General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

error user in group mapping

Hello,

After upgrading to 8.1.X > 9.0.X > 9.1.x. we found that some ldap users do not check per user policies, only for ip politicies.

The firewall has no user-id configured, only tree server ldap.

we check that the firewall recognizes the Ldap tr

...

Resolved! Error when creating PBF Policy - IP does not match subnet

I want to create a PBF Policy in order to route traffic from one zone/interface destined for the Internet to a transparent intercepting squid proxy in another zone/behind another interface. Using a destination nat policy seems to work, but some other

...

Resolved! Device Certificates Intermediate Cert

Hello,

On Device>Certificate Management>Certificates - I have a IntermediateCert, under the RootCert, that is expiring. I can easily renew it, (It's self signed), but I'm trying to understand what its being used for. I haven't found any information th

...

Configure a Managed Palo Alto device when panorama server is unreachable

Hi,

I am planning to deploy Panorama server to manage 4 FW on main site and DR site with Panorama server installed on the main site in panorama mode.

I wanted to know if we can access and configure the FWs in the event of a communication failure or vi

...

Resolved! HA2 link down

The 20G link for HA2 between the two PA-5220 firewalls (Active-Passive cluster) does not work correctly. It is a direct link using single-mode fiber and 10G-LR optics with a length of approximately 550 meters.

After restarting any of the two firewalls

...

Does MineMeld support multiple values for a condition in a prototype config?

I am trying to setup one prototype where it's condition will accept indicators with share levels of both green AND amber. I don't want to create a seperate prototype for every share level combination of color and confidence..

I would like to just s

...

Outlook 2016 unable to open while on GlobalProtect

Anyone else experiencing issues with Outlook 2016 being unable to open while on GlobalProtect? We have sporadic windows 10 pc's with this problem and all windows 7 pc's have this issue. When we disable GlobalProtect and start Pulse Secure (our lega

...

Expedition 1.1.83 hangs during xml export

I'm trying to complete a cisco ASA to Palo Alto migration but Expedition seems to hang during the generation of the xml output. I've restarted jobs and task manger multiple times as well as updating Expedition and rebooting the vm itself. Below is th

...

google searched blocked

I have an issue that seems to only be affecting one user. They seemingly randomly get the block page when doing a google search. Looking at logs most searches are allowed but then I will see the occasional block-url. I think I have narrowed it down t

...

Resolved! GlobalProtect - Connecting before pre-logon

Hi Everyone,

We are experiencing an issue with some of our Windows 10 laptops where if the user connects before the pre-logon tunnel establishes at the Windows logon screen, then they are presented with a Global Protect error saying 'VPN Connection c

...

Global protect client not connecting in win10-1909

Hi all,

We are facing issue with global protect client 4.1.12-3

After windows 10 update 1909 patch. Not able to connect to any gateway.

It not getting any error. After entering credentials in global protect page page is disappearing.

Please help. Any

...

Resolved! Globalprotect Portal failure

I tried to replicate a Globalprotect portal setup from another site and it fails with the following message:

GlobalProtect portal(Kawailoa_Portal) setting is invalid: auth-profile exist(method none), client-cert-profile none(no username).
(Module: ssl

...

Resolved! PAN is missing EXPORT function

I was trying to export the config for the first time and found that in Device/Setup/Operations I see no option for Export. Digging in I think the problem may be that admins defined by AD group membership and authenticated via RADIUS appear to not be

...

Palo Alto and Captive Portal for Kerberos

HI all

We have a Palo Alto deployed in AWS and have a requirement to check for a users AD group before letting them into the network.

We cannot use User ID Agent as we are not allowed to set up connections to domain controllers as we have over 10 and t

...

Object xpath in PanOS config logs

In the PanOS GUI under Config logs there is column "Full Path", which shows the full xpath of the edited objects. However the "Full Path" is not part of the actual syslog Config message and I also can't find a customer "Full Path" field in the Custom

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

Discover LIVEcommunity Through Our New Animated Explainer Video!

error user in group mapping

Resolved! Error when creating PBF Policy - IP does not match subnet

Resolved! Device Certificates Intermediate Cert