General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Password Reset using Global Protect App without PreLogon

Has anyone been able to configure their firewall so that users will be able to change thier password via the global protect app while using LDAP for authentication and NOT using Pre-Logon

SSL inspection decrypt error from some client

Hello to all,

We have a linux website that we made working with inbound ssl inspection by disabling curve25519 / x25519.

Some clients report errors ( always showing as decrypt errors on the monitoring) accessing the site: by taking a networrk trace on

...

Adding multiple client certificate in Linux GP agent

Hi Community,

I have a requirement to add multiple client certificate into Linux GP config. Usually, whe we put 'globalprotect import-certificate --location <cert_location>', the existing client cert will be overridden with the new one and it will be

...

Resolved! TLS 1.3 Downgrade Detected error - PAN-OS 9.0.9

Hello Everyone,

I am running PAN-OS 9.0.9 on my PA-3020. When enabling SSL forward proxy and try to access google.com, I get the tls13_downgradedetected error on chrome. I get the same problem even when using other browsers but different error descrip

...

Resolved! GP parameter configuration using the registry / Msiexec: Internal Host det.

Hi,

while deploying Global Protect through LAN it is possible to configure some App settings using the Windows registry or msiexec like pre-deploy the IP address of a preferred Gateway for example.

Is it possible to configure internal host detection

...

PaloAlto VM Tools VIX_E_TOOLS_NOT_RUNNING using PowerCLI to Invoke-VMScript

Trying to configure my PaloAlto Firewall (PA-VM-ESX-9.0.0) using PowerCLI scripting, no issue creating & deploying VM, setting up PortGroups, and starting PA VM. Needing to perform IP configuration scripting to complete the setup of the PA VM, so ju

...

Resolved! Shadow Rule Warning

Hi,

Recently I upgrades my firewall from PANOS 8.0.10 to 8.0.17. The upgrade went fine. However, after making a small configuration change (adding a new address object), my commit showed a Shadow Rule warning.

The warning is associated with a rul

...

C&C threat from outside 45.9.148.91 similar Shodan Malware hunter ?

Hi Live community,

recently when investigating a false positive C&C threat blocked from "shodan malware hunter" I was pleased to see others had posted into this community about this. In the past 24 hrs we have 2 SIEM alerts for C&C outside to publical

...

Palo Alto Virtual Firewall

Dear Friend,

Can you anybody advice me on palo alto multi vsys capability issues and currently contests of this technology? If one virtual instance compromise how we can make sure it not impact to other vsys ? How multi vsys behaviour on privileged e

...

Filter out whatsapp video only from PA220

Hi,

Is it possible to Filter out whatsapp video only from PA220, or of there is a workaround solution to allow only Text and Images on a PA220
We have business need to use whatsapp text and Images only

Thank you

Resolved! Region-to-IP mappings

We have noticed wrong region mappings for ABC 3G public range that is detected on Palo Alto as Armenia country.

Please advise on how to update/fix the mappings dynamically through updates.

Although IP belongs to Iraq on public databases

Content update

...

Resolved! GlobalProtect App Dynamic Configuration misses information for 'show-system-tray-notifications'

Hi!

Got a bit of a puzzling issue: This morning was committing a change when I got this mysterious error :-

"GlobalProtect App Dynamic Configuration misses information for 'show-system-tray-notifications'"

... repeated for each of the GlobalProtect port

...

Resolved! ipsec question

Hi

So i have my public interface ae1.10

I attached a ikev2 interface to that and attach it to tunnel.50

no the other side of the ipsec tunnel are providing 192.168.10.0/24 and I am providing 192.168.250.0/24

do I have to place a static route in the v_

...

Resolved! HA config sync

Hi guys,

I wanna know the Comment column under Network---Interface tab synchronizes when PA is set up as Active- Passive HA?

I assumed it wont, and made some changes in comments coloumn and later found out it got synced.

I referred the PA document:

htt

...

Seeing these errors in my log pan_packet_diag.log

Hi

seems to be filling up my log file ? I have no idea

2020-07-04 12:09:26.595 +1000 Error: pan_cfg_url_policy_need_hdr_insrt_log(pan_cfg_url_policy.c:274): url_profile (nil), cfg available: 1
2020-07-04 12:09:26.595 +1000 Error: pan_cfg_url_policy_

...

Discussions