General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! What traffic will be generated when select "Collector Group communication" on ethernet1/1 on panoram

Hello Everyone,

I deploy two VM Panoramas for ha, and checked the setting "Enable log redancy across collectors" under Collector Group.

Because of the both two log-colllector can copy logs each other, so I would like to separate function "Collector G

...

Cisco Policy Based VPN - ProxyID Query

Hi everyone,

I am receiving the below error on a Palo to Cisco policy-based VPN.

'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 10.45.33.253/32 type IPv4_address

...

Resolved! Security Policy destination and/or URL category clarification

Hello, can someone please tell me the best way to implement minemeld custom IP and URL blacklists? We have just built a minemeld server and have both a list of IPs and URLs. Currently have just one OUT rule like below but should we have 2 - 1 for IP

...

Generating SSL Decryption Forward Trust Cert for an HA Pair via Panorama?

I've successfully rolled out SSL Decryption on a bunch of non-HA firewalls via Panorama. Generating the .CSR, signing it with my CA, and then importing the .CER but I'm wondering if this is going to work with my HA Pair because I'm guessing that I'll

...

Resolved! Force Template Values

Hi

If someone overrides a setting locally on firewall, can this be further overidden by Panorama using force template values?

... and is that instance what happens to the green and orange cogs?

Thank you

Resolved! Global Protect presents wrong TLS certificate of another portal

I have a GP portal with TLS/SSL profile named "aaa.ssl.pr" which contains the "aaa-cert" which commons name is "aaa.com"

When accessing the portal I see a different certificate in my web browser,

If I put the same SSL profile on another test portal, I

...

Router on a stick with VLANs

I have a single HPE 5400 that links to a PA-820. I have an untagged p2p VLAN on a Layer3 interface on the PA. I use this as the "MGMT/LAN" side. The HPE is doing routing for internal networks.

To add another VLAN, I tagged that same port on the switc

...

Resolved! minemeld-engine FATAL Exited too quickly (process log may have details)

MINEMELD 0.9.44

2018-01-30T13:55:26 (4857)mgmtbus.checkpoint_graph INFO: checkpoint_graph called, checking current state
2018-01-30T13:55:26 (4857)mgmtbus.checkpoint_graph INFO: graph status None, checkpoint_graph ignored
Traceback (most recent call la

...

Export traffic logs in CSV

Hello All,

I have tried to export logs from firewall its reach limit up to 1048576 rows, this is only for 3hr logs can anyone have the option to filter logs or can we exceed this limit.?

proxy_arp_pvlan

Hi all,

I was dealing with a scenario recently which I eager to use the Palo Alto firewalls.

In my design, it is a must to use the feature which is called ARP alias in Cisco terms, and ARP publish in Juniper terms. In case of Linux as Palo Alto is usi

...

Resolved! types of PA firewall inspection

Hello community!

I have a question, checking my stick high firewall, I wanted to know if in my firewall I could configure the inspection mode. I have seen another product from another manufacturer that has 2 inspection modes that are the flow mode an

...

HIP Check licensing expired

I thought that HIP check licensing expiration (trial version), would cause any rules on the FW - using a HIP check profile column to not match. Instead, it appears that it causes the firewall to simply not care about that column at all.... and allo

...

Resolved! Global Protect Saving User Credentials Security?

After reviewing a few documents, I'm hearing that doing this is not a best practice.... If I choose to do so, does anyone know where those credentials are saved and how they are saved in the agent on the endpoint?

I'm guessing encrypted cookies ar

...

Removing my site from Palo Alto's blacklist

Hi, please tell me how can i contact to Palo Alto for taking my blacklisted domain to whitelist in a palo alto DB

TCP TimeOut caused by the PA?

We have a video app that is streaming through our Palo Alto firewall on port 80. Everyone once in a while the session fails and can only be revived by hitting refresh in the browser. I am dealing with a network manager that's convinced the PAs are Re

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

Discover LIVEcommunity Through Our New Animated Explainer Video!

Resolved! What traffic will be generated when select "Collector Group communication" on ethernet1/1 on panoram

Cisco Policy Based VPN - ProxyID Query

Resolved! Security Policy destination and/or URL category clarification

Generating SSL Decryption Forward Trust Cert for an HA Pair via Panorama?

Resolved! Force Template Values

Resolved! Global Protect presents wrong TLS certificate of another portal

Router on a stick with VLANs

Resolved! minemeld-engine FATAL Exited too quickly (process log may have details)

Export traffic logs in CSV

proxy_arp_pvlan

Resolved! types of PA firewall inspection

HIP Check licensing expired

Resolved! Global Protect Saving User Credentials Security?

Removing my site from Palo Alto's blacklist

TCP TimeOut caused by the PA?

THREAT MAP on GUI is unable to export

GlobalProtect Machine account exists with device serial number config

Identifying Source IP Addresses for Routing Palo Alto Firewall Logs to an Azure Collector via IPSec Tunnel

BPA Tool not showing details for issues

NATing Question

Re: CLI - Basic to Advance PAN-OS 11.1

Re: flow_tcp_non_syn_drop - packet capture on this counter?

UserID periodic empty groups issue

Re: IP Wildcard Mask Address Objects

Re: Pull address object using XML API

Unlock your full community experience!

Resolved! What traffic will be generated when select "Collector Group communication" on ethernet1/1 on panoram

Resolved! Security Policy destination and/or URL category clarification

Resolved! Force Template Values

Resolved! Global Protect presents wrong TLS certificate of another portal

Resolved! minemeld-engine FATAL Exited too quickly (process log may have details)

Resolved! types of PA firewall inspection

Resolved! Global Protect Saving User Credentials Security?