General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics


Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 


In the past six


jforsythe by Community Team Member
  • 1 replies

Custom signature for unknown tcp

this is a capture from a tcp traffic.

i want to make a custom app id because in my log it say my application is an unknown-TCP application 

how can i get the signature from the digits (image) ?

can someone thell me or give me tips how i should make a cu



Debugs available in PAN-OS and their default states

Debugs, what they are for and their default states.


I started writing this to refresh a set of scripts. I found most of the debugs and states are not well documented yet. If you know otherwise, please post a comment. I will continue updating this tab


bspilde by L4 Transporter
  • 0 replies

VM-100, ESXi, Module 'CPUID' power on failed

Trying to get a VM100 to power on with an ESXi host. 


This is a HP EliteDesk 800 G1 i5.  I'm getting the message that Intel VT-x is available but it might be disabled.  However, I know hyper threading is enabled in the HP Bios.


Tryig to run Palo 8.0.


GlobalProtect Cloud Service maintenance: Mar 6-8

Dear valued Palo Alto Networks customer,

Please be advised that we have a planned service maintenance for the Cloud Services- GlobalProtect Cloud Service infrastructure scheduled from 03/06/2018 4pm PST to 03/08/2018 4pm PST. 


We expect the service



Is it possible to use DG layering to solve DaaS Zone issue??

1. Can we create a DG-DaaS whose parent will be ‘DG-AWS_DQA’.
2. Assign Seattle DQT firewall to DG-AWS_DQA
3. Assign Ashburn n future Chicago to DG-DaaS (since it has DG-AWS_DQA as parent, it


kpotru by L1 Bithead
  • 3 replies

IPSec Tunnel from vsys1 to vsys2

Hello All,


I have a design issue to mull over, and one of the options is to look at having ipsec tunnels between vsys isntances on the same box.


So, I have vsys1 as my default vr, what I may need to do is turn up vsys2 and have certain traffic in vsy


Resolved! Configure IPSec between Palo Alto devices

We have two vpn Palo Alto devices.

One in our HQ departement and one in a remote location.

I need to setup an IPSec VPN tunnel between these sites with the Palo Alto devices but I never did this before.

On the Palo Alto website I found this article whic


ZEBIT by L3 Networker
  • 4 replies

Rule base documentation

PA Best practice says you should have your rules documented on the rules and some where other than your rule base. Anyone doing that? and if so how

jdprovine by L4 Transporter
  • 15 replies

Resolved! Redistributing Tunnel interface into OSPF no longer working


I have a strange scenario here. To summarize, I had previously configured GlobalProtect on a Palo firewall and configured the Palo to redistribute that network range on the tunnel interface into OSPF. This worked without any problem.


Now, the IP a


Bocsa by L3 Networker
  • 3 replies

Monthly Graph Reports (Pie&Line Charts)


we have to build monthly PDF reports with nice graphs like Pie&Line Charts  for the management. Unfortunately PDF summary reports are the only one which contain graphs (despite the ACC Widgets) and are generated only everyday. Is it possible to ge


Resolved! HA Sync with different Configuration

I have two firewalls previously on HA (Active-Passive mode). We had to shutdown the passive device due to some troubleshooting. Then we had to roll-back the config of the active PA.


Here's the current setup. (HA links not yet cabled)

Active PA - lower


Top Solution Authors