General Topics

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series, which covers the following topics:

Customer Support Portal Overview
License Management
RMA Best Practices

Dive into the three-part Fuel Workshop video series and learn how to efficient

...

Ensuring a Safe and Secure Community: How You Can Help

Dear LIVEcommunity Members,

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Map any TACACS+ user to local account

Anyone aware of how to map TACACS+ accounts to a single local account? For instance, I have my ACS server using AD for its user database. I created a policy in ACS to allow access to the PA if they are in a certain group. When I want to give someone

...

Resolved! DoS Protection

How do I go about triggering and monitoring DoS Protection in 7.1.5? I cannot find anywhere in the GUI to help me with this.

How to Safely Enable/allow Skype (URL filtering)

To allow skype you need to allow next applications in security rule:

Next step you need to make URL filtering profile. Deny any categories. But allow next URLs:

mobile.pipe.aria.microsoft.com

*.microsoft.com

*.skype.com

ocsp.msocsp.com

login.live.com

auth.g

...

Resolved! Migrate Config between PA-500 and PA-2050

Hello,

we own a PA-500 Firewall but are some Versions behind in the OS. Now we want to update it but got an downtime estmiate from our local Palo-Alto vendor from 8 hours. (From Version 5 to  Since we have some 24/7 Callcenters in house that's not a

...

Resolved! OCSP is incorrectly spelled OSCP in the documentation

C'mon guys, really?

https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/authentication/deploy-shared-client-certificates-for-authentication

https://www.paloaltonetworks.com/documentation/80/globalprotect/globalpr

...

Qos profile

Hi ,

In the above which class will get high priority ?

Thanks

Considering Buying Palo Alto 800 Series

Hi All,

I would like to request assistance from anyone who has had experience with different firewall vendors and currently is a Palo Alto firewall user as I'm not a firewall expert whatsoever.

I'm considering buying a Palo Alto 850 Series firewall o

...

GP upgrade beyond 2.2.x

Hi,

I'm running GlobalProtect 2.2.1 on PANOS 7.0.7. I'm preparing to upgrade to 2.3 (and beyond) to finally support some newer client devices. This caveat in the 2.3 release notes made me pause:

If your GlobalProtect 2.2 or earlier release configura...

Is Decryption needed without URL filtering?

Hello.

We currenly have a Palo-5050 v7.18 doing firewalling and URL filtering.

We have SSL decryption enabled.

Because Palo does not support transparent authentication using Chromebooks and because we do not like the Palo URL reporting, we are looking

...

Captive Portal & Identifying Guests?

Hello,

We have a guest network with a constant rotation of mobile phone users. Is there a way to collect some information about who these devices belong to, such as forcing the user to enter their e-mail or company name? Perhaps using the Captive port

...

Configure DNS Sinkhole with multiple IPs

Hello,

I found this instruction https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891 which is great but how do I create the Anti-spyware profile for multiple IPs? I'm hoping I don't have to create one

...

Global Protect for Patch Management

Can global protect be used to do HIP checks on servers for patch management?

Resolved! Flow basic

Will a debug flow flow basic show me if Im actually raching destination server? What I mean is if I have a server that is used for BAS_Filer mounts will it show me that Im not mounting to destiantion server that does the actaul mount? I know the pa

...

app-id for amazon video on ipad?

I am using a PA200 with 7.1.7 and app version 652. There is an app-id called amazon-instant-video. After I watched Grand tour on amazon video on ipad and air play on the apple tv. I want to see how many gigabytes did I just use, I can't find usi

...

Resolved! See full list of "Config Logs"

Hey guys,

there is this "Config Logs" Widget on the dashboard of the Palo Alto 3020.

But there are only a few entries.

Is there a possibility to see more entries?

Thanks for a reply!

Discussions

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

Ensuring a Safe and Secure Community: How You Can Help

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource