General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Resolved! autocommit fail : Total NAT DIPP exceed

Hi all, I found the issue after upgrade Palo alto from PAN-OS 5.0-6.1.0 when to 6.1.0 auto-commit faile and show messages "Total NAT DIPP translated IP 804 exceeds the capacity of 800 " My model PA-5050 so, I would like to know this issue occur?

Palo alto static routing issue

Hi,

We are configuring a new routing scenario but we are expecting problem taking the correct route.

This is our static route table:

destination interface gateway metric

10.50.1.0/24 eth1/1 10.50.250.1 1

10.50.2.0/24

...

test security-policy-match application ping -> Server error : argument protocol is required

Hi,

I am trying to test ping from zone A to zone B using 2 hosts IPs which belong to their respective zones.

What is the correct way to specifically test application ping?

fw1(active)> test security-policy-match application ping from from zone_1 to zo

...

SYSTEM ALERT : critical : fail to integrate the update of registered ip addresses since 61 seconds

Greetings

I am not sure if anyone has come across this alert SYSTEM ALERT : critical : fail to integrate the update of registered ip addresses since 61 seconds on a regular basis? If yes, can someone please shed some light on what is causing this

...

Resolved! How many IPSEC VPN peers can PA-5220 handle ?

Hi All,

We are having a scenario where we are supporting various vendors through IPSEC VPN and we were using Cisco ASA 5585-X for that.

The problem is we are nearing the 4000 total active tunnels now and ASA is facing some issues handling that much tu

...

Resolved! Policy Based Forwarding

Hello,

i want to use policy based forwarding to forward all Traffic out via a specific next hop except private address ranges, When i negate the private address spaces the rule just shows these lined through, so it will not policy base route for th

...

Resolved! Plz urgent help in Bridge+Tap mode

Hello

I just need a confirmation if i can configure a TAP interface + 2 bridges interfaces, and make 2 policy rules, one for TAP and the second for the bridge, in order to generate logs for TAP and bridge traffic at once, that is possible?

Thanks

Do we have to reinstall globalProtect after a gateway cert was renewed

Recently we renewed the gateway cert, after that, a few colleagues have to reinstall the globalProtect agent, otherwise he/she will get error message "gateway certificate is invalid".

BTW, we use self-signed certificate.

Is there anyother way could f

...

Panorama not Pushing out PANDB updates to all Firewalls

The panorama updates devices with Wildfire update, Threats and Apps, and AntiVirus but does not push out PANDB updates. The licenses are valid. So all licensing is updated by Panorama except URL Filtering, any ideas?

Resolved! Third-party SFP transceivers

Hi Everyone,

i am currently running 7.1.14 and am looking to upgrade to 8.08 with third part trancivers

HPE X242 10G SFP+ to SFP+ 3m Direct Attach Copper Cable J9283B

I read in the Upgrade/Downgrade Considerations Support for Third-Party SFP Transce

...

Resolved! Creating a duplicate network?

Hi folks,

I am being asked to create a duplicate network that will service VM clones of production VMs for testing and development purposes (without changing their IP or anything else). We have something similar at a different site using "transit" z

...

Resolved! Global protect high availability

Hi Techie,

Am deploying global protect in 4 different region, based on regions they will be getting connected to appropriate portal.

if the appropriate location portal is down then they have to come to DC portal, how do i achieve it ?

FYI, Am using p

...

HELP - Computers with two network adapters

Hello,

I have a network with a few computers with two network adapters

NIC1 to the main netwrok 1.1.0.0/16

NIC2 to the backup network 1.2.0.0/16

We are detecting the lost of connection every few minutes.

It's necesary any special configuration to allo

...

Resolved! Incorrect QoS Configuration Caused Network Traffic Outage

Quick design question Community. The setup is a core switch that terminates a Palo Alto for WAN and then a private circuit for internal resources back to a core in a different location. In the event they lose the WAN circuit, I need to route all the

...

DUO MFA for Clientless VPN

Hi. Did anyone know if it is possible to use MFA (for examlpe with DUO) for Global Protect Clientless VPN?

Best regards, Markus