VLAN Insertion and subinterface - VLAN1

Hi, I'm new to the community and am trying to assist a customer as they work on a PAN and SW integration for an industrial setup. Customer has setup a L2 network between different industrial devices that seat in different VLANs and are all connected

Celebrate CX day - A day all about YOU!

Today, October 5th is Customer Experience Day (CX) day, so the LIVEcommunity wants to celebrate you!

Join the conversation down below and let us know:

What does customer experience mean to you?

Find out what some Palo Alto Networks had to da

How to delete vsys and its associated objects on the Firewall and Panorama

Hello -

I found this article, but it seems fairly outdated:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaFCAS

Is there an updated version?

Regarding threat visibility not being shown.

We have deployed Palo Alto in tap mode to get traffic visibility, we have configured PA VM 100 with active trial license,  We have visibility of Traffic logs but the threat logs are not visible. 

In policy configuration for tap mode we also have assig

How to get defaults for custom application through the API

I am trying to read the details for all FARs, through the API, and I hit some rules that specify "application-default".  I finally figured out how to get the application data, by querying the API with type=config&action=get&xpath=/config/predefined/a

Users and group mapping

Hello everybody!


Sometimes users' group memberships are not recognized by the firewall integrated user id agent. In the useridd.log we see this message:


2019-03-29 10:12:45.317 +0100 Warning: pan_user_group_user_prime_uid_lookup(pan_user_group_multi_at...

Help needed for odd situation: Expired licenses interfering with commit?

Here's my situation:

We were planning a new firewall installation, but that got some major delays after the start of the pandemic. Now I've noticed that we no longer have a support contract for our PA-5050 cluster (no doubt not renewed because we exp

2 NAT rules on device

Can anyone tell me the pros and cons of having two nat rules for one device?

PA-3020 - Error: Threat database handler failed - Commit failed

Hi,

Our Palo Alto has been rock solid for years, but last friday we realized we are unable to commit changes. 

We're pretty sure it started happening with the release of content package version 8462-6955. 

We hoped this was a one-off and the next upgr

One IPSec SA Stops Passing Traffic

I have a B2B tunnel with a business partner.  There are 22 proxies, all defined host-to-host.  The VPN peer is a Cisco firewall, I'm not sure of the model.  Phase 2 lifetime is 8 hours.  One particular SA stops sending and receiving traffic at each P

Want to allow only gmail and block all other internet access with Palo alto firewall

Hello,

I want a suggestion regarding my scenario. I want to allow my employees full Gmail access(i.e they can receive sent email, attach file to email, download attachment etc) but all other internet access will be blocked. they wont be able to use

error while generating PDF from ACC tab in PA3230

prior to few days ahead we were able to download PDF report from ACC tab in Palo Alto but as of now while downloading the report, i can't download the PDF, it gets stuck.