General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! Country code blocks with IP address exception - is there a way to do this?

I have a block rule for some of the more egregious regions of the internet. Unfortunately, the regions use the source address within the rule on the Palo so I see no way to negate an IP address in a region being blocked.

Is there a way I'm not awar

...

user-ID non-domain windows systems not being logged

Hello PAN community,

I have setup user-ID with Active Directory and the hostnames and user names for domain joined systems are being logged in the firewall's monitor.

Some systems have their hostnames resolved, but others are just showing IP addresses.

...

Resolved! PA -5060 Version: 8.1.24 , All the interfaces flapped simlutanesouly

Hi Team,

We have observed a situation where all the connected interfaces were flapped on the Firewall with the below logs, there is no much conclusive evidence in the tech-support logs, not sure if i am missing the log file which has the reason for

...

When Exporting a report to PDF the order of the fields(dates) are not display in order.

Hello everyone I have a question, I was recently exporting a few reports to PDF and I realize that the order regarding to the column Day Received is not the same when you export it to PDF as we see in the Custom Report builder.

I'm using version 7.1.3

Resolved! Dumb question: Are there cases where a configuration change will take effect prior to committing?

I would like to reconfigure our PA-3260 FW to use its 40G interfaces instead of the 1G interfaces being used in production now. I plan to create one new aggregate ethernet interface made up of subinterfaces that correspond to each of the individual 1

...

Resolved! Cortex XDR Firewall configuration query.

We have configured the Check Point firewall version (R81.10), but it is not supported for native log ingestion. However, we have checked the official Palo Alto documentation for this link: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-

...

Resolved! Logging In PAN OS

Hi Team,

>In general, the PA Firewalls are manged by Panorama will log directly to Panorama or do we need any configuration to be made to push the logs to Panorama?

>What is the best way to configure logging for the firewalls managed via Panorama? Fo

...

Firmware download

I have device registred and lisenced also I can ping from the device updates.paloaltonetworks.com

however I cannot run any:

request support check
request license fetch
request license info
request content upgrade check

Server error : Failed to check

...

Resolved! Issues with DHCPv6 Client with Prefix Delegation

Hi there,

Playing around at home with DHCPv6 Client with Prefix Delegation.

Been following this guide: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/networking-features/dhcpv6-client-with-prefix-delegation

The configuration for th

...

PAN OS enabling communication between overlapping subnets

Hello,

I am thinking about analogy with Cisco firewall. Please how can I make two hosts with same address communicate with one another on one firewall?

1) Two Virtual routers leaking with NAT in place between Virtual Routers. Directly on one FW, no

...

Resolved! Reports in Panorama

Hi Team,

Can we check the internet usage and particular interface usage from Panorama? For the firewalls managed via Panorama? Or is there a way we can get it from the firewall itself? Or any other solution which helps to know this info?

Regards,

S

...

Device Certificate Expired 'Invalid Request. Authentication Failed'

Hi Everybody,

I have 4 firewalls grouped into 2 HA pairs. The first pair had certificates which expired on August 18 and have failed to be renewed. The last fetched message says "Failed to renew device certificate. Invalid request. Authentication f

...

DHCP issue

Hi Team,

Customers have PA-220 running 10.0.0 and migrated to PA-1410 running 11.0.1-h2
from PA-1410 - 11.0.1-h2 unable to get DHCP ip from the firewall for Android and iPhone devices. The same devices are getting IP from PA-220 running 10.0.0 version

...

ION device issues

So twice now in the span of only a week it looks like we have to RMA an ION3000 and ION2000 device after the site lost power due to local Storms. After power was restored our ION's can't connect to the SD-WAN cloud, I can't access the devices remotel

...

Resolved! Accessing a website on the same public ip as the source

* new here so if posted incorrectly. don't kill me *

Im trying to access mywebsite.com that is on a local IIS windows server.

I can access it from Outside ( via Cell phone ) via a NAT Inbound Policy.

I need to be able to go to mywebsite.com fr

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! Country code blocks with IP address exception - is there a way to do this?

user-ID non-domain windows systems not being logged

Resolved! PA -5060 Version: 8.1.24 , All the interfaces flapped simlutanesouly

When Exporting a report to PDF the order of the fields(dates) are not display in order.

Resolved! Dumb question: Are there cases where a configuration change will take effect prior to committing?

Resolved! Cortex XDR Firewall configuration query.

Resolved! Logging In PAN OS

Firmware download

Resolved! Issues with DHCPv6 Client with Prefix Delegation

PAN OS enabling communication between overlapping subnets

Resolved! Reports in Panorama

Device Certificate Expired 'Invalid Request. Authentication Failed'

DHCP issue

ION device issues

Resolved! Accessing a website on the same public ip as the source

Template- Variable CSV greyed out

Can't find the "Republic of Kosovo" in the "Firewall Region Code Legend"

Device - certificate based authentication

Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

Wildcard URL for Non-HTTP/HTTPS traffic

Re: Allow all web addresses with .gov and .edu extensions

Re: Wildcard URL for Non-HTTP/HTTPS traffic

Re: Howto delete sub-interace from cli

Re: SSL Inspection issues with GlobalProtect users

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Unlock your full community experience!

Resolved! Country code blocks with IP address exception - is there a way to do this?

Resolved! PA -5060 Version: 8.1.24 , All the interfaces flapped simlutanesouly

Resolved! Dumb question: Are there cases where a configuration change will take effect prior to committing?

Resolved! Cortex XDR Firewall configuration query.

Resolved! Logging In PAN OS

Resolved! Issues with DHCPv6 Client with Prefix Delegation

Resolved! Reports in Panorama

Resolved! Accessing a website on the same public ip as the source