General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

IPsec tunnel on passive FW and Solarwinds alert

Hello,

We are currently running pair of 3260s in HA. When the IPsec tunnel goes down on primary FW, we get alerts from Solarwinds that both tunnels are down on primary and passive Firewalls. Is this normal condition? If so why would I receive alert on

...

Resolved! Why anti-virus default profile is read-only?

Hi, Why anti-virus default profile is read-only? cannot modify the settings for default profile using superuser account.

Anyone can please advise, thanks!

understand thermal check commands

Need help with understanding output for this.

show system state filter env.* | match thermal

env.s1.thermal.0: { 'alarm': False, 'avg': 55.000, 'desc': 6220 Core Temperature, 'hyst': 4.500, 'max': 95.000, 'min': 5.000, 'notified-avg': 55.000, 'samples

...

Resolved! Clone a Device Group?

Hi Guys,

I have Panorama with a few device groups; how do I clone one of them from GUI so I can do testing without impacting a production device group?

Thanks

Resolved! Is it possible to login to the passive device in HA without using mgmt port?

Hi.

Is it possible to login to the passive device in HA without using mgmt port?

Is console port only approach?

Is there no approach to login to the passive device in ha except mgt-port or cosole-port?

plese tell me...

Resolved! Only partial of template got pushed to the firewall.

Hi Guys,

I have a template in Paranoma and I pushed it down to a firewall, the firewall could only get 80% of the template. The Panorama didn't complain as there were no error messages after the push.

The firewall is currently missing interfaces'

...

Resolved! Unable to change hardware udp session offloading setting as false

Hello all,

I am using PA-440 on the PAN-OS 10.2.3-h4.

Due to performance degradation issues, hardware session offloading and hardware udp session offloading was changed to false through the following commands.

> configure # set deviceconfig setting ...

Resolved! IP Wildcard Address not supported in Address Groups?

I am trying to make an address group that consist of wildcard addresses but I get this error:

vpn30-wc -> static 'vpn30-v110-wc-1' is not a valid reference vpn30-wc -> static is invalid

vpn30-v110-wc-1 is an IP Wildcard

vpn30-wc is a new empty a

...

Resolved! "Interface X has no zone configuration" error when commiting

The loopback interfaces clearly are assigned to security zones. Version 5.0.1

Resolved! Maximum number of routing entries on a PA 5020 running 4.1.10

Hello,

Does anyone know what's the maximum routing table entries is on a PA 5020 running 4.1.10 ?

I ran into a limitation with a PA 500, where it exceeded > 1K+ routes and had to change how routes are re-distributed on the routers.

Thanks in advance.

Suggestions or help needed: forwarding broadcasts with a custom ip-helper

Hello all,

we have recently started using interactive boards that can display the screen of a connected client in various ways: airplay, chromecast, etc. and also by means of a manufacturer's own tool.

The tool first creates a list on the client of a

...

Explore App - can no longer access it

Has anything changed to the Explore app lately? Just recently I was able to access it for clients that had it, but now it is not showing up in the Hub and when I visit it directly via old link I get "You do not have app: logging_service in the accoun

...

map users into groups in a multi-forest AD design

Hello Community!

I´m trying to find a solution for the following problem:

I have two different forests created in the same Active Directory:

Forest_1:
subdomain_1.domain_1.com

Forest_2:
subdomain_2.domain_2.com

There is a trust between the two

...

Set zone to "any" in CLI

How can I set the zone for a rule to any in the CLI? If I delete the from / to lines it sets it to "none" which is not valid. If I set it to "any" then it thinks "any" is the name of the zone which is also incorrect. Any ideas?

Thanks!

Resolved! Replace Local Firewall object (address) with Panorama pushed object?

So we are migrating ASA's to Palo Alto...like TONS of them. My question is quite simple and I've yet been able to find an answer. Lets use the following for theoreticals:

Local Firewall A has an address-group of "g-RFC1918" on it.
I've defined "g-R

...

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

IPsec tunnel on passive FW and Solarwinds alert

Resolved! Why anti-virus default profile is read-only?

understand thermal check commands

Resolved! Clone a Device Group?

Resolved! Is it possible to login to the passive device in HA without using mgmt port?

Resolved! Only partial of template got pushed to the firewall.

Resolved! Unable to change hardware udp session offloading setting as false

Resolved! IP Wildcard Address not supported in Address Groups?

Resolved! "Interface X has no zone configuration" error when commiting

Resolved! Maximum number of routing entries on a PA 5020 running 4.1.10

Suggestions or help needed: forwarding broadcasts with a custom ip-helper

Explore App - can no longer access it

map users into groups in a multi-forest AD design

Set zone to "any" in CLI

Resolved! Replace Local Firewall object (address) with Panorama pushed object?

SSO Activation

No valid AceMlc2 config: SC 1 (AceMlc2): Config not valid

How to request a URL filtering change to High-Risk?

Management Interface Settings - Can't Change?

Log Container Page Only - impact?

Re: New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Support Portal is down.

Re: sorting question

Re: How to add palo to multiple device groups

Error while logging into PaloAlto Support Website

Unlock your full community experience!

Resolved! Why anti-virus default profile is read-only?

Resolved! Clone a Device Group?

Resolved! Is it possible to login to the passive device in HA without using mgmt port?

Resolved! Only partial of template got pushed to the firewall.

Resolved! Unable to change hardware udp session offloading setting as false

Resolved! IP Wildcard Address not supported in Address Groups?

Resolved! "Interface X has no zone configuration" error when commiting

Resolved! Maximum number of routing entries on a PA 5020 running 4.1.10

Resolved! Replace Local Firewall object (address) with Panorama pushed object?