General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Old certificate showing even after new certificate mapped to the ssl profile

Hello,

We are using Software Version - 8.0.8, Global Protect Agent - 4.0.4

One user is able to connect the VPN through portal but when accessed the URL from the internet still seeing the old certificate after new certificated mapped.

We tried to rein

...

Resolved! Recommended PAN-OS version

Hello

Please need to know the recommended upgrade PAN-OS version from Paloalto for PA-3020.

Appricate your help

Thanks

Preventing Split-Brained Monster, HA Failure Technique Idea?

I am trying to develop a technique to handle HA failure conditions, between two PA units, in an "Active/Passive" configuration.

What I want to try is to connect an HA1 link to an intermediate switch. By default, what I notice is that if I take down t

...

Global Protect connects even machine certificate not present in store

Has anyone encountered this issue ?

https to portal interface IP gives an error "Valid client ceriticate required".

GP users are still able to connect to GP VPN even if machine certificate not present in store.

I have Global protect Portal configura

...

File Blocking applications

What is the reason that the Applications field within File Blocking Profiles only allow a subset of all applications? For instance, I have a file blocking profile that alerts on several file extensions for webmail applications I've specified, and I'm

...

Resolved! Mitigating CVE-2019-5786

Anyone know which Content Update (released or upcoming) might contain a mitigation for CVE-2019-5786?

Description: https://www.helpnetsecurity.com/2019/03/06/chrome-cve-2019-5786/

Cheers

Resolved! Global Protect and no Source User Identified

I have a user with Windows 7 and Global Protect who couldn't get to an internal web site. When I went to look in Monitor/Logs/Traffic I could see that the Source User field was blank and therefore not hitting the anticipated allow policies. He says i

...

Resolved! GlobalProtect Multiple Portal Support

I have GlobalProtect 4.1.3-8 and durning the install I added to portails and there is now a portal selection at the bottom but ater make a connection it is always grey and I see no wat to log out of the current connection.

This is on a Windows 7 ins

...

Pushing Local Admin Accounts from Panorama

Hi,

Please forgive me if this is a stupid question as I am quite new to Palo Alto firewalls and Panorama.

We currently have Panorama running on PanOS 8.1.6 and the same for our firewalls.

We are using AD accounts for all our Administrators using radi

...

Resolved! Is there an equivalent to "tail -f log" or viewing the last x log messages?

I have some 5220s, but I am assuming this question would relate to other platforms, as well.

On the 5220s, is it possible to look at the last x number of log messages, depending on the log type, or a PAN OS equivalent to the Unix "tail -f logfile," f

...

Can't push template stack to PA-220 (getting new errors every time)

Can someone help me configure this firewall from Panorama? I created a template stack and added 2 templates to it. The first template is a global template which has all the standard settings on it (banner, time zone, etc..). The second template ab

...

Browser for Panorama

Curious which browsers people might be using for Panorama. I find Edge becomes too slow, Chrome I have issues where all of a sudden I can't scroll to the bottom of the rule base especially if you expand the zoom greather than 100%. With Firefox it

...

Application ID accurate on encrypted traffic?

Does the PA do application identification for SSL encrypted traffic without if we aren't doing SSL decryption? For example if a user watches an encrypted youtube video, is the PA able to identify that traffic as youtube, or will it be reported as ss

...

Resolved! PAN OS 8.1.6. How is it?

I just wanted to open a thread to see if anybody has had any issues with the 8.1.6 platform as of yet. I have been told it is preferred from TAC to be on this release, but I don't know if it will cause any other issues. We have had quite a few issues

...

Cli command to delete sub-interfaces

looking for the cli command to delete multiple subinterfaces in one go. Seems like it can be done?

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource