General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! Disable SSL decryption via CLI - how long

Happy New Year everyone

Need to know if i run the below command

Disable SSL Decryptionset system setting ssl-decrypt skip-ssl-decrypt yes

Will this disable ssl decryption for 1 hour or 1 day need to know for how long?

Cant deny users from using remote desktop on non standard tcp port

I am trying test app id & put a rule in (all the way on top) denying my work station from accessing RDP on machines in other zones. I have successfully blocked users from accessing RDP on standard port 3389 but can still access RDP on a machine that

...

Minemeld diminishing numbers when passing from miner to processor.

Hello,

We are trying to integrate Recorded Future IP risk list with our SIEM to do correlation after that.

We have set up correctly the miner, which gives us around 50k indicators.

We then proceed to pass it to the processor stdlib.aggregatorIPv4Gen

...

Resolved! Mid-January Azure AD IP Update

Can anyone confirm these 2 new ranges will be added to the feeds at the appropriate time? Didn't see any discussion on this.

https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Azure-AD-updating-IP-Addresses-in-Mid-January/ba

...

DHCP - DNS Servers

Hi All,

Awhile back I was having an issue using DHCP on our PAN Fws. In the DHCP options, if I set the primary DNS to an internal DNS server and the secondary to a public DNS server, our clients randomly had issues accessing internal resources. I wo

...

Resolved! NAT Issue

Hi Friends,

I have 2 server hosted in lan zone and one public ip . i have configure the NAT for 1 server from outside from port 80 and its working fine. but i want access the other server from lan with public ip from port 80 but its not working showin

...

Configuring XFF logging without a URL Filtering License

1. Create a Custom URL Category with * under ‘sites’ (Objects >> Custom Objects >> URL Category >> Add)

2. Create a URL Filtering Profile & set your Custom Category action to “alert” (Objects >> Security Profiles >> URL Filtering >> Add)

Tick

...

Allow policy for 2 hours per day

Hi

It is possible to allow a rule for 2 hours within a possible time window

I would like to allow for exampe youtube for 2 hours per day for our employees .

Could i solve this somehow via API ?

Regards Markus

Migration tool Installtion

I see lots of posts of how to install and use the migration tool, but can someone please provide steps on how to install it properly.

Palo Alto Agentless User-Ip mapping Not Working

Hi Folks,

Need urgent help on an issue where " PAN Box Integrated with AD as an LDAP entity for USER-IP Mapping. So when User switches from LAN --> WiFi or WiFi --> LAN different IP Subnet, user-ip mapping don't change instantaneously" because of th

...

Resolved! Threat Prevention - IPS features

Hi,

Can we enable IPS features on a particular sub-interface/zone in Palo alto so that it gets applied to all traffic that enters through that particular sub-interface?

From the little reading which i did, i am seeing it as configuring it in secur

...

Resolved! Scheduled export of csv system log for Global Protect logins

Have been looking around trying to find this and can't find it.

I have a filter for system logs to filter all the successfull Global Protect logins for the last calendar week.

I have been manually exporting this to a csv but wanted to schedule the pr

...

Resolved! Aperture working/basic, how aperture policy works

I started with aperture and document mentioned "Aperture compares your user defined aperture policies to the data content and context to calculatre any policy violations"

I understood

Conext = data exposure

Content = Data patterns inside the acutal fil

...

Passive device dataplane interface and management interface

Hi Team,

Can we ping management IP of the passive device from the any one of the dataplane interface on the passive device.

Interfaces on the passive devices are up (showing green) --> passive link state is auto.

We have tried pinging the internet in

...

IPSec VPN not working before phase 2 negotiation

Hello,

I made an VPN Tunnel between paloalto and fortigate(3 tunnels).

Every config is same between them. 2 of them work well but 1 tunnel has an issue.

About 3 mins before phase 2 negotiation(by lifetime or other reason), traffics can't go through t

...

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Resolved! Disable SSL decryption via CLI - how long

Cant deny users from using remote desktop on non standard tcp port

Minemeld diminishing numbers when passing from miner to processor.

Resolved! Mid-January Azure AD IP Update

DHCP - DNS Servers

Resolved! NAT Issue

Configuring XFF logging without a URL Filtering License

Allow policy for 2 hours per day

Migration tool Installtion

Palo Alto Agentless User-Ip mapping Not Working

Resolved! Threat Prevention - IPS features

Resolved! Scheduled export of csv system log for Global Protect logins

Resolved! Aperture working/basic, how aperture policy works

Passive device dataplane interface and management interface

IPSec VPN not working before phase 2 negotiation

Are there signature release for following vulnerabilities?

PA-440: Bottom Face Screw Mounting Footprint

using Subinterfaces in different Vsys inder same phy interfa

SSO Activation

OSPF route suppression

Re: New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Re: sorting question

Re: How to add palo to multiple device groups

Re: New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Re: How to show connected remote users with Panaroma

Unlock your full community experience!

Resolved! Disable SSL decryption via CLI - how long

Resolved! Mid-January Azure AD IP Update

Resolved! NAT Issue

Resolved! Threat Prevention - IPS features

Resolved! Scheduled export of csv system log for Global Protect logins

Resolved! Aperture working/basic, how aperture policy works