General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics


Join Us for a Tech Deep Dive Miniseries!


Stop Zero-Day Threats in Zero Time with Nebula PAN-OS 10.2.


Join us live for an in-depth look at the latest advancements in cybersecurity, best practices, tips and tricks, demos and
more to protect your business and defend against threats in real


jforsythe by Community Team Member
  • 3 replies

External Certificate Renewal

I can't for the life of me figure out the process to renew a certificate issued from an external CA.  We have a cert purchased from Thawte for our Global Protect gateway.  It will expire shortly and Thawte wants a csr file for the renewal.  Selecting


can we generate report for tunnel interface in ACC

We are using proxy solution for url filtering for which we have deployed ipsec tunnel with cloud proxy server.

If we are filtering ACC report for interface and zone we are not able to get proper utilization report. Hence we are trying to export report


Deepak_K by L3 Networker
  • 1 replies

LIVEcommunity January Rewind

Hi everyone! 


We are excited to share our first LIVEcommunity monthly recap with all of you! There are a lot of exciting things happening around the community, so we put together this News article sharing everything that you might have missed durin


agalindo by L4 Transporter
  • 1 replies

Resolved! Syslog Server Queries.



I would like to know the following queries,

  • In log forwarding, there are 7 types of forwarding i.e traffic, URL, threat etc. can we know how much data will it consuming for an individual log type while forwarding the logs to Syslog server from CLI

Palo Alto image for demonostation shown in the video

Hi team,


I am looking for setting up the palo alto firewall as well panorama in VMware workstation as shown in below video. It seems to be pretty easy. Only thing I am looking for is palo alto image. How can I get the image ? I googled and got to kno


Vikashh by L2 Linker
  • 1 replies

Are used PA 'for-sale' posts permitted

Hello - does Palo Alto support resale of hardware that is not End-of-Life, and are posts on resale permitted in LIVEcommunity?  I have been searching for pinned community rules and have not found anything related yet.  I don't want to post/ask more r


keklund by L1 Bithead
  • 1 replies

IP spoofing /source routing

Hi Friends,


I have nt enabled Zone protection for our palo alto firewalls as its connected to trusted zones. I want to know the whether IP source routing is disabled in the PA NG Firewall (Pan OS > 9.0) by default or not.  Also steps to protect again


IpSec VPN Phase1 negotiation problem

Hi All,


I have two 4G router and two ipsec vpn tunnel. Routers are exactly same.

VPN configs are exactly same (except Ips) one tunnel up and running but other one failed at Phase1


It gives me "IKE phase-1 negotiation is failed. Peer\'s ID payload 192.


Lacrymae by L1 Bithead
  • 4 replies


Trying to setup a LTE link as a backup link for an SDWAN deployment.  All of the LTE gateway devices do PAT as they get a single IP from the provider.  Will this work.  Don't think it will work in the hub but in the branches believe it will.  Just wa


Palo Alto QOS - WRED drops

In Palo Alto firewall,  we observed WRED drops on QOS (150Mbps)  applied egress interface eth 1/11 – due to which DB sync/mirroring is randomly getting failed/dropped between DC & DR. Please let me know for any configuration changes/workarounds to av


preetpk by L2 Linker
  • 1 replies

Resolved! IKE-NEGO-P1-FAIL

We are trying to setup a IPSec VPN from our VM-300 Palo Alto Firewall running in AWS. Using PANOS 9.0.11.


I’m having issues with the configuration of the IKE Gateway as the Interface IP address is set via AWS DHCP and does not reflect the public (ela


System logs.png

Resolved! GlobalProtect issue on Android device

Error message: gateway external server cert is invalid

Only for Android users who are using GP version 5.1 or 5.2.
No issues with 5.0. Using PANOS 9.1.3
Using Public Certificate and we only received 1 PEM file from the client.
The server cert (SSL1_Ne


Unable to authenticate through Global Protect

I m currently unable to authenticate through Global Protect. I’ve looked at the config which looks correct and I can’t see anything obvious in the logs. Are you able to assist? I’ve paste the logs below.




2019-09-16 14:03:19.305 +1000 debug: _get_au


Top Liked Authors