General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 1, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

AI-ops BPA is not giving correct results after techsupport file analysis

Hi,

After my Palo account manager encouraged me to use the AI-Ops page, I uploaded the most recent techsupport file and carried out an on-demand BPA.

Some of the findings / recommendations are already done within our box. For eg: it says to ensure t

...

Resolved! PSE-Cortex-Pro-24: Palo Alto Networks Systems Engineer Professional - Cortex

Hi All

I am appearing for the examination in Nov'24 related to PSE-Cortex-Pro-24: Palo Alto Networks Systems Engineer Professional - Cortex certification. Unfortunately, I cannot find the course materials in Palo Alto Website.

therefore, requ

...

User-ID Self-Signed Certificate expire with local users

Hello,

I have an important question regarding User-ID Self-Signed Certificate expires on 18 NOV 2024

https://live.paloaltonetworks.com/t5/customer-advisories/update-to-additional-pan-os-certificate-expirations-and-new/ta-p/572158

What I understoo

...

reconnaissance protection alert search

We have alerts set up but I need to search for the alerts but what is the search string

Clean Firewall Policies

Hello all,

I am thinking of how can i clean/organize my firewall policies. Many rules seem to be mixed up within each other. Do you have any suggestions to make it more appealing to the eye? How should I organize my rules?

A question about PAN-240612

Hi,

I have a question about PAN-240612.

=====

Fixed a kernel panic caused by a third-party issue

=====

What feature does this issue relate to?

And what exactly is “third-party”?

BR

Resolved! How to configure gre over ipsec？

Hello

For example, some implementations require multicast traffic to be encapsulated before IPSec encrypts it. If this is a requirement for your environment and the GRE tunnel and IPSec tunnel share the same IP address, Add GRE Encapsulation when yo

...

Palo Alto Academies

Good Afternoon,

How do you apply for the academies listed in the early careers section of the main website?

Resolved! Perimeter FW in A/P HA directly connected to Palo Alto vwire in A/A HA

the basic topology is:

Internet FW are non-palo alto in HA A/P directly connected (no switch in between) to a pair of Palo Alto in A/A HA -in Vwire mode (no Layer 3 on the Palo Alto but in transparent-zone)

then Palo Altos in A/A HA are connected to

...

x-forwarded-for IP not appear in traffic log

Hello everyone,

I have enable x-forwarded-for in PA.

When I look at the pcap from PA, I see the ip address

but from monitor log traffic, collum x-forwarded-for ip is empty

Please your help.

Thank you

pa-410 lost monitor log function and ACC function

I have a PA410. After upgrading the software recently, I found that the original monitoring log has reduced a lot of functions, and even the ACC function has been lost.

I checked the website information and found that this function was cancelled after

...

Resolved! Telemetry error - CDL Receiver Key Empty

Hi All,

We have a client who all of a sudden started to receive the following telemetry error - 'CDL Receiver Key Empty' on PA-440. No changes have been made. Currently running PAN OS 10.1.2. They are not using CDL and are just sending Telemetry dat

...

Resolved! UNABLE TO PING MANAGEMENT INTERFACE FROM LAN

I have a fairly simple network setup in my LAB

Management Interface 192.168.1.1 /24

LAN Interface 192.168.100.1/24

DESKTOP IP 192.168.100.100

I have allowed all the Internal Subnet on the Management interface which is 192.168.100.0 /24 in permitted l

...

Resolved! Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

We have just configured 2 IPSEC tunnels with a remote palo. Both sides have 2 IPSEC tunnels with tunnel monitor and DPD configured. For some odd reason, the when the primary tunnel is active and has active routes going to it, the secondary tunnel s

...

Resolved! NTP not working once authentication is enabled

Hi Guys,

NTP was working well. But when authentication was enabled below msg is seen on the Firewall (NTP Stopped working)

NTP server is a local one using IP address (not FQDN)

PAN-OS Version 10.1.5-h1

All the other devices are syncing except for th

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 1, 2025

Discover LIVEcommunity Through Our New Animated Explainer Video!

AI-ops BPA is not giving correct results after techsupport file analysis

Resolved! PSE-Cortex-Pro-24: Palo Alto Networks Systems Engineer Professional - Cortex

User-ID Self-Signed Certificate expire with local users

reconnaissance protection alert search

Clean Firewall Policies

A question about PAN-240612

Resolved! How to configure gre over ipsec？

Palo Alto Academies

Resolved! Perimeter FW in A/P HA directly connected to Palo Alto vwire in A/A HA

x-forwarded-for IP not appear in traffic log

pa-410 lost monitor log function and ACC function

Resolved! Telemetry error - CDL Receiver Key Empty

Resolved! UNABLE TO PING MANAGEMENT INTERFACE FROM LAN

Resolved! Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

Resolved! NTP not working once authentication is enabled

block geo location IP version 6

Configure SDWAN with only one transport (FTTH)

Paloalto Images not available

Can I add specific port, and port range on the same Service Objects

Creating CSR with SAN via API calls

Re: Mgmt Traffic over VPN

Re: Browser not prompting/selecting client cert for GP portal

Re: block geo location IP version 6

Re: Bulk changing target device in policy set

Re: Creating CSR with SAN via API calls

Unlock your full community experience!

Resolved! PSE-Cortex-Pro-24: Palo Alto Networks Systems Engineer Professional - Cortex

Resolved! How to configure gre over ipsec？

Resolved! Perimeter FW in A/P HA directly connected to Palo Alto vwire in A/A HA

Resolved! Telemetry error - CDL Receiver Key Empty

Resolved! UNABLE TO PING MANAGEMENT INTERFACE FROM LAN

Resolved! Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

Resolved! NTP not working once authentication is enabled