General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

decryption error - response page not displaying to user

Hi

We have set a new decryption profile that is hardened to a new 10.0.6 PA 3250.

Most things seem ok however when we go to the guardian website we just get a this site cant be reached page. It would be great if the user got a response page saying dec

...

Regarding logrcvr during commit in PA box.

PAN os 10.1.0 has been installed and deployed in HA(Active/Passive), while making commit after new policy creation or modifying existing policy, I got error as "client logrcvr phase 1 failure, configuration is invalid".

Resolved! PANOS 9.1.11 able to support PANOS 9.0.13 (PA-5220), 8.1.19 (PA-5020) and 8.1.16?

Would like to know whether Panorama software PANOS 9.1.11 will be able to support the PANOS 9.0.13 (PA-5220), 8.1.19 (PA-5020) and 8.1.16? Is it PANOS 9.1.11 is the stable version?

Log space

Hi - I know there are plenty of discussion about log size - but I don't think anything answers my query.

We installed out Palo Altos (2x 4050s) at the weekend. They sit between our internal datacentres and the rest of the customers network - so they a

...

Resolved! A customer has a question about the pa-5220 they are using.

1. Customers want to use nat. How many ips can be assigned to snat and dnat respectively?
https://www.paloaltonetworks.com/products/product-comparison?chosen=pa-5220,pa-3260
According to the address above, pa-5220 can use up to 6000 nat rules, I wonder

...

Signature Policy in Anti Spyware Profile

What does Signature policy in Anti Spyware do, and what does "Default" in Action do.

How do i get a new employee added to the contract

How do i get a new employee added to the contract.
Telstra CSP = 158687
Telstra NSP = 178860

No packet capture files are generated on pa-3060 that customers are using.

Hello.

I have been contacted by a customer that there is a problem with packet capture.

I know that executing a packet capture command triggers packet capture, and generating a pcap file containing captured packets is generated when the traffic you wa

...

Resolved! PAN-OS GP SSL Cipher Selection

PAN-OS 8.1 seems to lack the capability to perform fine-grained configuration of cipher suite selection and prioritization for GlobalProtect VPN functions.

I ran a fairly detailed SSL functionality assessment on a configured TLS v1.2-only GP gateway

...

Resolved! MS Autodiscover Flaw - Vulnerability

Hi All,

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers

Domains that we need to block are listed here:

...

Resolved! Template Variable IPv6

Hi All,

Does anyone know how to configure an IPv6 address as a template variable? As soon as I put a : in the CSV it throws a fit when importing it.

Thanks,

Kev

Resolved! Block and Allow internet access for VLAN in switches sitting behind PA FW

Hi Support,

We have configured additional VLAN in our cisco core switches sitting behind PA FW.

I want to allow and block internet in certain VLAN, eg VLAN7 to allow and VLAN70 in the switches to block internet access.

Any procedures and where to check

...

Resolved! Where to Write Security Policies with a Site-to-Site VPN

Hello,

We have a pair of 3200s on our main site, and have added an 820 at a remote site to bring up an IPSec tunnel between the two.

When I initially set the remote site up, I decided to have all the security policies controlling what access the remote

...

Does NAT64 works for inbound NAT

Currently we have configured inbound NAT for DMZ application which is on ipv4. Public ip used for it is ipv4.

Due to some requirement client from outside network will be coming from ipv6 public ip to access the application. In this case our nat is no

...

Is my firewall hacked already ?

I have a PA3020 with 7.0.5-h2 PAN-os version. I noticed that it have a lot of DNS traffic sent to strange IP address.

when I running

show system resources command.

I found strange process nginx and two syslog-ng there. Is it normal, how to get rid

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

Discover LIVEcommunity Through Our New Animated Explainer Video!

decryption error - response page not displaying to user

Regarding logrcvr during commit in PA box.

Resolved! PANOS 9.1.11 able to support PANOS 9.0.13 (PA-5220), 8.1.19 (PA-5020) and 8.1.16?

Log space

Resolved! A customer has a question about the pa-5220 they are using.

Signature Policy in Anti Spyware Profile

How do i get a new employee added to the contract

No packet capture files are generated on pa-3060 that customers are using.

Resolved! PAN-OS GP SSL Cipher Selection

Resolved! MS Autodiscover Flaw - Vulnerability

Resolved! Template Variable IPv6

Resolved! Block and Allow internet access for VLAN in switches sitting behind PA FW

Resolved! Where to Write Security Policies with a Site-to-Site VPN

Does NAT64 works for inbound NAT

Is my firewall hacked already ?

Combining IP and URL EDL on Rules

Manufacturing Number on a SPF LX module

Better solution for remote access

flow_tcp_non_syn_drop - packet capture on this counter?

PA-820: Cable Type/Lengths and HA Port Questions

Re: flow_tcp_non_syn_drop - packet capture on this counter?

UserID periodic empty groups issue

Re: Software NGFW Credits

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Re: SAML Authentication Profile not popuating IdP Server Profiles

Unlock your full community experience!

Resolved! PANOS 9.1.11 able to support PANOS 9.0.13 (PA-5220), 8.1.19 (PA-5020) and 8.1.16?

Resolved! A customer has a question about the pa-5220 they are using.

Resolved! PAN-OS GP SSL Cipher Selection

Resolved! MS Autodiscover Flaw - Vulnerability

Resolved! Template Variable IPv6

Resolved! Block and Allow internet access for VLAN in switches sitting behind PA FW

Resolved! Where to Write Security Policies with a Site-to-Site VPN