UPDATE 11/8/23 11:43 a.m. EST:
LIVEcommunity’s System Update will be delayed. This means your use of LIVEcommunity will not be impacted this week (11/8-9), and you can proceed with business as usual.
Thank you again for your patience and stay tuned
...
We are excited to announce a new Engineering Blogs section on LIVEcommunity, exclusively curated by Palo Alto Networks engineers!
This dedicated area will be home to technical posts about Palo Alto Networks innovations to build scalable and reliabl
...
Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature
...
Hello
this may sound like a stupid question but i could not somehow find a definitive answer to this in the PAN OS Guide:
We have to configure a 3050 iun multi-vsys configuration. We would be needing 2 interfaces per vsys and we wil be having 2 vsys
...
I have a question regarding Zone Protection on Zones in a shared gateway. Is it supported. When I try and configure it it seems to be valid configuration. However as a shared gateway does not generate logs where do the the ZP logs go? Also when I
...
We have a setup with a primary PA firewall 1 that pass through Globalprotect VPN traffic to a second PA firewall 2. We've seen sporadic connection problems when connecting a Globalprotect client. Sometimes it can spend up to 2 minutes to establish th
...
Hi all
I was wondering if there was a way to restrict who can install the GlobalProtect client ?
As an example, at the moment if any user launches the gateway page can download and install the client on their own computer albeit they need an active ac
...
I had configured SSL decryption on PaloAlto VM-50 before 6-7 months ago. There was working normally till today. Today some users get below error when they want to enter site. There is shown “decrypt-cert-validation” message on PaloAlto traffic logs.
...
Just mainly need direction on where to go with this. We have 2 PA5050's in our environment and no test network for the main network. We do however have a new test satellite network where some of our DB's and others want it to have access to live envi
...
I'm working with a vendor to setup an IPSEC VPN but we have an overlapping host address. My side has a PA500 and their side is a Sonicwall.
Palo Alto Side:
Source server: 192.168.100.20
Their Server: 192.168.100.85
My server NAT address: 10.0.0.20
Thei
...
Hi, can someone help me? I have PA-3020, about 900 security policies, about 50 vpn tunnels (low traffic), I noticed high memory usage , What could be the reason for this? How can i relaease this?
soft: 7.1.4-h2
Cpu(s): 0.5%us, 0.5%sy, 0.0%ni, 98.8
...
Is there a way to tell if a service is being used? I am trying to verify that the services the migration tool lists as unused can be deleted. It might be enough to go by what the migration tool says but I usually like to verify it a couple different
...
Oversized MS NPS radius response for EAP authentication request is dropped from the Firewall.
Is there any solution on this? Customer do not want to make any adjustment or modification from the server end.
Apart from enabling Jumbo frames and "adjust
...
Hi Guys,
I am struggling to find a solution for one request that I have from customer. We have VM-300 with PanOS-7.1.6 and customer wants to enable Global Protect for remote access users. The tricky part is that for the split-tunneling configuration
...
Hi
is it possible to decrypt SSL connections that use client certs. I'm guessing not.
Thought I would double check.
A
I got a health check report and according to it I have a least one any in every single rule I have on my firewall. I was just curious if anyone has been able to have at least one or more rules with no any's at all.
Hello,
I want to change the log retention on MineMeld.
It looks that the default configuration is 7 days. I was not able to find where to change this parameter.
Can you please help?
Hi, So im having difficult with a source nat to Internet.. My goal is to route traffic between two vlans in my cisco 2960x switch and let palo handle the rest.. The problem is that the source net arrives to the palo on the wrong interface (well its e
...
reaper
on:
GlobalProtect Android version 13 issue
reaper
on:
Replacing PA-5220 with a PA-3410 and need the best practice to migrate over configuration
aleksandar.asta
aleksandar.asta
reaper
on:
DNS Security cloud query timeout.
reaper
on:
cli "show" match case insensitive and pipe
Raido_Rattameis
