General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Azure CDN (Edge Nodes) list

Hi,

I have been asked to import a new IP list within Minemeld; the Azure CDN (edge nodes list).
To retreive the list, I have the API documentation here: https://docs.microsoft.com/en-ca/rest/api/cdn/edgenodes/list

I am only a beginner when it comes to

...

Resolved! Palo alto decryption issue

We have an issue with a thick client application (AWS Workspaces client) connecting successfully to the AWS workspace over the internet. The palo alto firewall logs shows the traffic is allowed but the type is 'deny' instead of 'end'. Also session en

...

Revoked Machine Certificate still able to Connect Global Protect Gateway

It appears possible to configure the firewall to be an OCSP responder to itself/clients from the posts below? Is that correct? (Specifically referring to self-signed certificates generated on the firewall) If so, is there any risk to having this se

...

Resolved! DNS Proxy - invalid EDNS response

Hi all,

I'm having a issue with the DNS Proxy feature. I'm running a Palo Alto VM (9.1.8) in Azure and want to use the VM as DNS Proxy. As default DNS Server, I want to use AZURE DNS 168.63.129.16. Additionally I have some Proxy Rules for internal Do

...

Test URL -> Operation Failed: URL access error

Ive been reading this forum for similar problems, but seems I have different problem.

I must say I had difficulties building this, but now this seems to be the last obstacle.

So I got minemeld up and running and its able to get feed and I can access th

...

Resolved! DNS proxy sharepoint domain issue when cache enabled

Hi there, i have some issues with my firewall when using dns-proxy with enabled cache. I cannot resolve sharepoint domains e.g. bitmix.sharepoint.com, but when I disable the cacheoption everything works fine.
Does someone have any suggestion how I cou

...

Pallo Alto Version 10 show transceiver command for SFP check/troubleshooting

Before only the "show system state filter xxx" ( https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaMCAS ) was used to check issues with SFP but in version 10 the show transceiver is here and this is great 

https://docs.pal

...

URL Filtering Clarification - Wildcards behavior (implicit match on the rear of the URL)

Figured I'd share this here as I already have on another platform. Been using PanOS for ~8 years and came across something with URL filtering and wildcards. URL filters with wildcards will match on the front, and back of the URL(implicit), if you

...

W10 Slow Logon when WWAN Card Installed

Has anyone else seen this?

Global Protect Split Tunnel exclude video traffic issue

Hi All,

I have an issue I am not sure how to address. I have "Exclude video traffic from the tunnel" enabled on the GP gateway. When a user connects and tries to watch a video on our wordpress intranet site, http:/myintranetsite/somevideo embedded in

...

FQDN address object maximum length limit...

Hi Team,

What is the maximum length limit for fqdn address object, Is it possible to increase this default length?

Thanking You!!!

Resolved! Due to Open SSH Denial of Service vulnerability firewall dropping random connections

Hi Guys,

Large number of connection attempts made which is normal as per the server team but firewall is considering it vulnerability and dropping the random connection to the server. After getting 3 to 4 successful execution in the same session it g

...

Failover in NAT

We have a configuration to balance two NAT destinations, in the Translated Address we have a group with the two IP destination

We need to performing a failover if NAT # 1 192.168.251.21 stops working, passing to NAT # 2 192.168.251.22.

When the IP # 1

...

Resolved! Does Paloalto Firewall support autoconfig for IPv6 interface

In my environment, I have 1 ADSL router supply IPv6 prefix, It working well with my IPv6 laptop and can go through internet using prefix from router + generated interface id.

Does Paloalto support autoconfig for IPv6 interface? I need it because my r

...

Resolved! Panorama > Policies > Security > Post Rules > Zone field has a red background

Hi there

Why does the zone in the screenshot appear with a red background?

It is the same when browsing direct to the FW itself.

There is an interface in the zone with a subinterface.

Both main and subint are up.

IP address configured on the subint

The int

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

Discover LIVEcommunity Through Our New Animated Explainer Video!

Azure CDN (Edge Nodes) list

Resolved! Palo alto decryption issue

Revoked Machine Certificate still able to Connect Global Protect Gateway

Resolved! DNS Proxy - invalid EDNS response

Test URL -> Operation Failed: URL access error

Resolved! DNS proxy sharepoint domain issue when cache enabled

Pallo Alto Version 10 show transceiver command for SFP check/troubleshooting

URL Filtering Clarification - Wildcards behavior (implicit match on the rear of the URL)

W10 Slow Logon when WWAN Card Installed

Global Protect Split Tunnel exclude video traffic issue

FQDN address object maximum length limit...

Resolved! Due to Open SSH Denial of Service vulnerability firewall dropping random connections

Failover in NAT

Resolved! Does Paloalto Firewall support autoconfig for IPv6 interface

Resolved! Panorama > Policies > Security > Post Rules > Zone field has a red background

Does Palo Alto provide free exam vouchers for their customers?

Is there any way to apply multiple interface management profiles

THREAT MAP on GUI is unable to export

GlobalProtect Machine account exists with device serial number config

Identifying Source IP Addresses for Routing Palo Alto Firewall Logs to an Azure Collector via IPSec Tunnel

Re: CLI - Basic to Advance PAN-OS 11.1

Re: flow_tcp_non_syn_drop - packet capture on this counter?

Re: IP Wildcard Mask Address Objects

UserID periodic empty groups issue

Re: Does Palo Alto provide free exam vouchers for their customers?

Unlock your full community experience!

Resolved! Palo alto decryption issue

Resolved! DNS Proxy - invalid EDNS response

Resolved! DNS proxy sharepoint domain issue when cache enabled

Resolved! Due to Open SSH Denial of Service vulnerability firewall dropping random connections

Resolved! Does Paloalto Firewall support autoconfig for IPv6 interface

Resolved! Panorama > Policies > Security > Post Rules > Zone field has a red background