General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

IPS Evasion

So are the techniques used in the following article realistic?

http://www.sans.org/reading_room/whitepapers/intrusion/beating-ips_34137

Palo Alto's PAN-OS 5.0 made it a bit harder, compared to the others at least.

Dns Proxy

Hi,

is there a document for configuring Dns proxy function with detailed explanation about properties in it.

Thanks

What's meaning that first two number in Email Report??

Dear All,

Have anyone know?

When I receive Email Report, like above. The file name is 10-20130315Weekly-summary-report ,

What is meaning about 10 this number??

(Everyday 's report have different number, but I still not known what is mean??)

Best Regards

...

If the PAN's in HA are perimeter FW's and IPS's how do you configure for Internal IPS Monitoring?

We'd like to be able to see internal IPS threats to our server farms sourced from workstations on the LAN's.

Is this scenario achievable with two HA PAN's

...

Which CLI modes can be granted to a URL Filtering Profile Administrator without granting full CLI roles?

Which CLI modes can be granted to a URL Filtering Administrator without granting full CLI Admin roles?

We want to be able to see which URL Filter profile group a user is in using the CLI commands for showing group membership.

We would also want to be a

...

Block traffic to ip addresses

How do you block traffic going directly to ip addresses?

Another bug for 5.0.3

When using port with address of External Gateway on Global protect, 5.0.3 does not accept this.

it is working on 5.0.2

Does PAN support SAML redirect for SSL VPN Auth? Or possibly x.509 redirect?

I'm looking to use a 3rd party product for SSL VPN authentication such as the Secure Auth for 2 factor. Has anyone gotten this to work with the Palo Alto device? It works with an ASA and a Juniper SA.

Best way to update app and content without impacting traffic...?

Hello All,

I am posing this as a question to the community, but in the latest release of app/content updates for PA, a new more focused signature was released. The new more focused signature was ms-wmi, and it was previously identified as msrpc.

So...

...

Resolved! Replacement of PA Management Certificate

I asked this in a recent class (201/205) but the instructor wasn't sure of the answer so here goes: Can the management certificate be replaced? We use a private CA for internal sites, as well as public certs for some devices.

Thanks.

Resolved! ssl decryption with upstream proxy

We have a squid server behind our pa fw like this:

Client <-> PA FW <-> Squid Proxy <-> ASA FW <-> Internet

Decryption of site https://addons.mozilla.org adds the IP address of our squid proxy to the exclude-cache list and all following ssl connection

...

Resolved! Custom App Cloning

Last question for today (but thanks for the previous responses - you all are very patient with the newbies): Is it possible to copy application definitions in order to make a custom one? I was looking for a clone app process that would save time for

...

Resolved! How do I create a 2GB aggregate interface on PA-2050, not HA

All,

I have a client that wants to aggregate two sets of interfaces in vwire on a PA-2050 to create a 2GB etherchannel. Is this possible? If so, can someone tell me which document contains the steps to create this?

Thanks!

ejm

About schedule reports error messages

Hi All,

We run a PA-500 with PanOS 4.0.8 and setup a schedule report profile to sendout daily custom reports. However sometimes it works and sometimes doesn't.

I would lke to find out something wrongs, and see many error messages in the mailclient.log

...

Resolved! About ftp passive mode App-ID insufficient-data

Hi All,

We find that if ftp runs passive mode and go through paloalto fw, in the fw monitor -> logs -> traffic, we'll see the application should be identified as insufficient-data.

I also find that there are just few bytes for every logs in the Bytes c

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

Discover LIVEcommunity Through Our New Animated Explainer Video!

IPS Evasion

Dns Proxy

What's meaning that first two number in Email Report??

If the PAN's in HA are perimeter FW's and IPS's how do you configure for Internal IPS Monitoring?

Which CLI modes can be granted to a URL Filtering Profile Administrator without granting full CLI roles?

Block traffic to ip addresses

Another bug for 5.0.3

Does PAN support SAML redirect for SSL VPN Auth? Or possibly x.509 redirect?

Best way to update app and content without impacting traffic...?

Resolved! Replacement of PA Management Certificate

Resolved! ssl decryption with upstream proxy

Resolved! Custom App Cloning

Resolved! How do I create a 2GB aggregate interface on PA-2050, not HA

About schedule reports error messages

Resolved! About ftp passive mode App-ID insufficient-data

Does Palo Alto provide free exam vouchers for their customers?

Is there any way to apply multiple interface management profiles

THREAT MAP on GUI is unable to export

GlobalProtect Machine account exists with device serial number config

Identifying Source IP Addresses for Routing Palo Alto Firewall Logs to an Azure Collector via IPSec Tunnel

Re: CLI - Basic to Advance PAN-OS 11.1

Re: flow_tcp_non_syn_drop - packet capture on this counter?

Re: IP Wildcard Mask Address Objects

UserID periodic empty groups issue

Re: Access problem Autoassist

Unlock your full community experience!

Resolved! Replacement of PA Management Certificate

Resolved! ssl decryption with upstream proxy

Resolved! Custom App Cloning

Resolved! How do I create a 2GB aggregate interface on PA-2050, not HA

Resolved! About ftp passive mode App-ID insufficient-data