General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

What does your general day-to-day running of your PAN environments look like

Hi Gang,

We have Palo Alto Panorama and Firewalls and yes all going smoothly, however, It is not the end once it is up and running.

So I am keen to read on all what you do in the daily administration of your PAN environments. All I have really, in ter

...

Resolved! Query on PA acting as load balancer

We are using VM-100 and would like to use this as a load balancer for our Web services.

We have checked the link below and would like to know if this EMCP load balance incoming traffic to Web servers? Or does this just load balance egress traffic bet

...

How to configure a PBF rule in shared gateway

Hi community,

I want to configure a PBF rule in a shared gateway but i don't know how, can you give me an example for this?

How to retrieve and use Data Collection for Global Protect?

Q: I'm using a PA-3020; is there any default data collection gathered with the GlobalProtect VPN client/agents, or do you have to provide custom registry keys to scan for Windows?

And where can you actually find the information being gathered?

Resolved! Differnece between Threat Prevention Licenses

Hello everyone,

In our environment, we deploy both PA-220's and PA-220R's in the field. Sometimes they are deployed in HA pairs.

I noticed that there's two different types of Threat Prevention license available.

PA-220 (Non Redundant setup)

Mfg. Par

...

Resolved! GP client asks to downgrade

Hello,

We have PAN OS 8.0.3 with the GP client version 4.0.2 deployed to our clients. This works fine. I've downloaded GP version 4.1.0 on my machine and when I connect it asks me to downgrade to an older version. We haven't uploaded any GP client to

...

Resolved! Panorama Logging Behind

Hi all,

The issue that I am having is that all my firewall logs in Panorama are behind in time. I have tried multiple KB articles and support basically went through all the KB articles I found such as restarting the management service, stopping and

...

How to drop or reject an OSPF route in PA 3000 series if it receives a route from another vendor FW

In the data center end, the Cisco ASA firewall is advertising the OSPF route and at the perimeter end Palo alto receives the route, and PA will be forward that route toward Internet communication.

Expectation, if any, specific route received by Palo

...

Resolved! Logging Discarded Traffic

Hello,

I had recently had an issue where I had to move a syslog server behind a cluster of PA-5250.

This syslog server receives logs from different equipements (~ 100GBytes per day) so there is an enormous amount of udp syslog events received by this s

...

Resolved! How to see all the set commands for an IPsec tunnel?

I need to get the display set of all the commands for an IPsec tunnel, like I'd do with a Juniper SRX, but get no return whenever I try to see the commands set for the tunnel. Seems like the tunnel hasn't even been configured, but it shows under ike

...

WebEx prototype

I'm trying to create a custom prototype to get the CIDRs from https://help.webex.com/en-us/WBX000028782/Network-Requirements-for-Webex-Teams-Services#Spark%20IP%20subnets%20for%20media/

I used the examples in https://live.paloaltonetworks.com/t5/

...

Global Protect Client Error "Failed to get default route entry"

Hi,

Has anyone seen this error before?

I have a user who is using SSL VPN to the Palo Alto. Upon downloading the client, the initial connection works.

However, subsequent connections displays an error on the client "Failed to get default route

...

PA-5050 (8.1.11) 100% Dataplane CPU (DP1)

Hi everybody,

We got two Palo Alto 5050's running in an active-passive configuration. We run three separate vsys. During working hours we see our dataplane exceed the 80% cpu util. Our dataplane DP0 shows a load of around 40% but our DP1 is maxing ou

...

Resolved! Error Setting up IKE Gateway: ID type and value must be specified

I'm very new to PAN equipment and am trying to get a site-to-site VPN setup on a PA-820 running 8.0.2 but am running into a pair of similar errors when trying to configure the IKE gateway.

The following commands:

set network ike gateway XY1-Z1 peer-...

ServiceNow and Palo Alto Integration

Hello guys, I'm looking for configuration guide for SNOW and Palo Alto integration. If anyone have any doc or article, please share.

Thank you,

John