General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 1, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

GlobalProtect Blocking specific clients.

The instructions for blocking clients are really vague on the whole 'Host ID' option. How do I find this without direct access to the client? All I have the hostname, userid and IPs.

File blocking

I have setup file blocking object but it does not seem to stop all downloads.. (Ex.. Try to download file from cnet.com it gets blocked.. If I go to adobe and download adobe reader the setup file downloads). Also is there a way to block all files exc

...

VPN implementation best practice

I have a VPN configuration and testing with my vendor during business production hours. I am new to PA, so I am just wondering if I should schedule this during a maintenance window.

The VPN implementation includes:

- tunnels

- IP addresses

- static route

...

[PA5000] I want to know about End-of-Sale of PA5000 series firewall.

Hello, I want to know about End-of-Sale of PA5000 series firewall (Hardware). I refer from https://www.paloaltonetworks.com/services/support/end-of-life-announcements/hardware-end-of-life-dates , that shown only 4000 series. And recommend software ve

...

custom miner in super fast installation

Hi,

I trying to install custom miner for minemeld by this instruction: https://github.com/PaloAltoNetworks/minemeld/wiki/How-To-Write-a-Simple-Miner, but path to ft directory in my instalation is different to path in instruction.

And the result is th

...

Resolved! VM Palo : Unable to see any traffic in traffic log under the monitoring Tab

Hi All,

I have setup a VM palo on ESXi as home lab, but i can not see anything coming up under the monitoring traffic log. I tried to change the default behavior of the implicit security policy rules at the bottom to log at both start and end but stil

...

Resolved! IPSec VPN decapsulation bytes are increasing and encapsulation is constant

Hi All,

Followed this article on teh troubleshooting session:

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Troubleshoot-IPSec-VPN-connectivity-issues/ta-p/59187

We currently have an issue with S2S VPN between Palo and WatchGuard Fw

...

How to configure TMG's FTP over HTTP

Hello all, I'm currently migrating a TMG to Palo and have come across a rule that uses the protocol "FTP over HTTP". I'm not a TMG expert so the above is about all I know of the rule - that and what Mr Google tells me.

Any idea how to configure this

...

Resolved! How to control global protect resources access by username

Hi

I want to control access to resources "for users connecting through global protect" by username level.

How to do this?

And which is better assign the tunnel interface to a new zone or to the trust-zone?

Thanks

Resolved! Palo Alto Routing Issue (Forwarding Table)

Hello Everybody,

I have several PAs for branches, we have MPLS that is connecting all our branches. We are changing our design in order to use site-to-site IPsec tunnels from each branch to the HQ. And using OSPF in our tunnel to advertise our subnet

...

Resolved! SSL VPN and IPSEC VPN sessions perpormance

Dear

Any one know the SSL VPN and IPSEC VPN sessions limit in all of the PAN platfrom model . if yes please help to give me a list about that.

Thank you so much

Resolved! Monitor Traffic Searching for Dst Subnet

I frequently use the ( addr.dst in 10.211.2.94 ) query type to search traffic in the Monitor tab of the PAN gui.

What if I was looking for any host in the 10.211.2.0/24 subnet? Is there way to have the equivilent of

( addr.dst in 67.211.2.0/24 ) or

...

Outbound Web Access _Authentication

Good Morning to All –

Thanks for reading!

I was hoping to get some feedback from the community on how everyone handles outbound web access for their users? I have an Active Directory Domain with about 300 users. We use groups from AD on the Palo de

...

Resolved! LACP from Palo 3020 Active - Passive to Cisco switch

Hi All

After some help from the Guru's.

I am trying to configure LACP between PA 3020 Active / Passive and cisco switch.

I have created the AE group interface Inside with the ip address.

I have added 2 interfaces to the AE Group on each FW.

I have create

...

Resolved! Disk usage for / exceeds limit, 95 percent in use, cleaning filesystem

Hello,

Since upgrading PA-200 to 8.0, we’re having disk space issue more often.

It seems to be due to excess logging, which we clear up.
Is there a way to automatically clear these logs once the disk hits a lower threshold?

Thanks in advance.

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 1, 2025

Discover LIVEcommunity Through Our New Animated Explainer Video!

GlobalProtect Blocking specific clients.

File blocking

VPN implementation best practice

[PA5000] I want to know about End-of-Sale of PA5000 series firewall.

custom miner in super fast installation

Resolved! VM Palo : Unable to see any traffic in traffic log under the monitoring Tab

Resolved! IPSec VPN decapsulation bytes are increasing and encapsulation is constant

How to configure TMG's FTP over HTTP

Resolved! How to control global protect resources access by username

Resolved! Palo Alto Routing Issue (Forwarding Table)

Resolved! SSL VPN and IPSEC VPN sessions perpormance

Resolved! Monitor Traffic Searching for Dst Subnet

Outbound Web Access _Authentication

Resolved! LACP from Palo 3020 Active - Passive to Cisco switch

Resolved! Disk usage for / exceeds limit, 95 percent in use, cleaning filesystem

block geo location IP version 6

Configure SDWAN with only one transport (FTTH)

Paloalto Images not available

Can I add specific port, and port range on the same Service Objects

Creating CSR with SAN via API calls

Re: Browser not prompting/selecting client cert for GP portal

Re: Mgmt Traffic over VPN

Re: block geo location IP version 6

Re: Bulk changing target device in policy set

Re: Creating CSR with SAN via API calls

Unlock your full community experience!

Resolved! VM Palo : Unable to see any traffic in traffic log under the monitoring Tab

Resolved! IPSec VPN decapsulation bytes are increasing and encapsulation is constant

Resolved! How to control global protect resources access by username

Resolved! Palo Alto Routing Issue (Forwarding Table)

Resolved! SSL VPN and IPSEC VPN sessions perpormance

Resolved! Monitor Traffic Searching for Dst Subnet

Resolved! LACP from Palo 3020 Active - Passive to Cisco switch

Resolved! Disk usage for / exceeds limit, 95 percent in use, cleaning filesystem