General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

GP Compatibility on Windows Server

Hello, everyone.

Does anyone know if you can install the Global Protect agent, on Windows servers, such as 2012, 2016, 2019????

Is there a documentation that tells me and confirms this?

I see in the Palo Alto Firewall, that the computer does not give

...

Resolved! Is PA capable to scan for malware in Activesync/Outlook365 traffic?

Hi,

We have PA-850 appliances with Wildfire and AV licenses.

Recently we enabled the decryption of email traffic and now we are dealing with the data protection officer, he is asking us to detail what exactly is being inspected.

At first I thought al

...

SSL decryption - How to deal with third party sites that don't install the intermediate certificate?

I turned on TLS (let's start calling it what it is) decryption for our IT personnel only a couple of years ago. It was considered a pilot and I always planned to work with our legal department to craft a policy and start rolling it out to the broade

...

Next Hop in default route using DHCP Comcast modem

Hello Group,

I am setting up a PA-200 in my SOHO with comcast as my ISP. I have comcast for my isp and am using DHCP to optain my IP address. My question is this. Per the setup guide, if I check DHCP under the IPV4 tab, and check, Automatically cr

...

Factory Reset

I was in the middle of setting up a PA 850 and in the end needed to conduct a factory reset. I issued the commands to put into maint mode and was able to log in with maint@ip and the serial number as the password through putty. I had to step away for

...

Resolved! Minimum Code for PA-415/445

Hello, looking at the PA-415 for a small office and I can't seem to find the minimum code required. The datasheet shows performance results using OS 11.0 but there's nothing to indicate if you can use 10.2 code.

TIA!

DHCP client support for IPv6

Hi,

You can't configure an Ethernet Interface as a DHCP Client for IPv6 like the IPv4.
Does anyone know this will be supported in the (near) future?
I can't find anything about this.

SMB traffic identified as active-directory

From one of our management servers (Windows Server 2016) SMB traffic is identified as active-directory, but from user clients it's correctly identified as ms-ds-smbv2. Anyone come across this? We have several storage solutions (NetApp filer, iSCSI,

...

Firewallupdates via Panorama - huge delay in download and install

Hello,

I'm managing several PA firewalls (10.2.2, 10.2.3, 10.2.4-h2) via Panorama (10.2.4-h2), I noticed a delay in AV, Content and App update deployment, sometimes it's days or even weeks.

For example, the App update is planned to check and inst

...

Firewall processes sometimes are in suspended state

Dear community,

I have observed that processes "log_index" and "stats_gen" appear in "suspended" state sometimes.

We didn´t notice any issue though.

Do you know if that´s a normal behavior?

Kind Regards!

Resolved! ECMP Virtual Router Inquiry

Good day, I have an inquiry regarding virtual router. We are transferring our ISP from vsys2 to vsys1. So, we encountered a message while in the ECMP configuration that requires for the Virtual Router to be restarted. So, here's my questions, what se

...

Problms with VPN Global Protect

Good morning, I currently use a reduced version of Global Protect VPN, every time I start the program it asks me to update, but for company reasons I shouldn't. The version I'm using doesn't have as many menus and there's no part to remove the update

...

Resolved! verify data traffic

I suspect my pair of pa3020s stopped passing data for a couple of minutes. How do i check? They're running panos 9.1.13-h3

MOST COMMON ERROR MESSAGES

In your experience, what are the most common mistakes you have had when implementing Cortex XDR in a company?, enable ports, basic configuration, etc.

Cortex XDR

Resolved! Understanding Static NAT

Hi All,

When it comes to Static NAT it will be one to one NAT in vendors like Checkpoint and Cisco ASA. I am bit confused with the NAT configuration in Palo Alto. Went through config guide and examples of NAT as well but still confused.

We have a sce

...