General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

HTTP OPTIONS Method

Hi,

I am getting contionous 'HTTP OPTIONS Method' - alert
What is the reason for this

If I have multiple vulnerabilty profile ,I want to exclude this from one of the profile or one of the ip
(I want to ignore this vulnerabilty checking in a profile or ag

...

cookie size

Hi,

Is there something settings related to 'cookie size' in pa

Thanks

Resolved! Path Monitoring Group Name field will not save?

Hi folks,

Another HA question, but seems like could be an easy one.

I have one test PA-200 OS 6.1.4, enabled HA (for practice), created a Link Group, and now trying to create a Path Group.

However, when I type in a name and click off of it, press ente

...

IPSec Tunnel PAN to Cisco ASA - matching for phase 2

Do the proxy ID's on the pan side have to match the ACL defined crypto domain on the ASA? That is - suppose on the PAN side you had for phase II of the tunnel 192.168.1.0, 192.168.2.0 and 192.168.3.0 while the ASA side had only 192.168.1.0 and 192.16

...

Resolved! It's time to allow verified PAN customers to change URL categories for specific websites

Long time PAN Customer with huge PAN deployment, we have a very large user base and get multiple website blocked requests daily. We block Parked and Unknown domains for security purposes, it's worth it. However, there's a large amount of new websites

...

Resolved! IPSEC site-to-site; passing ICMP only.. no other protocol (TCP/UDP)

I have an IPSEC-to-SITE.

IKE Phase 1 and Phase 2 are good/live.

Tunnel interface in right zone. Routes fines.

Policy defined (app: any, service: any).

I can see the policy being hit when I generate icmp/pings. And can get to the proxy id's/subnets on o

...

API or script to report bad URLs to PAN?

Is there an ability to post bad URL reports to PAN in an automated/scripted fashion?

I know the report site exists (https://urlfiltering.paloaltonetworks.com) but it requires a captcha. My goal is to write a script which takes in a (phishing) URL as

...

Report issue - incorrect data

Hi All,

i have a problem: when my customer generates reports there are problem with data, i see that the usage in one week is less than the sum of two random days in the same week.

example:

Week report: 450.5 G bytes

Day X: 588.3 G bytes

Day Y: 262.0 G b

...

Recommended MTU for GlobalProtect Gateway

Hello,

We’re experiencing slowness from global connect clients located offsite back to firewall (i.e. 5MBps). Without the VPN client, the user can get up to 60MBps.

What is the recommended MTU settings for GlobalProtect Gateway/interface should be se

...

Resolved! URL log forwarding to syslog servers, but not all informational threat logs.

we need to forward url filtering logs from PaloAlto to syslog server ( similarly from Panorama to syslog server.)

To do this we need to to forward the Threat "Informational" logs ( generally url filtering logs are part of threat "informational logs

...

URL Filtering from Internet Traffic to Internal Websites

Been doing some searching but havn't come up with anybody doing this and if it has other problems / security ramifications I'm not aware of.

My problem:

We have an employee that is no longer working at our business but there personal computer at home

...

Resolved! HA Configuration question?

Hi folks,

As I prepare for my first HA configuration next weekend, have at least one question today.

I understand from reading that the configuration will copy over to the second passive firewall over the HA1 link.

Does that include everything? Certi

...

Resolved! Destination NAT vs Source NAT with Bi-directional?

Hi folks,

I am reading several articles about NAT types and bi-directional.

I have a test going, but confused about how my web server is translating its source address when replying.

I thought that I would have to create a bi-directional NAT rule to g

...

Resolved! Minemeld updated and now I am getting cert errors on some sites

After the minemeld update, feeds that I added myself (Zeus tracker, ransomwaretracker) now have a cert error. I have attached the error message.

Mike

Palo Alto Updates not passing through another PA firewall

Network setup:

PA3020 E1/2-->E1/1 PA500 E1/2-->Internet.

In PA3020, we have configured the service route to paloaltoupdates through e1/2. Then traffic will reach pa500 e1/1 which will be routed to internet via e1/2. PAT configured on e1/2 which will

...

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

HTTP OPTIONS Method

cookie size

Resolved! Path Monitoring Group Name field will not save?

IPSec Tunnel PAN to Cisco ASA - matching for phase 2

Resolved! It's time to allow verified PAN customers to change URL categories for specific websites

Resolved! IPSEC site-to-site; passing ICMP only.. no other protocol (TCP/UDP)

API or script to report bad URLs to PAN?

Report issue - incorrect data

Recommended MTU for GlobalProtect Gateway

Resolved! URL log forwarding to syslog servers, but not all informational threat logs.

URL Filtering from Internet Traffic to Internal Websites

Resolved! HA Configuration question?

Resolved! Destination NAT vs Source NAT with Bi-directional?

Resolved! Minemeld updated and now I am getting cert errors on some sites

Palo Alto Updates not passing through another PA firewall

How to install a Cortex XDR agent communicating through the Palo Alto Networks Broker VM?

Are there signature release for following vulnerabilities?

Importing list of Blocked IP's and URL's into EDL

Replicating vSwitch NIC status to a NGFW VM (ESXi)

Deep Packet Inspection and SSL Certificate

Re: Are there signature release for following vulnerabilities?

Re: OS Upgrade path to 10.2.10-h9

Re: Regarding Security Advisory CVE-2024-3393

Re: Anyone experiencing slow websites with PANOS patched for CVE-2024-0012/CVE-2024-9474?

Re: receive incoming errors / 'rcv_fifo_overrun'

Unlock your full community experience!

Resolved! Path Monitoring Group Name field will not save?

Resolved! It's time to allow verified PAN customers to change URL categories for specific websites

Resolved! IPSEC site-to-site; passing ICMP only.. no other protocol (TCP/UDP)

Resolved! URL log forwarding to syslog servers, but not all informational threat logs.

Resolved! HA Configuration question?

Resolved! Destination NAT vs Source NAT with Bi-directional?

Resolved! Minemeld updated and now I am getting cert errors on some sites