General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

PA-820 Firewalls Won't Come Back up After Upgrade to 8.0.7

I have two PA-820 firewalls that won't come back up after upgrading to 8.0.7. We have power-cycled to no avail. Support doesn't really have any answers beyond that at this point. We also upgraded an 850 that was fine. Any help?

Resolved! NAT Security rule

I'm used to working on Cisco ASA and I'm having a hard time understanding why the security rule states Untrust-L3 for both the source and destination zone. Typically wouldn't that be Untrust-L3 to DMZ? Is there a specific reason for this behavior?

Screen Shot 2018-01-06 at 6.57.18 PM.png

Aws S3 application ??

Hi.
How can i permit trusted network to access S3 only?
I cant find an app for that.

DNS proxy not working

Hello,

We are currently getting resolve-fail events for DNS.

Failed to resolve domain name: after trying all attempts to name server(s): 8.8.8.8 8.8.4.4

DNS server is in loopback.2 Interface/Untrust/IP:203.44.x.x

Below are some pics of DNS proxy setti

...

A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

A wrap of our summer question leads into fall or autumn, as your preference may be, wherein we ask:

What is your favorite Palo Alto Networks feature?

Did it help solve a problem you were facing?

As a former support engineer, I always like to hear

...

Is it possible to permit SSH, HTTP, HTTPS and PING in one rule ?

I can't seem to find an application for HTTPS traffic. Is it possible to group all these traffic in one rule ?

Thanks a lot

Outlook and Global Protect

In the past when our users disconnected Global Protect, Outlook would disconnect immediately.

Seems like this no longer the case. When GP is disconnected Outlook continues to work.

I'm wondering if anyone has every eperience this before?

Thanks

Resolved! Expressway-E and C and NAT and VW

Hi,

I have deployed Expressway (cisco ToIP) E and C as per the diagram below .PA is in VW mode .

Does it work without any changes in the PA ?

Or Is there any policy must be created ?

Thanks

CLI command to get security policy for p2p applications ( allow action)

I would like to know the CLI command to retrieve info of security policies which have p2p applications left allowed.

Idea is to find out on all sites and block it.

Resolved! How to escape special characters (i.e. colon) in miner rule

Hi,

I have a rule for Panos syslog miner to block FTP brute force login attempt that is not working. I suspect this is because the threat_name has a colon in it, and is not being parsed properly. This is what my rule looks like:

conditions: - t...

Response Page Issue

https://mail.yahoo.com (web based email) and https://web.tresorit.com (online storage and backup) are both blocked via url category filter as per screen shot. But... I am only getting the response page for mail.yahoo.com.

web.tresorit.com just gets

...

IPSEC VPN Tunnel Failover and Nexus 7K VPC Design

Hello,

A and B question:

A. We have two Palos in A/S. The active has a functioning IPSEC VPN tunnel terminated to it. Is there any way to have the tunnel renegotiate to the S when it becomes A?

B. What is the proper way to design an A/S PA/Nexus 7k

...

Halloween challenge: take your shot at winning a Live Community hoodie!

In the wake of the success we had at the Live Community booth at Ignite2017, I'd like to start a new tradition and what better time to have a little fun than Halloween?

So I'd like to challenge you guys and girls of the Live community to either flaun

...

Resolved! LDAP group member enumeration problem

I am running PAN OS 8.0.7 and having a problem with getting the members of a group enumerated by the firewall.

The group is shown by the firewall in the GUI and can be added to security policies, and the CLI if I run the "show user group list" comman

...

Strange packet drop

Hello guys,

I have a PA820 in active/passive mode who has a strange behaviour. I have created a rule that permits that traffic but the device drops it. I see "allow"in the logs, but with a capture I can clearly see the SYN in the dropped section and

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

Discover LIVEcommunity Through Our New Animated Explainer Video!

PA-820 Firewalls Won't Come Back up After Upgrade to 8.0.7

Resolved! NAT Security rule

Aws S3 application ??

DNS proxy not working

A Fall/Autumn Question: What is your favorite Palo Alto Networks feature?

Is it possible to permit SSH, HTTP, HTTPS and PING in one rule ?

Outlook and Global Protect

Resolved! Expressway-E and C and NAT and VW

CLI command to get security policy for p2p applications ( allow action)

Resolved! How to escape special characters (i.e. colon) in miner rule

Response Page Issue

IPSEC VPN Tunnel Failover and Nexus 7K VPC Design

Halloween challenge: take your shot at winning a Live Community hoodie!

Resolved! LDAP group member enumeration problem

Strange packet drop

Cloud NGFW - Revert Content Update

Panorama commit warning

No "certificate used by" field when generating certs for SSL forward trust and untrust?

A question about snat address pool couse a route loop

How do I get the documentation / training for creating advanced XQL queries

Re: Exclude only communications on specific port numbers from Global Protect

Re: Software NGFW Credits

Re: Advanced DNS Security vs DNS Security License

Re: Replacing HA Hardware

Re: About API keys when using the curl command

Unlock your full community experience!

Resolved! NAT Security rule

Resolved! Expressway-E and C and NAT and VW

Resolved! How to escape special characters (i.e. colon) in miner rule

Resolved! LDAP group member enumeration problem