General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics


Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 


In the past six


jforsythe by Community Team Member
  • 1 replies

Resolved! How to reduce downtime when migrate to an AE interface

Hi All,


Am going to bundle an existing layer3 interface (e1/1)with extra one (e1/2 ) to an ae1 interface. And then move the ip address from e1/1 to ae1. 

This is in a HA A/P configure, question is how to reduce the downtime to roughly 0?

If it will imp


AllanGao by L1 Bithead
  • 3 replies

Resolved! U-Turn NAT question

When setup U-turn NAT, can see SNAT part using an internal interface for DIPP. But in the scenario A/P FW has two downstream switches, ie. two internal interfaces, if need to setup 2 U-turn NAT policies . So that when the primary link down, can use t


AllanGao by L1 Bithead
  • 4 replies

Resolved! Security Policy "Last Hit" metric


How is the "Last Hit" metric for a security policy on the firewall generated? Would the timestamp be based on the session start time or the received time of the log? Intuitively I would think the former, but I am starting to think its the latte


Pc does not join into Domain


I can not join into a domain when the computer pass through PA.

This is my scennario:

PC - PaloAlto - Switch - DomainController

The PC and Domain controller are in the same Zone (trust) and I have a security rule: from zone trust, to zone trust, perm


PA without license



I hope you can help me. I currently have a customer who wants to leave one of their old APs unlicensed as a VPN concentrator. My question is the following:


What functions would be active in the PA?


For GP I checked this KB: https://knowledgeba


Policy Optimizer Reports

Hello Community,

Has anyone here found a decent way to have a report generated automatically on a periodic basis for the Policy Optimizer suggestions? I.e. A PDF generated every Monday morning with a list of Unused policies in the past 30 days, etc.?



Global Protect stuck in "Connecting", "Still Working"

Hi there guys, I have a Macbook Pro with Catalina v10.15.4 and I am here because I am out of moves on how to make this software to work. 


Troubleshooting I've tried so far:

1) Tried going to privacy and security in the settings to allow the software t


Packet Buffer Congestion error

We have a couple of FW 5220 in active-passive. last 07/15 we upgraded to version 9.1.10 and we have detected that "Packet Buffer Congestion" is growing linearly.

could it be a bug in this version?

thanks so much

BigPalo by L4 Transporter
  • 3 replies

Captive Portal HTTPS SSL decrypt

Captive Portal HTTPS decrypt


Dear all:


Very good afternoon, I have the following doubts and concerns:

-Is it mandatory to configure SSL Decrypt ( I understand that yes, please confirm, it is for the point that when they enter a HTTPS site, it displays


Metgatz by L3 Networker
  • 2 replies

server hello message dropped at firewall

We are facing currently this issue with a DC firewall. The following is the environment

EnduserPC-> DC Firewall (PAN) -> f5 Load Balancer-> Web Servers


All these days the users were able to login to the web services without any hassles. For the last 2


file saving issue through global protect

I'm facing issue at the time MS-Office files saving when global protect is connected.

Logs showing temp file (.rels ) .When we excluded temp file file blocking profile, after that its start to saving file.

But for long time we cant exclude temp file fr


SurajN by L2 Linker
  • 1 replies

GP latency with excel add-ins

Hello all

anyone faced this latency issue with excel add-ins load, it takes up to 8 minutes to load which is unacceptable from a user perspective.

the only workaround  i found for now  is to install VDIs on premises LAN for users, so they can rdp to an


Top Solution Authors
Top Liked Authors