General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

How to configure a PBF rule in shared gateway

Hi community,

I want to configure a PBF rule in a shared gateway but i don't know how, can you give me an example for this?

How to retrieve and use Data Collection for Global Protect?

Q: I'm using a PA-3020; is there any default data collection gathered with the GlobalProtect VPN client/agents, or do you have to provide custom registry keys to scan for Windows?

And where can you actually find the information being gathered?

Resolved! Differnece between Threat Prevention Licenses

Hello everyone,

In our environment, we deploy both PA-220's and PA-220R's in the field. Sometimes they are deployed in HA pairs.

I noticed that there's two different types of Threat Prevention license available.

PA-220 (Non Redundant setup)

Mfg. Par

...

Resolved! GP client asks to downgrade

Hello,

We have PAN OS 8.0.3 with the GP client version 4.0.2 deployed to our clients. This works fine. I've downloaded GP version 4.1.0 on my machine and when I connect it asks me to downgrade to an older version. We haven't uploaded any GP client to

...

Resolved! Panorama Logging Behind

Hi all,

The issue that I am having is that all my firewall logs in Panorama are behind in time. I have tried multiple KB articles and support basically went through all the KB articles I found such as restarting the management service, stopping and

...

How to drop or reject an OSPF route in PA 3000 series if it receives a route from another vendor FW

In the data center end, the Cisco ASA firewall is advertising the OSPF route and at the perimeter end Palo alto receives the route, and PA will be forward that route toward Internet communication.

Expectation, if any, specific route received by Palo

...

Resolved! Logging Discarded Traffic

Hello,

I had recently had an issue where I had to move a syslog server behind a cluster of PA-5250.

This syslog server receives logs from different equipements (~ 100GBytes per day) so there is an enormous amount of udp syslog events received by this s

...

Resolved! How to see all the set commands for an IPsec tunnel?

I need to get the display set of all the commands for an IPsec tunnel, like I'd do with a Juniper SRX, but get no return whenever I try to see the commands set for the tunnel. Seems like the tunnel hasn't even been configured, but it shows under ike

...

WebEx prototype

I'm trying to create a custom prototype to get the CIDRs from https://help.webex.com/en-us/WBX000028782/Network-Requirements-for-Webex-Teams-Services#Spark%20IP%20subnets%20for%20media/

I used the examples in https://live.paloaltonetworks.com/t5/

...

Global Protect Client Error "Failed to get default route entry"

Hi,

Has anyone seen this error before?

I have a user who is using SSL VPN to the Palo Alto. Upon downloading the client, the initial connection works.

However, subsequent connections displays an error on the client "Failed to get default route

...

PA-5050 (8.1.11) 100% Dataplane CPU (DP1)

Hi everybody,

We got two Palo Alto 5050's running in an active-passive configuration. We run three separate vsys. During working hours we see our dataplane exceed the 80% cpu util. Our dataplane DP0 shows a load of around 40% but our DP1 is maxing ou

...

Resolved! Error Setting up IKE Gateway: ID type and value must be specified

I'm very new to PAN equipment and am trying to get a site-to-site VPN setup on a PA-820 running 8.0.2 but am running into a pair of similar errors when trying to configure the IKE gateway.

The following commands:

set network ike gateway XY1-Z1 peer-...

ServiceNow and Palo Alto Integration

Hello guys, I'm looking for configuration guide for SNOW and Palo Alto integration. If anyone have any doc or article, please share.

Thank you,

John

Cisco ASA to Palo Alto

Hi Team, we recently migrated from cisco ASA to Palo Alto 3220, where for one of the policy in cisco ASA has " access-list inside-egress extended permit ip any any", And this access-list is attached to the access-group to the interface "inside". as y

...

policies

I have created two policies with the same zones

the first rule I have added any source and any destination profile alerts.

the second rule I have added any source and any destination profile outbound

Group

In Monitor logs, I seem the traffic is not hi

...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

How to configure a PBF rule in shared gateway

How to retrieve and use Data Collection for Global Protect?