to setup a second bidirectional NAT:

...

Resolved! Address objects: IP vs IP Netmask

Hello,

I have an address I would like to represent as an "Address Object". The address is 164.67.80.78 and the netmask is 255.255.255.192. I created an "Address Object" with an "IP Netmask" of 164.67.80.78/26.

I used this "Address Object" to set the

...

Slowness over VPN

I just modified a PA-200 in our remote office to use two internet connections and two VPN connections for fail-over. The tunnels are up and are passing traffic fine for me, however users in that office are complaining about slowness over the VPN. The

...

Resolved! IKE phase 2 negotiation fail

Hi,

I'm having a hard time bringing up a VPN tunnel from my PA-5020 to a Cisco firewall. I'm getting the following:

'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id:

...

Resolved! Application Dependency

Hello

We currently block access to Scribd for our employees. We now want to allow Scribd and I was looking through the Applipedia and noticed "scribd-base" but it also has dependencies of "web-browsing" and ssl". If I add those dependencies will they

...

App dependencies - that's creazy!!

Hello

Today I have to add MS Lync to be allowed from VPN. Sound simple.

So I add to security rule ms-lync

.

but during commit I get warnings:

ok, I added ms-lync-online but I get another warning:

DO I really need to add every particular aplication by hands

...

Resolved! Can use PA-5060 AC Power code at London?

Is the attached AC power code in PA-5060 (C-13 connector) able to use 205V at London?

Does PANW attached any special power code for GB?

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource