General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Unable to register a used PA-500 Firewall

Hey,

I recently bought a PA-500 Firewall on eBay for testing in my Lab. Unfortunately, I can’t register it at Palo Alto Website, because it is already registered. So I can’t get access to resources like Firmware-Upgrades or even get access to a LAB-L

...

Resolved! AE Interface State when Connected to Switch LAG

I'm working on an HA project, but can't get the interfaces to negotiate.

2 x PA-3220 v8.1 2 x Dell N4032F switches latest recommended firmware

The firewalls are setup for active/passive HA and the switches are configured for MLAG and have a LAG se

...

Integration with Azure Sentinel and getting the Single Ip address

Team,

Recently integrated minemeld with Azure sentinel, but the feeds we receive are Ip address ranges such as 18.18.0.0- 18.18.0..x. How to get the single Ip Address from this range.

HTTP Content Securty Policy validation possible with PAN?

Hi Community,

I recently got tricked by my web-browser, denying me access to my monitoring satellites.

After I looked into the issue, I noticed, that the vendor got a wrong implementation of content security policy, so my Web-Browser blocks these kind

...

Resolved! Want to upgrade only Panorama to panos 9.0

In PAN OS 9.0 multiple URL category feature is added(high, medium and low risk category).

Is there any issue if we only upgrade panorama to 9.0 and not a managed firewalls ?

We should not face configuration or commit issue as panorama and firewall will

...

User-ID redistribution adding IP's to dynamic address groups?

Firewall B which is receiving user-ID from another firewall A using redistribution, and it seems to be adding dynamic IP's as well.

Below is the output from firewall B, after i cleared registered IP's. And firewall B does not have any mechanism confi

...

Ipsec Tunnel Failover issue

We have a PA-3020 firewall pair that has multiple IPsec tunnels to a VM series pair in AWS. We have 4 IPsec tunnels that we run to the firewalls. They are:

Tunnel A - On Prem to AWS FW1 over Direct Connect
Tunnel B - On Prem to AWS FW2 over Direct Con

...

Resolved! Lock down VPN for certain users

I am fairly new to Palo Alto so please forgive me if this is a simple answer or answered somewhere else.

I have a requirement to lock down our Global protect for our vendors. Here is what I have.

I have group mappings and User-ID mappings set up and wo

...

Resolved! Trunked interfaces spanning multiple interfaces

Hi,

I'm relatively new to Palo Alto firewalls - does anyone know if this is possible? Firewall needs to control traffic between VLAN10/Internet, VLAN20/Internet & between VLAN10/VLAN20.

Thanks in advance.

refresh connection option in GP agent allowing users to disconnect GP

We disallowed users to disable global protect app in Portal > app configuration setting , but still due to refresh connection option user able to disconnect GP and using local internet for browsing.

We don't want to disable GP icon from system tray du

...

Resolved! Does Palo Alto do NAT before doing Policy Based Forwarding

Hello Folks,

I'm trying to set up my Palo Alto to do Policy Based Forwarding.

Does PA do NAT before Policy Based Forwarding???

I've created Policy based forwarding to send traffic to an interface, if it is sourced from an address. 10.0.0.0/24

BUT it'

...

Resolved! Panormoa - HA (Panoroma Mode) on VM minimum log disk size requirement

I went through the specification and found that minimum required log disk size is 2TB and then can be increased by factor of 2. Is it the strict minimum requirement or can we set up panorama ( Panoroma mode) with log disk lesser than 2TB ( e.g. 700GB...

Workaround for GPC-9415 Issue ID

Hi Team,

Just want to know whether is there any workaround for the mentioned GPC issue ID.

Issue ID : GPC-9415 (For the GUI version of the GlobalProtect app for Linux, SAML authentication with Microsoft Azure does not work on Ubuntu 1804 or greater v

...

'decrypt-unsupport-param' error for outbound traffic

We are seeing alternate denies on the firewall with reason- decrypt-unsupport-param and tcp-rst-from-server when a user tries to connect over SSL to a URL. The detailed log view shows type-vulnerability action-alert but traffic is denied by implicit

...

Resolved! how to create policy and how to identify which ports are being used on PAN

Hi Guys,

I am new to Palo Alto. I recently joined the firm and they are using any any as policy for internal to Public, Internal to WAN zone. My tasks is to identify the ports which are being used and apply the ACL.

My question to experts is how to f

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Unable to register a used PA-500 Firewall

Resolved! AE Interface State when Connected to Switch LAG

Integration with Azure Sentinel and getting the Single Ip address

HTTP Content Securty Policy validation possible with PAN?

Resolved! Want to upgrade only Panorama to panos 9.0

User-ID redistribution adding IP's to dynamic address groups?

Ipsec Tunnel Failover issue

Resolved! Lock down VPN for certain users

Resolved! Trunked interfaces spanning multiple interfaces

refresh connection option in GP agent allowing users to disconnect GP

Resolved! Does Palo Alto do NAT before doing Policy Based Forwarding

Resolved! Panormoa - HA (Panoroma Mode) on VM minimum log disk size requirement

Workaround for GPC-9415 Issue ID

'decrypt-unsupport-param' error for outbound traffic

Resolved! how to create policy and how to identify which ports are being used on PAN

On premise RSA MFA setup.

No ping reply via Palo to Palo S2S

PA not be able to access internet

SSO Palo Alto Support Portal

IPv6 on public interface

SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: ACC shows ipv6 addresses in source/destination IP

Re: Howto delete sub-interace from cli

Unlock your full community experience!

Resolved! AE Interface State when Connected to Switch LAG

Resolved! Want to upgrade only Panorama to panos 9.0

Resolved! Lock down VPN for certain users

Resolved! Trunked interfaces spanning multiple interfaces

Resolved! Does Palo Alto do NAT before doing Policy Based Forwarding

Resolved! Panormoa - HA (Panoroma Mode) on VM minimum log disk size requirement

Resolved! how to create policy and how to identify which ports are being used on PAN