General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 1, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Global Protect Enforcing VPN

Hello,

I need to enforce VPN so users will not be able to access Internet unless tunnel is establish or wired corporate network is connected. Users should also be required to supply credentials and MFA every time the tunnel is built when accessing fr

...

Password Reset using Global Protect App without PreLogon

Has anyone been able to configure their firewall so that users will be able to change thier password via the global protect app while using LDAP for authentication and NOT using Pre-Logon

SSL inspection decrypt error from some client

Hello to all,

We have a linux website that we made working with inbound ssl inspection by disabling curve25519 / x25519.

Some clients report errors ( always showing as decrypt errors on the monitoring) accessing the site: by taking a networrk trace on

...

Adding multiple client certificate in Linux GP agent

Hi Community,

I have a requirement to add multiple client certificate into Linux GP config. Usually, whe we put 'globalprotect import-certificate --location <cert_location>', the existing client cert will be overridden with the new one and it will be

...

Resolved! TLS 1.3 Downgrade Detected error - PAN-OS 9.0.9

Hello Everyone,

I am running PAN-OS 9.0.9 on my PA-3020. When enabling SSL forward proxy and try to access google.com, I get the tls13_downgradedetected error on chrome. I get the same problem even when using other browsers but different error descrip

...

Resolved! GP parameter configuration using the registry / Msiexec: Internal Host det.

Hi,

while deploying Global Protect through LAN it is possible to configure some App settings using the Windows registry or msiexec like pre-deploy the IP address of a preferred Gateway for example.

Is it possible to configure internal host detection

...

PaloAlto VM Tools VIX_E_TOOLS_NOT_RUNNING using PowerCLI to Invoke-VMScript

Trying to configure my PaloAlto Firewall (PA-VM-ESX-9.0.0) using PowerCLI scripting, no issue creating & deploying VM, setting up PortGroups, and starting PA VM. Needing to perform IP configuration scripting to complete the setup of the PA VM, so ju

...

Resolved! Shadow Rule Warning

Hi,

Recently I upgrades my firewall from PANOS 8.0.10 to 8.0.17. The upgrade went fine. However, after making a small configuration change (adding a new address object), my commit showed a Shadow Rule warning.

The warning is associated with a rul

...

C&C threat from outside 45.9.148.91 similar Shodan Malware hunter ?

Hi Live community,

recently when investigating a false positive C&C threat blocked from "shodan malware hunter" I was pleased to see others had posted into this community about this. In the past 24 hrs we have 2 SIEM alerts for C&C outside to publical

...

Palo Alto Virtual Firewall

Dear Friend,

Can you anybody advice me on palo alto multi vsys capability issues and currently contests of this technology? If one virtual instance compromise how we can make sure it not impact to other vsys ? How multi vsys behaviour on privileged e

...

Filter out whatsapp video only from PA220

Hi,

Is it possible to Filter out whatsapp video only from PA220, or of there is a workaround solution to allow only Text and Images on a PA220
We have business need to use whatsapp text and Images only

Thank you