General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! Mismatch of static-ip source translation address range between original address and translated address

What exactly does this error mean?

Error: nat rule 'ipCentrix Outbound': Mismatch of static-ip source translation address range between original address and translated address

I get this error during commit.

I'm trying to:

Change the Source Address to 66

...

What should I take on deployment PANOS (4.1 or 5.0)?

Now, I have a new project to implement paloalto firewall on my site.

Do you have any suggestions or ideas to deploy PANOS 4.1 or 5.0.

Can you please recommend me?

M100 - incorrect Message Authentication Code

I have the following setup: A VM100 that has multiple VLANs, for example LAN, Guest and DMZ. In the DMZ are some https websites, hosted on VM's on the same VM server as the M-100.

Everything is working as expected, so internet, DHCP, DNS etc. is all w

...

Palo Alto in Virtual Wire mode - problem with perimeter gateway (Firewall)

Hello everyone,

I decided to post here a question that I hope someone would be able to answer or at least provide some guide to which direction to move.

I have an opportunity to sell Palo Alto appliances to one of our clients and for that I need to sho

...

Panorama VM is misaligned.

Hi everyone,

I have installed the Panorama from the OVF file that Palo Alto provide. But when the VM is deployed, it is misaligned. Did anyone solve this issue already?I have tried to align it with MBRAlign in ESX, but after that the alignment the VM

...

Resolved! LDAP for User Mapping

Hi,

Can anyone explain: LDAP profile is needed just for User group mapping or in general for user mapping? Now i'm confuse.

Resolved! Failed to email PDF reports

Hi,

Sometimes scheduled PDF reports fails to send. I get the message: "failed to get ip for host." It is email server problem or something wrong with configuration? Is any possibility to send scheduled PDF reports on another time or repeat sending?

App Acope export

Hi,

It is any possibility to export app-scope to pdf report (eg.: Network Monitor)?

IPSEC VPN through PAN comes up but does not pass traffic

What needs to be enabled to allow a VPN that once worked to be allowed through a 3020. I had a Juniper to Juniper IPSEC VPN that worked before the 3020 was placed between the 2 junipers. What needs to be allowed to make sure that the traffic passes.T

...

Resolved! The use of use-cache-for-identification introduced in PANOS 5.0.2?

According to the release note for PANOS 5.0.2 (released 2013-01-15):

"

47195 – When the App-ID cache feature was enabled in previous releases (enabled by default), it was possible to pollute the cache to allow some applications to pass through the fire

...

Resolved! Palo Alto Dictionary file for Steel Belted Radius

Hi,

We are using Steel Belted Radius Enterprise Edition v6.1.6 for authentication on all the network devices.

We have few PA3020 and PA500. Now we would like to authenticate these firewalls via the same Steel Belted Radius Server.

I am unable to locate

...

SSL decryption fails

We are testing SSL decryption on our PA at the moment. We have found a site that could not be decrypted: https://posteo.de/

Has anyone of you an idea why the decryption fails for that site?

And how could I troubleshoot such problems? Because the normal

...

Resolved! Active Directory help

Hi All,

We received our first pan 3020 Monday and I have been trying to learn about the product in order to setup for production. I'm making good progress so far, but I have run into an issue importing AD users. I setup group mapping and I'm able to s

...

Resolved! Dynamic Block List Site

Is there a list of known bad IP addresses? I would like to include a dynamic block list in my policy but I don't have a list of known bad IP addresses. Does Palo Alto have a canned list of IPs that I can reference to insert into my policy?

Hosted Verizon PBX solution with phones behind a PA200; calls drop at exactly 15 minutes. Anyone else seeing this?

We have a remote office with a PA200 and we are using VoIP phones that use a Verizon remote hosted PBX solution. Outbound VoIP calls drop at exactly 15 minutes... meaning any and all calls out drop at that exact time. We can pull reports and see that

...