General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Palo Alto OSPF Graceful Restart

Is Palo Alto's OSPF Graceful Restart checkbox on the virtual router roughly equivalent to Cisco's NSF IETF method?

If I do this on a Palo Alto:

And this on a Cisco... Q:Should it work?

enable
configure terminal
router ospf process-id [vrf vpn-name ]
n

...

Comment column for custom url categories?

IP lists for edls have:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/formatting-guidelines-for-an-external-dynamic-list/ip-address-list#idd44a975a-a94a-4398-864e-5cf223f1d351

Is there a way to

...

Whitelisting a url with 2 different ip address

Just wanting to make sure I am doing this properly so it works how its accurately. I am trying to whitelist 2 different IP's and a single url https address. I am trying to do this for a specific group of users on the firewall are able to access it an

...

Resolved! PBR/PBF to DMZ then Internet

Greetings!

As title suggests, I'm trying to implement PBF to the specific destination network in Internet through a server residing in DMZ. There are three zones configured:

Inside 10.0.5.0/24 - from where traffic is initiated
DMZ 10.0.22.0/24 - where

...

Logs not been sent to dedicated log collector by some firewalls

Hi All,

I have an interesting issue of most of my firewalls not sending logs to the log collector. Have only a 20% success ratio with successful log collection thus far.

I see the below in the below:

Log Collector : 000710004755

Conn ID

...

Resolved! Can we input address range directly to security policy source and destination

Dear all,

In firewall version 8.1, Can we input address range directly to security policy source and destination? or we need to create network range object to apply in address only?

Thank you for your answer.

GlobalProtect agent error message "ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY"

Hi all,

I deployed the GP agent and user was authenticated by client certificate, most users wroks, but some users cannot pass the authentication and get the following error messages in PanGPA.log:

(T1356) 06/08/18 13:39:53:722 Info (2559): PanWinht

...

Resolved! WildFire analysis report rabbit images

Dear Team,

When my client clicks on the WildFire analysis reprot, they see the rabbit image as shown below.

Has anyone had the same experience as me?

I would like to know the cause of the symptom and how to solve it.

Thanks in advance,
Kyungjun,

Resolved! Traffic cannot return

Hi Folks I have the next topology. The problem is the return traffic when I connect via GlobalProtect and I get a client IP 10.81.235.x. This IP cannot connect with a web server that is in the LAN, but this LAN is external through a data link routing

...

Resolved! reaching Session Count Limit

Hello,

what exactly happens when the firewall reaches the Session Count Limit? Discard the new sessions? and above all as regards the globalprotect VPNs are impacted?
In my scenario I have two 5250 PAs working in HA Active / Passive and corporate VPNs

...

Proxy-id same local ip difference remote-ip in 2 tunnels

Hi,

I have 2 IPsec tunnels same local-IP and difference remote-ip how we can setup prox-id with 2 tunnels

SNMP OID for identifying if an power supply had failed or removed from the firewall

Hi Team,

We have an PA-5260 deployed in our environment.

We need to get alert on our SNMP Manager when the Power supply to the firewall failed or the power supply had been removed from the firewall.

Downloaded the Enterprise MIB file but not able to

...

Issue with network driver of PAN-OS 10.1.3 deployed in azure

Hi Folks,

We have an PA-VM-100 series firewall deployed in the Azure cloud.

We have three NIC cards mapped to the firewall interfaces which is configured as below:

NIC card 1 <-----> Management interface

NIC Card 2 <----> Untrust interface(Ethernet 1/1

...

Global Protect Redundancy

Hi,

I would like to set up Global Protect VPN on 2 sites, and have a round robin redundancy between them.

i.e. user1 logs on the GP VPN and connects to site A, then user2 connects to GP VPN and connects to site B, and so on...

Is this possible?

regard

...

"You have been logged out due to unknown reason"

Any idea what causes this or how to investigate it? I can see the event as "User Me logged out via Web from My_IP" in the System Monitor tab. Happens intermittently otherwise I'd look at this: https://knowledgebase.paloaltonetworks.com/KCSArticleDe

...

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Palo Alto OSPF Graceful Restart

Comment column for custom url categories?