General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 1, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Creating Minemeld IPv4 Lists

I'm a newbie with Minemeld and Autofocus.

I'm looking to create a Minemeld Miner that will maintain IPv4 Whitelist based on an AWS Site that is load balancing and/or using DNS Round Robin.

The CDN that we're pulling data from lives in AWS and IP Addre

...

Resolved! What are you using to implement SNMPv3?

I'm taking on the task of setting up SNMPv3 on a firewall but will be starting from scratch with no tools, programs, scripts, etc. in place so I have a lot of flexibility (and also a lot of work ahead). I won't be doing traps but mostly looking at CP

...

Hardware failure recovery in an HA pair

What is the best way to recover the primary PA 5050 if the hardware completely dies?

Can we create same VLAN ID on two different aggregate interface on the same vsys enabled device ?

Hello All,

I want to assgin same vlan id two different aggregate interface which will be assign to different vsys created on the 5220 device and assgin public IP address as well which are in same subnet. The exact requirement is below :-

created tw

...

Email Alert Formatting - PanOS 8.0

I'm looking to make my email alerts more readable, especially for certain cases where rapid response is key. I have log forwarding configured and all, but the defaults contain way too much information. If possible I'd like to add some custom verbage,

...

Resolved! User member of multiple groups. Software v 8.1.2

If a user is a member of multiple groups for web filtering and the groups are used in different policies will the user be able to access the sites in the multiple policies?

Adding additional public IP range

Hi all - I've been having a bit of trouble getting this to work - I've done it on Cisco & Sonicwall boxes before, but this is my first PA 3020. We were just assigned additional public IP addresses by our ISP. The existing block is 206.x.x.x/29 and t

...

The new Palo Alto Networks Certified Network Security Administrator (PCNSA) exam

Any info on this exam. On the PA cert web site it says it is coming soon.

Thanks

Al

Resolved! OS partition

Is there anyway to freeup space on the partition were the OS resides on the PA or is that automagically done when you upgrade the os. All articles dealing with clean up of the disk space has mainly to do with purging logs, the image repository, the c

...

Security policy rule - allowing a specific host access to ftp.sophos.com

Hello,

A colleague needs to access ftp.sophos.com (195.171.192.29) using Filezilla as their SFTP client, via TCP port 990. I set up the security policy rule as follows:

They could not log onto the ftp.sophos.com site. The password credentials they

...

Resolved! Using Minemeld for URL EDL

Dear MM comunity,

I am trying to use MM for parsing a URL list to populate a PA NGFW which lacks Url filtering license.

I have found that predefined miner urlhaus.URL which seems very well done. It is based on https://urlhaus.abuse.ch/ , which is

...

Resolved! Device maximum ospf peers

hi guys is there a document that list the maximum OSPF peers and OSPF Areas for PA5220(per device is better) since ther might be a hardware or software limit on it for stability purposes. Thanks

Does "pre-logon" user belongs to "known" user?

Dear Comm,

I was googleing alot about this topic and but only found this:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXlCAK

My specific question is, if a the User ID agent show the username "pre-logon" learned via "GP"

...

Downgrade Pan OS

Does the debug svm revert still work on the 8 os?

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcYCAS

redistribute global protect ip pool subnet into bgp.

I am running VM-500 in cluster on 8.1.4 . I have global protect configured with ip pool of /24.

I need to redistribute this range via bgp. I can see this range in the routing table.

Discussions