General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

How PA 5220 appliance sends netflow packet when configured in HA and Vsys Mode.

How PA 5220 appliance sends NetFlow packet when configured in HA and Vsys Mode. does the firewall find egress interface by looking into routing table for Netflow packets? If it is Yes, So why we need to change service route on PA 5220 appliance,

Seco

...

Link Aggregation - IP addressing

So I configured Link Aggregation on my PA5260 running 8.1.

The first pair of links in ae1.8 comes up perfectly using 192.168.255.3/25 as the IP address. The second pair of links in ae2.9, however, refuse to respond on 192.168.255.131/25. The second p

...

PaloAlo ports not coming up!

Hi,

I am configuring some new PA850s and interfaces are set to Vwire mode. ports are connected to cisco switch but they are not coming up.

they come up and go down. here are settings from cisco side:

speed 1000
duplex full
no mdix auto

paloalto ports:

sp

...

Importing Logdb into different devices

I'm trying to import logdb coming from a PA-2050 to a smaller devices like VM-100, PA-200 or PA-500 but without any luck. Has anyone successfully tried this operation?

The command scp import logdb from ... seems ok but in the end no data is shown unde

...

MineMeld can not get O365 JSON format list

[Failure event]
In the case of O365 's xml format, when MineMeld received traffic after ClientHello, I got a list but if I set config for JSON support I can not get a list.

[Prerequisites]
MineMeld will go through Paloalto and do Internet communication

...

Resolved! Implicit web-browsing and ssl

I've noticed that some App-IDs have web-browsing and ssl implicit to the application while others they are dependencies.

Is there a reason for this?

Are the App-IDs being updated to make these 2 applications implicit?

For instance, I'm setting up fire

...

Resolved! Conversion of SonicWALL NSA3600 config to PA 220?

Is it possible to convert (migrate) a SonicWALL NSA3600 configuration to a PA 220?

Using Expedition 4.0?

Other method?

Thanks

Resolved! tcpdump filters

Does anyone know what filters are supported for the tcpdump command on PAN-OS (7.0) ?
For troubelshooting of a Syslog (server) issue, due to large amounts of traffic, I need to capture only packets with syn- or fin/rst-flag set.
Something like this : #

...

Statics for DoS Protection

Since DoS protection is for more granular protection of a server, how can i see the statics for the particular server i want to protect. Wouldn't we need to know the pps statics and sessions for that particular server.

Resolved! Newbie - GP and NAT

1) this is for a home use environment.

2) I have successfully configured Global Protect to work external.

3) I have PLex running and need to get it communicating to the world. Was able to do this before GP by setting "Service" to "any" in the NAT ru

...

Static NAT between virtual routers

Hi,

I'm going to migrate a Juniper SRX firewall with a Palo Alto VM-500 firewall.

The case: The Juniper firewall is configured with multiple virtual routers. Between this routers we can static NAT subnets. As showed in the picture below, we have 2 vir

...

Resolved! Forum Location for Education institutes

Greetigns

Is there a section of the forum where people involved with education Institutions.

I want to get some idea of how and what people allow when dealing with Children in a school when the age ranges from 8 years old up to 17 years old. as well

...

Log percentage and space

If logging is set to allow up to 95% space on the disk and it hits 95% that same partition,/dev/md6 3.8G 3.2G 454M 88% /opt/panrepo - PAN-OS Image repository.(Device/Software), resides the PAN OS what happens when you hit 95% on logs and try to

...

Resolved! Wrong IP calculation after Whitelisting on MineMeld

Hi,

I have installed MineMeld and it works fine. Before creating our configuration I wanted to test something on Whitelisting as it is going to help on what we are aiming to do with MineMeld. I hope the below finding is a configuration mistake o

...

Intrazone Rules

Hey guys,

I took over a Palo Alto Firewall and I noticed that there is a intrazone allow rule at the end for every single internal zone.

So source zone: internal zone xy

source address: any

destination zone: internal zone xy

dest address: any

application:

...