General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

False Positive (virus/win32.wgeneric.vnujo)

Dear Support,

Our customers have been reporting that palo alto is identifying our software as malware.

application ms-ds-smbv3
virus/win32.wgeneric.vnujo
ID 219797367

How can we proceed to whitelist our software permanently?

Thank you

Resolved! How do you deal with Service Route and MGT port redundancy?

We had an outage that took out a switch, and the PA management port is connected to that switch. I was unable to access the UI or CLI, and VPN was unable to authenticate via LDAP. I found the issue was that all the Service Routes were set to default

...

How to resolve invalid NAT rules in Expedition

I've downloaded and run the latest Expedition VM, and have imported my Cisco ASA config file, but Expedition says all my NAT rules are invalid. Not clear what that means, and the instructions (link below) say nothing about how to resolve them.

https

...

Seeking Guidance on What Content Should Be Included In a Panorama Maintenance Guide

Tasked with creating a "Panorama Maintenance Guide," but finding little detail regarding what should be included. I have search for something similar from Panorama, but I have been unable to locate anything.There are a few functions I want to include

...

Resolved! Checking for CloudWatch

Hi all,

Relatively new with Prisma and playing with the RQL. Would anyone be able to tell me if there's a query i can run that tells me if cloudwatch is enabled within an AWS environment?

Report wise, I tried running something against CIS compliance

...

Resolved! HIP logs review

Hi,

Need your insight !!

We have few VPN portals to meet HIP checks ( laptop - Domain and anti virus )

I could see the HIP logs in the HIP Match ( that means host passed the HIP match ?)

Or those logs that shows HIP match passed or failed ?

Any keyword

...

GlobalProtect reports Machine Certificate (null) but it isn't...

Hey all,

Recently upgraded to PAN-OS v9.0.3 and GlobalProtect is no longer working for some. Error messages in the system logs are showing GlobalProtect portal client configuration failed... Machine Certificate CN: (null) for those that fail but als

...

Resolved! Panorama Error

Getting below error in Panoram's system logs :

Panorama has lost connection to its peer, no log will be forwarded

Though from Panorama all devices looks connected .Verifed the device status from panorma.

Anyone facing similar issue ?

TCP issues when moving an application through a Palo Alto FW

Hi,

Following scenario:

we have a 2-level Firewall Filtering / Security Setup active in our infrastructure, with a Cisco ASA currently acting as the Internet Firewall (updated to the latest Cisco ASA OS version) and an internal Firewall (Checkpoint a

...

NAT PPTP VPN

Hello, im trying to set up a NAT rule for a PPTP VPN tunnel.

I have set it up like this:

Source: untrust

Dest. zone: untrust

Source address: Any

Dest. address: lets say 20.20.20.20/32

Service: any

Source Translation: None

Dest-Translation:20.20.20.20/32

Secu

...

TLS 1.3 support

Hi everybody,

any news regarding change of decryption from passive to proxy mode to support TLS 1.3 decryption?

Thank you,

Jan

Palo Alto lab devices

Hi guys,

I was assigned to work on a project with involves working with Palo Alto appliances a lot. I have never touched such a firewall before, so I am planning to get two (or more) devices for my home lab and experimental use.

Do you think the PA-20

...

Problems with panorama and paloalto ACC No data display

Hello good afternoon

I have a problem with my panorama and a Palo Alto HA, in the panorama the complete traffic is not visualized and in the ACC no data display.

Already apply these commands

> request log-fwd-ctrl device <serial number> action stop
>

...

Question about Global protect Pre-Logon Issue

Hi,

I configured GP pre-logon method, But it’s only working in administrator mode even though the user is part of administrator group, it’ not working for normal users.

I followed below KB article,

https://knowledgebase.paloaltonetworks.com/KCSArticle

...

On boarding Large Numbers of Firewalls Using Panorama and Bootstrapping

I am working on a project which will involve deploying a large number of PA220 firewalls to branch offices. This will happen over a period of time with probably around 30-50 branches per phase of work. These branch firewalls will be managed using Pan

...