General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! Undetected APP dependency?

Hi. So we ran into an issue and we're not sure if there's a missing app dependency in the Palo Alto db or if we're missing something.

What happened was, we migrated one Policy from port to APP-based. On the Apps seen it only had one detected app (

...

Question about Sub-interface in Virtual-System

Hi All,

Can we create two sub-interface in the one physical interface, and put them into two Virtual-System ?

Migrate Fortinet to palo alto

Hello,

We are planning to migrate from a Fortinet firewall to a Palo Alto Networks firewall. As this is my first time handling such a migration, I would greatly appreciate guidance from an expert on the step-by-step actions required.

NGFW

Security Profile Groups - How To Filter/Search in Security Policies

So I know you can search for individual AV profiles, URL etc. etc. but I want to search for Security Profile GROUPS in Security Policy screen. You can search on the Security Policy screen 'profile-setting/profiles/virus/member eq My-Virus-Profile' s

...

Resolved! HA active/active dual ISP load balancing

Hi all,

I am considering network design that have:

- Dual ISP (public IP /29 for each)

- 2 x PA with active/active HA

- PA connects directly to L2 networks (LAN)

Requires:

Load sharing between 2 ISP Internet links

Problems:

Is it possible to conf

...

Resolved! Is the Cloud Identity Engine required for filtering by Group when using Entra without LDAP?

I feel like I've read every document on this forum but I can't seem to find a solid answer to this question. I'm sure someone will link 4 other posts..... 臘‍♂️

I am using SAML Auth to Entra for GlobalProtect. I can auth to the Portal if I specify

...

Shutting down/disabling subinterfaces

I am very new to the PANOS world so I will apologize in advance if this is obvious, however my search of documentation and knowledebase did not yield anything. I have been looking for a way to administratively shut down sub interfaces. Is this possib

...

Join RQL query throwing Failed to execute RQL search . Illegal Argument

Hello team,

I am trying to execute the below join query in achieve the below output-

1. Only Service accounts that has have elevated roles (e.g., roles/owner, roles/editor)

2. Service accounts that have atleast one user-managed key

config from clou

...

Thoughts and experience with the Prisma secure browser

Hello Community,

I'm looking for general feedback on those who have or had used the secure browser for DLP. Things that work well, things that didnt, etc.

Just looking for non sales honesty on it. The purpose of its use would be to use the DLP fea

...

Resolved! Clone a Device Group?

Hi Guys,

I have Panorama with a few device groups; how do I clone one of them from GUI so I can do testing without impacting a production device group?

Thanks

Resolved! PA-200 Stuck in Maintenance Mode, attempting factory reset

I'm attempting to factory reset a PA 200 that was on the spares shelf.

The unit appears to be stuck in Miantenance mode, every reboot command boots in maintenance mode.

I attempted to execute the factory reset and the message I get is:

"No curren

...

Resolved! Redistribution UIA not working...... INTERNAL ERROR

Hi,

I configured a PA in order to redistribute UIA mappings to another FWs. All the config is OK but its not working.

I can see this in the FW redistributing:

(active)> show redistribution service status

Redistribution info:
Redistribution service

...

Resolved! Modify System Alerts

I'm wondering if it's possible to modify alerts in PAN-OS. We've enabled email notifications for critical alerts and I'd like to change one type in particular. Our firewalls begin sending alerts related to license expiration 30 days in advance. Is it

...

IpSec VPN Phase1 negotiation problem

Hi All,

I have two 4G router and two ipsec vpn tunnel. Routers are exactly same.

VPN configs are exactly same (except Ips) one tunnel up and running but other one failed at Phase1

It gives me "IKE phase-1 negotiation is failed. Peer\'s ID payload 192.

...

Resolved! Certificate question when importing configuration to a different model

I know you can import configuration snapshot from one model to another but what happens to the certificates? Does the certificates gets imported and still work just fine or do I need to generate a new CRS and import new certificates. Side note, the

...

Discussions