General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! Incorrect Rule Assignment UrlCategory Any

External ipaddress 23.35.182.93 is getting incorrectly mapped to a rule "Permit Intranet Sites".

The rule uses a Urlcategory for Intranet sites and the destination has trust/untrust zones with a negate on one specific destination address.

What might

...

Getting intermittent unknown UDP traffic logs

Hi All ,

I am having policy having application group and set services as application default .

Sometime policy is working fine but sometime its dropping packet and in logs showing application unknown UDP.

Could you please suggest any troubleshootin

...

Resolved! Fresh install on Ubuntu via apt won't login (ERROR CHECKING CREDENTIALS)

I've just followed the instructions (https://live.paloaltonetworks.com/t5/minemeld-articles/manually-install-minemeld-on-ubuntu-16-04/ta-p/253336) for setting up a fresh install of MineMeld on Ubuntu 16.04 LTS (on Azure, in this case). Followed ever

...

Resolved! can 2 interfaces have same security zone at the same time?

Will Firewall let me configure same security zone to 2 interfaces but make a decision to egress the traffic based on the route table?

TIA.

Resolved! Adding Routes via Windows

Hello, I'm attempting to add routes via cmd using the 'route' command but I'm encountering issues, none of my traffic is being passed by the gateway.

My intent is for a host (10.10.3.22 in this example) to egress out of R1 (10.10.3.250) to another ne

...

TCP Session Stuck and only manual clear of the session id solve the issue

Dear Community,

we are facing a strange behavior with a tcp flow that is meant to mount a volume on a linux server, from time to time, the session get stuck in the firewall causing an error while trying to mount the device, the topology is as follow:

...

Resolved! NTP server

hi guys,

i am lookin to config PA 5220 as a NTP server for my lan network, this whole network is completely off of internet.

is it possible to config if yes what are the steps.

I tried keeping the Primary and secondary NTP fields blank, but if want to

...

Resolved! HA config sync only manually possible: Commit not synchronized

Hey.

I enabled HA active-passive on a new 3220-pair. HA1a & b, HA 2 & HA backup are green and working fine so far. I can also do a manual sync, which works fine. In HA config i enabled config sync. The failover works fine too, as i tested it.

But it

...

BYOD Decryption

Has anyone been succesful in using decryption on a network where most computers are not on the domain? I am working at a school where all students are bringing their own devices so we cannot push decryption certificates through group policy.

Thank you

I can't see sufficient information on OpManager Dashboard

Hi everyone,yesterday we've installed OpManager in our company to monitor VPN Users of GlobalProtect,i've fully turned on everything on SNMP Side but somehow i can't see some of performance monitors like Active VPN Users,Active VPN SSL Tunnels,VPN Tu

...

WhatsApp Image 2020-03-20 at 10.45.28.jpeg

Web Security Gateway and PaloAlto NGFW

Hi If I have a palo alto firewall as a core firewall, should I still use a web gateway for internet access. I have all subscriptions.

Thanks

Resolved! dedicated HA interface

Hello, I would like to ask if there is some way to take a packet capture in ha dedicated interfaces I know how to do it in management interface and data plane interface but not found information about how to see the traffic in this interfaces, thak y

...

Resolved! Authentication issue

i have recently upgrade my firewall from 8.1.16 h3 to 8.1.13 h3. When the user connected with Global protect after sometime user is unable to access the application infect global protect show it's connected. when i saw in monitoring traffic it's sh

...

Resolved! Unable to download updates

Hello,

When i download the PAN-OS or content update getting below error:-

Troubleshooting performed from my side:-

I can see all the services are running via the management plane.
I checked the connectivity between the management interface and the inter

...

Enabling PFS for GP VPN Portal

Has anyone configured PFS on their Global Protect Portal?

Any snags? Is this even possible for the inbound connections to the portal?