General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! DMZ Config for web server

My firewall is using the following Interfaces/Zones: E1/1(5.5.5.170/29) and E1/1.1(5.5.5.174/29) are in the outside zone. E1/2(192.168.254.252/24) is in the inside zone. E1/8(192.168.1.1) is in DMZ zone. E1/1 and E1/2 are connected to the mainvr v

...

Resolved! Out-of-band management interface and security zones

Hi,

1- Can I add OOB management interface to a security zone on PaloAlto firewall ?

Thanks,

Mahmoud

Security Policy not blocking Facebook

Hello,

I am connecting to the VDI as the teststud user and can browse to Facebook. The session is hosted on IPC-VDI-VSH1 as per the screenshot below.

I have copied our existing security policy which blocks access to Facebook, Youtube etc. I can se

...

Resolved! Connecting to VPN Windows network profile changes to "Domain network" for the phys. network adapter

Just noticed that with Globalprotect 4.1.x the network profile changes to from "Public" or "Private" to "Domain network" for physical network adapter and not just for the VPN adapter while being connected to GlobalProtect service. Also when the VPN s

...

Resolved! Disable SSL decryption via CLI - how long

Happy New Year everyone

Need to know if i run the below command

Disable SSL Decryptionset system setting ssl-decrypt skip-ssl-decrypt yes

Will this disable ssl decryption for 1 hour or 1 day need to know for how long?

Cant deny users from using remote desktop on non standard tcp port

I am trying test app id & put a rule in (all the way on top) denying my work station from accessing RDP on machines in other zones. I have successfully blocked users from accessing RDP on standard port 3389 but can still access RDP on a machine that

...

Minemeld diminishing numbers when passing from miner to processor.

Hello,

We are trying to integrate Recorded Future IP risk list with our SIEM to do correlation after that.

We have set up correctly the miner, which gives us around 50k indicators.

We then proceed to pass it to the processor stdlib.aggregatorIPv4Gen

...

Resolved! Mid-January Azure AD IP Update

Can anyone confirm these 2 new ranges will be added to the feeds at the appropriate time? Didn't see any discussion on this.

https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Azure-AD-updating-IP-Addresses-in-Mid-January/ba

...

DHCP - DNS Servers

Hi All,

Awhile back I was having an issue using DHCP on our PAN Fws. In the DHCP options, if I set the primary DNS to an internal DNS server and the secondary to a public DNS server, our clients randomly had issues accessing internal resources. I wo

...

Resolved! NAT Issue

Hi Friends,

I have 2 server hosted in lan zone and one public ip . i have configure the NAT for 1 server from outside from port 80 and its working fine. but i want access the other server from lan with public ip from port 80 but its not working showin

...

Configuring XFF logging without a URL Filtering License

1. Create a Custom URL Category with * under ‘sites’ (Objects >> Custom Objects >> URL Category >> Add)

2. Create a URL Filtering Profile & set your Custom Category action to “alert” (Objects >> Security Profiles >> URL Filtering >> Add)

Tick

...

Allow policy for 2 hours per day

Hi

It is possible to allow a rule for 2 hours within a possible time window

I would like to allow for exampe youtube for 2 hours per day for our employees .

Could i solve this somehow via API ?

Regards Markus

Migration tool Installtion

I see lots of posts of how to install and use the migration tool, but can someone please provide steps on how to install it properly.

Palo Alto Agentless User-Ip mapping Not Working

Hi Folks,

Need urgent help on an issue where " PAN Box Integrated with AD as an LDAP entity for USER-IP Mapping. So when User switches from LAN --> WiFi or WiFi --> LAN different IP Subnet, user-ip mapping don't change instantaneously" because of th

...

Resolved! Threat Prevention - IPS features

Hi,

Can we enable IPS features on a particular sub-interface/zone in Palo alto so that it gets applied to all traffic that enters through that particular sub-interface?

From the little reading which i did, i am seeing it as configuring it in secur

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025