General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! Setup SSLVPN w/ Radius Auth and limit to specific A.D. groups

What is the best way to accomplish this? I have the VPN setup with Radius auth and working correctly but in its current setup, ANY A.D. account can connect to VPN. I have already created the security groups to reference for access in A.D., just not s

...

Policy allowing ping/snmp not performing as expected

I have a policy which allows icmp / ping / snmp-base / snmpv1 / snmpv2 however when I review the logs the traffic which matches this policy is being caught in a lower policy that is more general (and we are trying to get rid of). Someone told me that

...

Resolved! Traffic log CSV Export Bytes Column

Hello everybody,

Software Version 3.0.5

when we make an CSV export for the traffic logs,
we have three columns with Bytes, called

- Bytes
- Bytes Send
- Bytes Received

All three columns have for the same row the same Byte values.
So, what is it for!

I thought

...

Resolved! Vulnerability Protection - Exceptions?

Dear all,

We've got one, okay, two little questions on the configuration of vulnerability protection:

Assuming we have a security policy configured with the pre-defined vulnerability protection profile named "strict". From that policy we're getting "LD

...

Resolved! Reports - Best way to see top URLs visited?

I'm struggling a little with the documentation on how to generate useful reports.

If I look in the ACC or default reports I can see destinations but they are simply a mix of raw hostname and rdns lookups - they might show a lot of traffic to, say, a88

...

Resolved! In which order are the fields (variables) in defaultformat for syslog?

Hi all,

I use a tool for loganalyzing which isnt too happy of the PA default format for syslog which uses commas and no spaces.

Like so: abc,def,ghi

What I need is: abc, def, ghi

or even better: abc def ghi

Because of that I need to create a customformat

...

What's there a time when you could generate your own AVR report

Would you generate your own AVR from a 4000 or 5000 PAN? And if not, why not?

SSL Weak CBC Mode Vulnerability

Our box was scanned by Qualys and the SSL VPN portal cames up with the following message:

If possible, upgrade to TLS v1.1 or TLS v1.2. If upgrading is not possible, then disabling CBC mode cipher will remove the vulnerability.

Any ideas how to disable

...

Resolved! What is session_inter_cpu_sync_err count on global count???

Hello

I am installing PA-5050 (PANOS-4.1.10) to my customer.

I am monitoring all status of device.

I am seeing many increase of global count.

I have a question.

What is session_inter_cpu_sync_err count on global count???

and

What is dfa_sw_fpga_not_loaded c

...

Advantages of Virtual Systems...

...What are the advantages of using Virtual Systems, other than being able to divide Management and Reporting of "Virtual" firewalls. In my case, I have a DMZ, Wireless, Trust and Untrust networks connected to a PA 5020. Should I split up the DMZ a

...

Resolved! BGP Configuration Clarification Needed

I am new to BGP. I am attempting to configure BGP as layed out in the following documentation with the Active/Passive configuration. I've been given an AS number and a block of /24 from ARIN. Step 2 under "Configuration for the Active/Passive Pair"

...

Forwarding mDNS (multicast DNS specifically for Apples' Bonjour Service)

Hi Guys,

What support does the Palo Alto Firewall offer in terms of forwarding on mDNS (multicast DNS, more specifically Apples Bonjour Service)?

I have a customer where they have the student and staff wireless network on a seperate VLAN, with the Palo

...

Unknown user after install and configure UI Agen

Dear All,

My PAN is 500 with 4.1.6 OS. I just migrate PAN agent to UI agent with version 4.1.6-5. After installation and configuration, I check the user-mapping the result show as following;

> show user ip-user-mapping all

IP Ident. B

...

how to block skype for 'trust' zone and allow for 'trust2' zone

Hi,

I'm trying to block skype for one group of users (whitch are in 'l3-trust' security zone) and allow for second group (which are in 'l3-trust2' security zone).

Both zones: 'l3-trust' and 'l3-trust2' are source-NATed to 'l3-untrust' zone, one interfa

...

Captive Portal on connecting to SSID rather than via Browser for Apple devices - is it possible?

Hello Everyone,

I was just wondering if it is possible to have captive portal pop up on connecting to a SSID rather than having the captive portal page upon accessing any website for apple devices? Captive Portal works on accessing any website using

...

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! Setup SSLVPN w/ Radius Auth and limit to specific A.D. groups

Policy allowing ping/snmp not performing as expected

Resolved! Traffic log CSV Export Bytes Column

Resolved! Vulnerability Protection - Exceptions?

Resolved! Reports - Best way to see top URLs visited?

Resolved! In which order are the fields (variables) in defaultformat for syslog?

What's there a time when you could generate your own AVR report

SSL Weak CBC Mode Vulnerability

Resolved! What is session_inter_cpu_sync_err count on global count???

Advantages of Virtual Systems...

Resolved! BGP Configuration Clarification Needed

Forwarding mDNS (multicast DNS specifically for Apples' Bonjour Service)

Unknown user after install and configure UI Agen

how to block skype for 'trust' zone and allow for 'trust2' zone

Captive Portal on connecting to SSID rather than via Browser for Apple devices - is it possible?

Upgrade from version 10.2.7-h8 to 10.2.11-h2

IPSec setup with certificate

UNABLE TO PING MANAGEMENT INTERFACE FROM LAN

Site flagged as GRAYWARE Please Help!!

HA State is "not sycned" even though Sync Task is completed on Peer (Passive) Gerät)

Re: User ID agent not starting.

🚀 Join us at Palo Alto Networks Headquarters for Ignite - November 14, 2024 🚀

Re: Sofware Upgrade broken? "An active license is required for this feature"

Re: Cannot see Dynamic IP lists

Recommended PAN-OS version

Unlock your full community experience!

Resolved! Setup SSLVPN w/ Radius Auth and limit to specific A.D. groups

Resolved! Traffic log CSV Export Bytes Column

Resolved! Vulnerability Protection - Exceptions?

Resolved! Reports - Best way to see top URLs visited?

Resolved! In which order are the fields (variables) in defaultformat for syslog?

Resolved! What is session_inter_cpu_sync_err count on global count???

Resolved! BGP Configuration Clarification Needed