General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 1, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! syslog no log sometimes

Hi,

Pa200 configured to send all to syslog.Sometimes(Random) no log comes to syslog.Did Anyone see an issue like this ?

5.0.5 panos.

Resolved! GlobalProtect assigning zone based on AD group membership?

I'm fairly sure I can't do as the subject line, so I'll explain why I think I want it, and hope someone can suggest a better workaround.

We're a college campus with (roughly) 3 classes of users: students, general faculty and staff, and "special" staff

...

In HA, Pasive firewall sent the traps and CACTI shows data, Active send nothing

Hello everybody

I have 2 PA-2050 with PanOS 4.0.11 configured with HA. The traps are sent by the Pasive Firewall not the Active, also source IP of the trap belongs to Pasive not by the shared management IP.I just checked the managemtn Profile and SNMP

...

Resolved! malware using encrypted (SSH) transfer over tcp/443

Does Palo Alto have a signature to detect the use of ssh on non-standard ports like 443? I did not see anything in the threat database.

Thanks,

Jim

DHCP issue in vwire

Hi all,

Having a really simple archie with two ports in vwire (Allow all vlan and multicast on it), create a rule "trust to untrust allow all".

Issue is for dhcp request, I have to create a rule allowing dhcp answer from untrust to trust ....

In my mind

...

Need help for HA Active/Active configuration with two ISPs with IPs in different subnets.

Hi All,

In below scenario firewall external interfaces of both firewall has configured with IPs in the same subnet (topology 1)what if configured with the different IPs for different ISPs (topology 2).

Kindly consider the above query all the HA Active

...

Is it possible to block method POST in any website?

Hi guys,

Our company don't want employee to post anything on internet so we're trying to create custom application that block method POST on http-request-message. But when we're trying to write a pattern. It's always pop up an alert

...

Global Protect Portal/Gateway Certificate Issue

Hi,

Just recently after upgrading to Global Protect Version 1.2.4 we started getting error messages on our external users laptops that there was an " CN Mismatch Name" but continuing still allowed them to connect..

After determing it was a Common Name

...

Resolved! Daily packet capture limit of PA-3000?

I would like to know Daily packet capture limit of PA-3000 serial.

Do you know this?

other serial device is...

> 　PA-5000 : 786432

> 　PA-2000 : 131072

> 　PA-500　: 32768

> 　PA-200　: 65536

Regards.

Certificate Error in Global Protect Portal

Hi All,

I'm trying to setup the Globalprotect VPN and have followed the (only partially helpful) GlobalProtect-Configuration-4.1.pdf to create certs and set everything up. When I try to connect to the portal site with my browser I get a certificate er

...

Resolved! IOS Global Protect APP - Required Client Certificate is not found

Hi l am trying to configure the IOS App with our PA 2050 and l am getting the message :

Gateway " IP Address " : Required Client certificate is not found

I have installed a 30 Day Trial license of the Gateway to test this but still the same error messa

...

How to control URL Filtering bypass by IP?

Hi all,

How can the Palo Alto control the age-old URL filtering bypass of typing in the IP address of a site, rather than the hostname?

As an example, some of our students last week did:

1. www.minecraft.net via web browser is blocked (category: games)

2

...

Resolved! group mapping

Hi,

We have 5 ldap profiles with different domains.When adding group mapping for each we can see all gorups without problem.After we add and commit all gorup mappings disappear in gorup mapping tab.(deleted)

Any idea ?

Resolved! authentication profile LDAP

Hi,

When l go to authentication profile and select "add" under allow-list for a LDAP connection it does not list all Active Directory Groups from our Domain ?

We are currently on PANOS version : 5.0.3

I also have the User ID Agent setup on both of our W

...

Resolved! User Agent picking up domain service account instead of end user

We are running a 2008 R2 domain and the user agent is in and working. However, it keeps showing one of our domain service accounts on many (not all) of the reports and monitoring instead of the actual user that is browsing. We run the same service

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 1, 2025