General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Self-Signed Certificate Issues

Hello everyone,

I am trying to make a self-signed cert for use with Global-Protect in my lab. I go into Device, Certificates, Generate, give the cert a name, Root_GP_Cert, common name of 192.168.189.155 which is the WAN side IP Address. Click the C

...

Stateful Session rely on interface or Zone

Hi There,

Currently, I'm testing redundancy for vWire pair. I have replicated the existing vWire and sub-interface configuration to another couple of interfaces. Now both the vWire pairs have identical configurations including the zone. I anticipat

...

Feature suggestion: better candidate configuration highlighting and testing

These are some suggestions that would help a lot when creating new rules:

1. Highlight modified uncommited policies.

You may argue that a user should know what the is chaning, but the problem is multiuser.

When a user has a candidate rule, but ha

...

Does the NGFW support ADCS?

Just wonder if there's a way to set up ADCS to work along with OCSP.

Rule to be notified when users connect to wifi

Hi guys. Does anyone know how to set a rule to be notified when new users join the network?

URL Filtering

Good day

I am sure this question is answered somewhere but I somehow cannot locate it, so please be patient as I go through the problem we experience.

Our company's US URL is listed as High-Risk when testing it through the URL Filtering website even th

...

Restoring Palo Alto from AWS snapshot - interfaces etc

Apologies if this is a basic question but first time I do this maybe in a real production environment and I have no prior experience. Does anyone have an example of restoring Palo Alto in AWS (from a snapshot)? Where could things go wrong in the rest

...

Palo Alto Networks Approved

ChatGPT Access

Hi Team,

Users are trying to access ChatGPT and getting error, but we have allowed teh ChatGPT APP-ID and still the same. Not even seeing any error at all. What is the best way to fix it?

Regards,

Sanjay S

NAT traffic from DMZ to another zone

Hallo Everyone,

I am using PA-220

let’s call PaloAlto-Firewall “X”

Office Firewall “Y”

Other firewall “Z”

Firewall X has 8 Interfaces.

Interface 1/1: has the IP-Addressee 192.168.5.254. we assigned this Interface to a Zone Called "DMZ". When this fir

...

Palo Alto Networks Approved

Resolved! Broken email notifications formatting in version 11.0.1

Hi all

I noticed that email notifications in ver 11.0.1 are kind of broken from the formatting point if view they just look like a blob of text, instead of a decent formatted email in ver 10.2.4

is there a way to fix it?

Thank you

URL category block triggers not logging in Panorama

Hi,

I am testing global protect using Prisma Access - Panorama managed..

On panoroma - i have a mobile user security rule applied with a custom URL filtering profile enabled where I have set the action to block for some of the newer URL categories in

...

Resolved! anyone notice issues with HA pair synchronization with panos 10.1?

so our organization recently upgraded our firewalls from PANOS 9.1 to 10.1. ever since the upgrade, we've had an issue with HA pairs not synchronizing their configs automatically. this does not seem to happen every time a commit is pushed from PAN bu

...

pan-os-python Panorama set_ha_peers() method not working

The document I'm referring to - https://pan-os-python.readthedocs.io/en/latest/howto.html > High Availability Pairs

I've been working with the pan-os-python SDK, specifically with a Panorama High Availability (HA) pair. I'm following the documentat

...

How to Configure IPSec VPN Tunnel when a peer is behind a router without a static public IP

Environment
PaloAlto Next-Gen Firewall
IPSec VPN Tunnel
Topology
PA1 ----- Router ----- PA2

Public IP of PA1 : 10.50.50.50
Public IP of Router : Dynamic IP
Internal IP of Router : 10.20.20.1
Private IP of PA2 : 10.20.20.20

PA2 Private IP is natted by Rout

...

Shared policy last commit state

Hello -

How long does it take Panorama to update the "Shared policy last commit state" column? I still see a "failed" even though it committed just fine.

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Welcome to the General Topics Discussions!

Rules and Best Practices

Resolved! Self-Signed Certificate Issues

Stateful Session rely on interface or Zone

Feature suggestion: better candidate configuration highlighting and testing

Does the NGFW support ADCS?

Rule to be notified when users connect to wifi

URL Filtering

Restoring Palo Alto from AWS snapshot - interfaces etc

ChatGPT Access

NAT traffic from DMZ to another zone

Resolved! Broken email notifications formatting in version 11.0.1

URL category block triggers not logging in Panorama

Resolved! anyone notice issues with HA pair synchronization with panos 10.1?

pan-os-python Panorama set_ha_peers() method not working

How to Configure IPSec VPN Tunnel when a peer is behind a router without a static public IP

Shared policy last commit state

Client-to-Site IKEv2 IPSec without GlobalProtect

GlobalProtect SAML Authentication Complete

how to generate an AWS Redis Auth code ?

How to validate Redis connection from vm-series on AWS ?

global counter tcp_case_2

Re: GlobalProtect 6.3.3

Re: GlobalProtect 6.3.3

Re: Support PAN-OS Software Release Guidance

Re: MFA external provider question

Re: GlobalProtect 6.3.3

Unlock your full community experience!

General Topics

Rules and Best Practices

Resolved! Self-Signed Certificate Issues

Resolved! Broken email notifications formatting in version 11.0.1

Resolved! anyone notice issues with HA pair synchronization with panos 10.1?