General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

PA-200 Console Port - What type of cable?

I assume I would be able to use a typical Cisco rollover cable (Serial to RJ45) to connect to the console port on a PA-200 but get nothing.

Am I using the wrong type of cable?

name that security profile

I am looking for a more descriptive name for my security profile ? I have vulnerablity protection, anit-virus, anti-spyware and wildfire included on the profile that I have added to a majority of my rule. currently it is name All PE alert

Force what Global Protect Portal to use

Hello,

Our users will have 2 Global Protect Portals to choose from.

The users sometimes log in to windows with a smart-card and sometimes with a normal AD-account (Username and password).

Not sure if it's possible but can we force what portal they c

...

Probably a strange question...but Linksys RV082 and PA VPN tunnel anyone?

HI

Been trying to get a VPN tunnel working between a Linksys Rv082 and Palo Alto. (dont ask...)

But no luck in the testing, i based my PA config on the Linksys Rv082 settings, wich i got from the person that is on the other end, but so far - no suc

...

Resolved! Captive Portal errors

Hello

Early today the captive portal stopped working and UserID didn't get any user mappings. Users couldn't be able to login by SSO or captive portal. After some investigation, we restarted the l3-service and it come back working.

The l3svc_ngx_erro

...

Resolved! global protect gateway ipsec connection and ssl connection

I have configured GP external gateway and it is working fine.

connection type is always SSL even though ipsec is checked in the config.

does GP supports ipsec connection?

or is GP connection only supports ssl?

why are there duplicated threats (protections) ?

Hello,

Browsing on the list of threats, i see many threats that repeat themself, only with different ID.

What does that mean?

Minimum number of ports in aggreagte interface?

What is the minimum number of interfaces in an aggregate interface, will config commit with a single interface?

Monitor multiple IPs in a PBF rule?

Running 8.0.x on our PA-3020 and PA-220 systems.

In our virtual routers, we can path monitor with multiple IP addresses and take action on AND or OR conditions, but PBF still seems to be limited to a single IP. I'd love to be able to monitor multipl

...

Resolved! Two firewalls, identical rules, different behaviour

As far as I've been able to determine, the configuration for the two firewalls (PA-500s) are identical (with different IPs/subnets obviously), but the way they handle blocked connections is very different.

On one firewall, a telnet to a blocked port

...

IPSec and DHCP relay

Can a DHCP relay be configured on the PA to be used by and IPSec tunnel also configured on the PA?

Resolved! SSL cert mgt-Chrome issues

I generated and imported ssl certificate for secure management. I also made sure the CA is on the local machine. I have no issues with Firefox or IE but on chrome, it shows me cert r=error for mgt interface. Did anyone face this before? please offer

...

Resolved! IPsec question

Hello

I have many IPsec connectios on my PA. But their are 2 that both use 192.168.100.x

Now IPsec A is policy based. So I have configured the proxy ID's. All working fine. Now I have narrowed the routes down to the 2 host I require. Which are 192.168....

Resolved! Issue with setting QoS egress value with API

For scripting purpose I need to be able to set egress-max values in QoS with the API.

First I created a QoS profile, TRUST-QOS, and set the egress-max to 20

In powershell, I have the following:

$paURL = "https://" + $PAIP + "//api/?key=" + $apiKey +...

Global Protect on Chrome OS forget and reset portal.

I keep having to click forget on the chromebook globalprotect client and re add the portal to get it to connect to the VPN on the PA firewall. This happens daily to many of the Chrome OS devices.

Also the + button to add a second portal does not work.

...