General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Monitor traffic - filtering issue

Hi all,

we have noticed inconsistency in PAN OS 5.0.8 and 5.0.9, compared to 4.1.9, related to monitor traffic filter. In older version message box pops-up in case filter is not properly defined (i.e. if there is syntax error), which is fine and helpf

...

Active/Active traffic log.

Hello

I knew session owner generate traffic log.

Does session setup device generated traffic log If a session is denied L4 processing before L7 processing???

Network Diagram

Router#1(Power-OFF) ------ Router#2(Power ON)

|

...

Resolved! use GlobalProtect for Network Logon

Dear,

Is it possible to use GlobalProtect with pre-logon enabled as a "Network Logon" for Windows?

This way I want to use the GlobalProtect to tunnel the domain-login request to our AD when the pc is on the road.

Ultimately we want to use this for users

...

Resolved! L3 deployment with dynamic IP and DMZ (NAT and PBF required?)

Dear all,

I'm trying to move from my initial vWire deployment to L3 in order to get rid of my SSG5. Later on I'll also get rid of my SA-2000.

Current layout:

ISP (dynamic IP) - PA vWire - SSG5 - PA vWire - Intranet

...

About updating AD group membership

Hello guys

1. I configured LDAP profile and update from AD DC

2. AD group named domain-users has about 10900 user

3. Customer created new user and applied new user to domain-users group

So I tried to refresh a group-mapping information by debug command.

...

Resolved! will an unlicensed Palo Alto pass traffic?

We have a fully configured cold spare racked - unlicensed, no subscriptions. If pressed into service wil it at lease pass traffic until an RMA arrive for instance?

How to disable global protect portal exposure in public

HI all,

it.s that any way I could disable the global protect portal pages exposure in public? Could I just manually install the global protect client to the pc and get the ssl VPN feature works?

7-Zip ARJ File Buffer Overflow Vulnerability(31030)

Has anyone come across this vulnerability? We have several PC's with 7-zip installed for extracted .tar files in windows. Even after we delete 7-zip, we still see these vulnerabilities being flagged by the pan. Has anyone seen this behavior before

...

Resolved! pa performance analyze

hey

i am trying to analyse if the PA is under load regarding to the PA specs,

the customer is having sometimes disconnects on the network, i can see that the CPU have peaks sometimes but mainly is OK

netcom@PA-IL-ACTIVE(active)> show running resource-m

...

best practice User-ID strategy?

Hello,

first I try to give you some information. Our headquarter is located in Germany. All of our subsidiaries are connected to Germany via relatively slow VPN lines. Overall we have round about 20 DCs in different countires. Until now we have only 3

...

Why both portal and GW license for HIP ?

Hi,

Can someone give a competitive explanation for that ?

Portal for once, GW for every year.But why both ?

Vendor updates make sense for GW subs., what extra portal makes ?

Regards.

SYSTEM ALERT : high : HA Group 1: ** version does not match

Hi Friends,

I wanted your help in solving this persiting issue.I have a PA4020 in HA mode which is configured in Active-Passive mode. From last few days i am getting the below error

SYSTEM ALERT : high : HA Group 1: Anti-Virus version does not match

SYS

...

Does PA firewall really support 6in4 tunnel?

I have a free 6in4 tunnel from Hurricane Electric. The tunnel profile inucludes IPv6 Tunnel Endpoints, Routed IPv6 Prefixes and Anycasted IPv6 Caching Nameserver. I used these information to configure a Juniper SSG firewall and it works. I was told b

...

Resolved! Unable to Perform Debug Flow

Hello, have a PAN-5050 running 4.1.13, where I am trying to debug flow on. Followed the steps necessary to turn on flow debugging but I am not seeing anything log to either of the dataplane pan_packet logs files. I've confirmed the settings are in p

...

Resolved! Forward Trust Certificate

Hi,

In my office environment, we have an internal certificate that we have been using prior to installing PAN device. Lately after installing PAN, our office staff are always getting certificate warnings whenever they visit a SSL enabled website.

I re

...

Discussions