General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! Reports - Best way to see top URLs visited?

I'm struggling a little with the documentation on how to generate useful reports.

If I look in the ACC or default reports I can see destinations but they are simply a mix of raw hostname and rdns lookups - they might show a lot of traffic to, say, a88

...

Resolved! In which order are the fields (variables) in defaultformat for syslog?

Hi all,

I use a tool for loganalyzing which isnt too happy of the PA default format for syslog which uses commas and no spaces.

Like so: abc,def,ghi

What I need is: abc, def, ghi

or even better: abc def ghi

Because of that I need to create a customformat

...

What's there a time when you could generate your own AVR report

Would you generate your own AVR from a 4000 or 5000 PAN? And if not, why not?

SSL Weak CBC Mode Vulnerability

Our box was scanned by Qualys and the SSL VPN portal cames up with the following message:

If possible, upgrade to TLS v1.1 or TLS v1.2. If upgrading is not possible, then disabling CBC mode cipher will remove the vulnerability.

Any ideas how to disable

...

Resolved! What is session_inter_cpu_sync_err count on global count???

Hello

I am installing PA-5050 (PANOS-4.1.10) to my customer.

I am monitoring all status of device.

I am seeing many increase of global count.

I have a question.

What is session_inter_cpu_sync_err count on global count???

and

What is dfa_sw_fpga_not_loaded c

...

Advantages of Virtual Systems...

...What are the advantages of using Virtual Systems, other than being able to divide Management and Reporting of "Virtual" firewalls. In my case, I have a DMZ, Wireless, Trust and Untrust networks connected to a PA 5020. Should I split up the DMZ a

...

Resolved! BGP Configuration Clarification Needed

I am new to BGP. I am attempting to configure BGP as layed out in the following documentation with the Active/Passive configuration. I've been given an AS number and a block of /24 from ARIN. Step 2 under "Configuration for the Active/Passive Pair"

...

Forwarding mDNS (multicast DNS specifically for Apples' Bonjour Service)

Hi Guys,

What support does the Palo Alto Firewall offer in terms of forwarding on mDNS (multicast DNS, more specifically Apples Bonjour Service)?

I have a customer where they have the student and staff wireless network on a seperate VLAN, with the Palo

...

Unknown user after install and configure UI Agen

Dear All,

My PAN is 500 with 4.1.6 OS. I just migrate PAN agent to UI agent with version 4.1.6-5. After installation and configuration, I check the user-mapping the result show as following;

> show user ip-user-mapping all

IP Ident. B

...

how to block skype for 'trust' zone and allow for 'trust2' zone

Hi,

I'm trying to block skype for one group of users (whitch are in 'l3-trust' security zone) and allow for second group (which are in 'l3-trust2' security zone).

Both zones: 'l3-trust' and 'l3-trust2' are source-NATed to 'l3-untrust' zone, one interfa

...

Captive Portal on connecting to SSID rather than via Browser for Apple devices - is it possible?

Hello Everyone,

I was just wondering if it is possible to have captive portal pop up on connecting to a SSID rather than having the captive portal page upon accessing any website for apple devices? Captive Portal works on accessing any website using

...

AD Groups in Firewall Policy - Inconsistent Behaviour

I have two issues with managing firewall policies when using AD groups; running 4.1.7 - so am using the 'on-hardware' group retrieval rather than the PAN Agent.

1) When adding new groups to be mapped they do not appear in the GUI i.e. cannot be select

...

Resolved! Puffin Browser: Bypassing Filtering policies (big loop hole may be ??)

Greetings,

I was pleasantly surprised when I got to know that I can download Puffin Browser as an app on mobile and tablet devices and browse my way through to otherwise blocked websites / denied applications. Just to confirm what I did:

1. Created a

...

Resolved! monitor a subinterface bandwdith with snmp

Hi all,

i was wondering if it is possible to monitor a subinterface with snmp.

I'm trying to monitor bandwidth utilization with Cacti, but i'm only able to check physichal interfaces.

Thanks

Sergio

Resolved! How to cancel screen output in CLI ?

Very silly question, so I apologise now..

How do you cancel the screen output in CLI... for example I show the running configuration, there's about 500 pages of it, and I dont want to sit mashing the space bar for 20 minutes!

I've tried all the usual s

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

Discover LIVEcommunity Through Our New Animated Explainer Video!

Resolved! Reports - Best way to see top URLs visited?

Resolved! In which order are the fields (variables) in defaultformat for syslog?

What's there a time when you could generate your own AVR report

SSL Weak CBC Mode Vulnerability

Resolved! What is session_inter_cpu_sync_err count on global count???

Advantages of Virtual Systems...

Resolved! BGP Configuration Clarification Needed

Forwarding mDNS (multicast DNS specifically for Apples' Bonjour Service)

Unknown user after install and configure UI Agen

how to block skype for 'trust' zone and allow for 'trust2' zone

Captive Portal on connecting to SSID rather than via Browser for Apple devices - is it possible?

AD Groups in Firewall Policy - Inconsistent Behaviour

Resolved! Puffin Browser: Bypassing Filtering policies (big loop hole may be ??)

Resolved! monitor a subinterface bandwdith with snmp

Resolved! How to cancel screen output in CLI ?

No "certificate used by" field when generating certs for SSL forward trust and untrust?

A question about snat address pool couse a route loop

How do I get the documentation / training for creating advanced XQL queries

panorama disk health

Recommend os version

Re: Exclude only communications on specific port numbers from Global Protect

Re: Software NGFW Credits

Re: Advanced DNS Security vs DNS Security License

Re: Replacing HA Hardware

Re: About API keys when using the curl command

Unlock your full community experience!

Resolved! Reports - Best way to see top URLs visited?

Resolved! In which order are the fields (variables) in defaultformat for syslog?

Resolved! What is session_inter_cpu_sync_err count on global count???

Resolved! BGP Configuration Clarification Needed

Resolved! Puffin Browser: Bypassing Filtering policies (big loop hole may be ??)

Resolved! monitor a subinterface bandwdith with snmp

Resolved! How to cancel screen output in CLI ?