Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

HA to standalone best practise

Hello,

Good day, I have found many articles related to configuring standalone to HA. However, I don't find related articles for HA to standalone.

Is there any good reference guide for changing role from HA (active-active or active-passive) to standal

...

Resolved! User-ID with integrated agent and Azure AD

Hi All,

Can the integrated User-ID agent of an on-prem firewall monitor Azure AD for user-to-IP address mapping information?

Many thanks

File blocking allow MS 365 Office installs and Windows updates

Hey,

If at all possible, please could I ask for some input on the best way I try allow M365 office installs (from their CDN) and Windows updates to our endpoints even though we are not using SSL decryption at the moment?

We currently have a policy rul

...

CPS for Flood Protection

For the Flood Protection calculations: Alarm, Activate, and Maximum - the documentation states to use the baseline thresholds (average) for the zone. I have used the OIDs to do this, however, why would I be using the TOTAL ZONE baseline and not jus

...

PCCET Certification Badge???

Is there a way to display a badge for taking these courses? I says I have passed but I cant find a way to carry it over to Linkedin

Resolved! Active-Passive HA failover and Preempt disabled

I have an active passive pair:

PAN01- Passive , device priority 50, Preempt- disabled

PAN02- Active, device priority 40, Preempt- disabled

Now I wanted to switch the priority i.e. to make PAN01 active and PAN02 passive.

I changed the priority on PAN02

...

Resolved! Dual ISP - Will not activate dual default gateway routes

I just installed a firewall for a customer last night and it absolutely refuses to activate the default route for both ISPs in the virtual router. Only 1 will go active at a time. The intent is to just use route monitoring and use the primary ISP u

...

Why Destination NAT is not working for internal users.

Why Destination NAT is not working for internal users. Why need to create U-Turn NAT if we have existing Destination NAT created and if internal users want to access it.

Identify the user account while using RDP on desktop

Hi,

This is just an query, so that I can understand this topic better. Bear with me, since I am not a network specialist.

Environment

User works remotely on a laptop and uses GlobalProtect VPN client to remote in on a desktop
The desktop is located in th

...

Multiple IKE crypto profiles on individual interfaces for multiple IPSEC tunnels

Hi,

In 2021 we ran into the issue where it seemed between PA-OS 8.1.x and 9.0.x/9.1.x Palo began either via a feature or bug introduced began enforcing the scenario in the subject line and began dropping tunnels after upgrading and causing issues wit

...

Can CFF format remove the double-quote

HI,

As PA document, https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/escape-sequences.html,

To maintain backward compatibility, the Misc field in threat log is always enclosed in

...

Resolved! software update for PA-820 without support contract

hello all,

my organization has a PA-820 at a branch location that's been a little neglected. it doesn't have a support contract and it's currently running panos 9.0. I would like to upgrade this at the very least to 9.1, but I'm having difficulty loca

...

Is it possible to DDoS/DoS a public IP which has only outbound traffic and ipsec tunnel. No DNAT configured and ping disabled.

Resolved! MFG part numbers confusion

Hello all,

Is there an official document from Palo Alto that lists their MFG part #'s?

For example if I'm looking to purchase a 1 year subscription for my 3220 stand alone firewall I need to know the license part # to purchase. The frustrating part is

...

Multiple IPSec tunnels, single external IP

Looking to set up a POC with a PA-820 that has the following

IPSec VPN site-to-site between our local facility and 3 partner networks
Single external IP, 3 tunnels (IKE P2)
NAT to a single host on our local private network

Is this reasonable/possible?

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

HA to standalone best practise

Resolved! User-ID with integrated agent and Azure AD

File blocking allow MS 365 Office installs and Windows updates

CPS for Flood Protection

PCCET Certification Badge???

Resolved! Active-Passive HA failover and Preempt disabled

Resolved! Dual ISP - Will not activate dual default gateway routes

Why Destination NAT is not working for internal users.

Identify the user account while using RDP on desktop

Environment

Multiple IKE crypto profiles on individual interfaces for multiple IPSEC tunnels

Can CFF format remove the double-quote

Resolved! software update for PA-820 without support contract

Is it possible to DDoS/DoS a public IP which has only outbound traffic and ipsec tunnel. No DNAT configured and ping disabled.

Resolved! MFG part numbers confusion

Multiple IPSec tunnels, single external IP

On premise RSA MFA setup.

No ping reply via Palo to Palo S2S

PA not be able to access internet

SSO Palo Alto Support Portal

IPv6 on public interface

SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: ACC shows ipv6 addresses in source/destination IP

Re: Howto delete sub-interace from cli

Unlock your full community experience!

Resolved! User-ID with integrated agent and Azure AD

Resolved! Active-Passive HA failover and Preempt disabled

Resolved! Dual ISP - Will not activate dual default gateway routes

Environment

Resolved! software update for PA-820 without support contract

Resolved! MFG part numbers confusion