General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

show counter global filter delta yes -----drops

when i run command

show counter global filter delta yes

i see below counters incrementing need to understand which are these drops and why PA is dropping these packets?

do they impact the performance of the PA?

flow_tcp_non_syn_drop

flow_fpga_egr

...

Resolved! logical int counters - packets dropped

Logical interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 21513660
bytes transmitted 2835
packets received 358561
packets transmitted 21
receive errors 0
packets dropped 35853

...

Palo alto HTTPS decryption?

Hi all,

I am using PA-850. I configure to decrypt HTTPS, and use AD group policy to install certificates on client, it works well with AD users. but we have other situation that client is not AD users. do we have any ways to redirect client to the UR

...

Resolved! Wildcard certificate on PA firewalls

Hi Team,

I'm trying to create a CSR in Panorama in order to get a wildcard certificate from our third party CA.

In order platforms, I define as common name the format *.mydomain.com but in Palo Alto I'm getting an error: Failed to generate certificat

...

Stickied post for recommended versions?

Just wondering since this is a topic that comes up often and I actually just asked TAC about it myself, should we maybe have a stickied post on here that documents the recommended versions for each software track? I realize Palo Alto doesn't publish

...

User-Agnet 8.0.12-5 problem to read Windows server 2016 security event

Hello,

I installed UIA 8.0.12-5 on WIN server 2008 R2 (FW PAN OS is 8.0.13).

I'm throubleshooting userid login problem and it looks that log event (Event ID 4768,4769,4770,4624) are not readed by the user agent on Windows Server 2016.

Connecting to W

...

show session all filter application ssl tunnel-decap no

need to know when i run below command

show session all filter application ssl tunnel-decap no

it shows lot of output and app is ssl

which traffic is this?

is this traffic where ssl decryption is going on?

Resolved! Real time alerts for threats?

Is there such a thing with PAN? IE if the logs generate a critical alert can is there some logic to fire an email or generate a report with the relevant information?

Panorama object service search not finding objects when searching on destination port

Running Panorama 8.1.3

Having an issue that when in Panorama that when I put a destination port in the search bar, it only matches against the name.

When I go to the gateway, and do the same search it will find the service objects with the detination

...

Resolved! How to reach VPN users via RDP

Hello, is it possible to reach connected vpn client via RDP? If yes, maybe someone could take me on right path how to do it?

Sincerely

Deimantas

App id “Non-syn-tcp”

I see a lot of non- syn-tcp from from few specific zone. I am sure that there is no asymmetric routing. If that has to be the case how to determine exact causing factor.

Thanks

Resolved! OSPF Inbound Route Filter

Hi,

I see in the admin guide that it is possible to filter the default route so that it is not learnt by the OSPF process.

Is there any way of applying a more granular filter so that I can restrict the Palo Alto OSPF process to only learn 10.0.0.0/8 ro

...

Resolved! Qos on application and class 1 and 4

I have created qos policy for application http-video and is defined in class 1

However when i run below commands

show session all filter application http-video qos-class 1

show session all filter application http-video qos-classs 4

I see the applicati

...

leaf and spine and security

Hi,

In a spine and leaf ( vpc ) ,where we should place the firewall to protect the data center ?

If we use layer 3 firewall all routing process will be shifted to the fw, spending huge amount on spine won't be beneficial ?

Layer 3 or layer 2 reco

...

Route & Path Selection

I have a Cisco backround & I am currently studying Virtual Routers & Static Routes in the PA 8.0 admin guide. I am trying to understand how Metrics are used in the firewall because it sounds like Administrative Distance does the same thing. Can som

...

Discussions