General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 1, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! Route Monitoring. Possible FR?

Hi

I ran into an interesting requirement which (I believe) is not possible with the current path monitoring features for static routes. Here is my scenario...

First lets just remove dynamic routing from the equation. For this specific use case dyanam

...

4D83FE9B-261E-45EA-9969-1C48BD460C9F 4.png

4D83FE9B-261E-45EA-9969-1C48BD460C9F 6.png

Require authentication via global protect when connecting to data center resources

In an attempt to secure connections to production resources. I would like to implement a policy that if you are for instance using SSMS to connect from one location to a database in the data center, that you first have to authenticate via global prot

...

Resolved! IPSEC VPN from PA to Multiple devices - Using same crypto profiles?

We have PA running IPSEC to different remote sites.

Each site has different Public and Private network

For each site i need to create tunnel interface and do the same config over and over.

Say if i need ipsec to 15 sites then for each site

i need to

...

Certificate based authentication for IOS microsoft intune intergration

HI @gwesson

I have an issue in client based authentication for IOS devices. I have imported the client certificate in windows and android it works same cert installed in iphone it shows an error client certificate not found.

Recently, I have see b

...

Resolved! LDAP authentication failover

Hi Community,

I have 2 Domain controllers serving user information. I have configured these 2 under same LDAP server profile. I am using this profile in authentication profile for GP.
I configured 4s each for search and bind timeout under LDAP server p...

Resolved! Multiple vpns to the same peer

Hi,

We have a requirement where-in we need to configure 2 vpn tunnels to the same remote peer.

Also the remote end local ip address ranges are the same. Below is a quick explanation

Tunnel 1

MyPeerPublicIp = 1.1.1.1

RemotePeerPublicIp = 2.2.2.2

MylocalSu

...

Resolved! how long phase 1 will show as red in web gui?

We have ipsec tunnel to vendor.

web gui shows phase 1 as down and phase 2 as up.

i can ping across the vendor network.

traffic is passing via tunnel

show vpn flow shows active.

need to know how long web gui will show phase 1 is red?

when web gui will s

...

PA 5220 vsys HA Support

Hi,

we have a pair of PA 5220 appliances currently running only the default vsys (vsys 0) in an HA (Active / Active) Setup.

We would like to add additional vsys instances and also have each of the new instances running in a HA A/A Setup.

Would the HS

...

Problems installing on Ubuntu 16.04

I am trying to follow the directions found here:

https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-16-04/ta-p/253336

I get to this step

Adding the repo GPG key

Add the MineMeld repo GPG key to the APT t

...

Packet Buffer OID VM-Series

Hi,

Anyone know what is the OID used in the VM-Series to extract the packet buffer (hardware/software) values?

In the MIB of Palo Alto Products I only find this one, but I don´t know what it exactly extracts:

PA-VM: 1.3.6.1.4.1.25461.2.3.29

Any idea

...

Resolved! unable to download or view the pa-500 specs sheet

i know this sounds like a silly question but I need to get the specs on our pa-500 firewalls. When I go to this page, https://www.paloaltonetworks.com/resources/datasheets/pa-500-specsheet nothing happens when I click the download button. Either the

...

HELP: Clients going 'under the radar' when CP is switched on...

We find that an increasingly number of students never get the captive portal auth dialog popping up once we switch on CP (when we are having a test or exam) for their subnet. The dialog pops up as expected for most of the students, but there are alw

...

Resolved! BGP Routing Question

Hi All,

I have BGP routing advertising from the Palo with eBGP advertising internally and externally for 4 vSYSs.

How do I advertise a particular vSYS with public IP a.a.a.a to advertise it as a route for public IP b.b.b.b/27.

Regards

Adrian

Subscription signatures off-line updates

Good afternoon, colleagues, I have three subscriptions: url filtering, threat prevention and wf500 signatures. How to update them off-line and is it possible to distribute these updates for the firewall and wf through Panorama?

Resolved! Run 'script' from CLI

Hi,

I wonder if it is possible to create a run a user defined script from our VM-100's CLI.

The script should switch Policies / Authentication / <my CP profile> to 'web-form'

- and do 'clear session all filter from ClassNet '

If this is possible how d

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 1, 2025