General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

What expression to use to block/permit an entire website?

I'm having trouble figuring out what expression to use(in a Custom URL Category) to match any variation of HTTP requests for an entire website. For example, I want a single expression to be able to match/block/permit the following HTTP requests... example.com/ example.com/path abc.example.com/ abc.example.com/path xyz.abc.example.com/ xyc.abc....

Firewalls is not resolving domain names in address groups

For some odd reason the firewall is not resolving external fqdn's that are part of an Address groups..

Resolved! Unable to access KB, Support Cases, etc.

I get SSO errors whenever I try to go to any PaloAlto site besides Live and support.paloaltonetworks.com. I went to open a ticket to have the problem solved, but I am unable to do so due to an SSO error. How am I supposed to go about getting support for this?

A new comment has been added on a case [Case#: 02407876] - Unable to log into Support Portal

Dear Sir, Asper our dictation we install two Palo alto PA440 box in CESC office and for registration we create a account username: ********* and Password: *********** and it create successfully. But when we try to support portal by using the account details it display (UnAuthorized Access /Your membership has expired or has not been approved, p...

PA-200 License is not expired PAN-OS 8.1.23 rebooting randomly on its own very intermittently

PA-200 License is not expired PAN-OS 8.1.23 rebooting randomly on its own very intermittently.

How to assign multiple vlans to aggregate ports

Hi, I have two inside aggregate ports eth1/3 and eth1/4. These will be uplinking to Cisco Nexus core switches. How can I tag multiple vlans within these ports and what interface type should the ae1 be? Thanks

PA 3260 and using non dedicated as HA1 interface

We have 2 PA 3260 across Data Centres.We tried to use Eth1/13 as HA1 port but under ha1 interfaces it does not show option to choose eth1/13. IS this by design that HA1 interface to be dedicated?for now we used management as ha1 interface. is this good to use management interface as ha1? RegardsMike

add a second portal address to GlobalProtect (v5.2.12-26) on Mac

is there another way to add a second portal address to GlobalProtect (v5.2.12-26) on Mac, as I do not want to use a plist to add a second portal address to GlobalProtect.I want to be able to add the portal address via GlobalProtect?

security policies associated with dynamic address groups:

To configure security policies associated with dynamic address groups: Select Palo Alto Networks > Policies > Security. Click Add to create a new security policy rule. 3.In the User tab, enable known-user. Configure the other options to meet your security requirements. Click Commit to complete the configuration.

Resolved! Using Salt Proxy to edit password in config on Palo Alto firewall PA-220

Hi, I am trying to use Salt to automate a config upload process. The problem is that the salt module for palo alto, called panos, needs access to the firewall on tcp443. "The panos proxy leverages the XML API functionality on the Palo Alto firewall. The Salt proxy must have access to the Palo Alto firewall on HTTPS (tcp/443)." from salt.proxy.pa...

Register DNS between GP and Internal Network

Hello team, The problem we are observing is that when devices switch from a corporate internal network to Global Protect and vice versa they do not update their reverse DNS record with the new IP received; it is clear that it is a problem between the devices and the DNS, but we wanted to know if from the firewall there is any configuration opt...

Resolved! Networking or Dataplane apparent reload (5200 w/10.1)

I'm experiencing issues of what seems to be a "sudden restart" of all OSPF/OSPFv3 neighborship on a PA-5220/PanOS 10.1.6 firewall. I'm trying to pinpoint the root problem on my own, since our support contact (a partner, not PA's support) is taking the route that the problem is on OSPF neighbors' side, which is unlikely to be true, since it would...

Resolved! PA 220 initial setup

Hello, I am trying to setup a PA 220 from home. I have a BT connection but am using a TP link archer wifi hub I followed the instructions but didnt get a connection https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFkCAK any advice is welcome Please note you are posting a public message where community members a...

Resolved! QOS Config

Hi, I want to define separate profiles for upload and download for sub-interface, I couldn't succeed, can you help with the issue? (ip subnets and zone is correct) if the TEST_DOWLOAND RULE is top it working for dowloand qos but not working UPLOAD qos rule. if the TEST_UPLOAD RULE is top it working for UPLOADqos but not working DOWLOAN...

Resolved! PanOS 10.1 Clustering

Hello, I am used to configuring clusters on PanOs 8.x and 9.x. I am now configuring a new infrastructure based on PanOs 10.1.8. I have seen new options in "High Availability".1) Under "General" tab what is "Clustering settings" for?2) what is "Cluster Config" for? Thanks

Discussions