General Topics

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

...

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

IPv6 Point to Point prefix

Hi,

Trying to setup a IPv6 Point to Point link between the PAN and SRX. Does PAN support IPv6 prefix like /127 for point to point connection?

(Yes I read RFC 3627 -> RFC 6164 -> RFC 6547 already)

Before any one starts about the IPv6 address space is

...

Cert key import

What is the best way to import a key for a globalprotect portal? I already have CA installed.

Some Applications not being submitted to wildfire

Hello

I am testing my wildfire configuration .

1- When I download wildfire test PE file , I get an entry under Wildfire submission log & data filtering log.
2- I intend to test if copying the PE file is also caught by wildfire , so I download a new PE

...

Resolved! VPN clients IPsec vendors

Hi,

We realised after upgrading to 7.1.8 when we access to VPN GP using CISCO VPN CLIENT (IPsec) is not working. In previous version was working.

This is the error ikemgrlog:

2017-03-30 13:11:52 [PROTO_ERR]: isakmp_inf.c:1362:isakmp_info_recv_d():

...

Map any TACACS+ user to local account

Anyone aware of how to map TACACS+ accounts to a single local account? For instance, I have my ACS server using AD for its user database. I created a policy in ACS to allow access to the PA if they are in a certain group. When I want to give someone

...

Resolved! DoS Protection

How do I go about triggering and monitoring DoS Protection in 7.1.5? I cannot find anywhere in the GUI to help me with this.

How to Safely Enable/allow Skype (URL filtering)

To allow skype you need to allow next applications in security rule:

Next step you need to make URL filtering profile. Deny any categories. But allow next URLs:

mobile.pipe.aria.microsoft.com

*.microsoft.com

*.skype.com

ocsp.msocsp.com

login.live.com

auth.g

...

Resolved! Migrate Config between PA-500 and PA-2050

Hello,

we own a PA-500 Firewall but are some Versions behind in the OS. Now we want to update it but got an downtime estmiate from our local Palo-Alto vendor from 8 hours. (From Version 5 to  Since we have some 24/7 Callcenters in house that's not a

...

Resolved! OCSP is incorrectly spelled OSCP in the documentation

C'mon guys, really?

https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/authentication/deploy-shared-client-certificates-for-authentication

https://www.paloaltonetworks.com/documentation/80/globalprotect/globalpr

...

Qos profile

Hi ,

In the above which class will get high priority ?

Thanks

Considering Buying Palo Alto 800 Series

Hi All,

I would like to request assistance from anyone who has had experience with different firewall vendors and currently is a Palo Alto firewall user as I'm not a firewall expert whatsoever.

I'm considering buying a Palo Alto 850 Series firewall o

...

GP upgrade beyond 2.2.x

Hi,

I'm running GlobalProtect 2.2.1 on PANOS 7.0.7. I'm preparing to upgrade to 2.3 (and beyond) to finally support some newer client devices. This caveat in the 2.3 release notes made me pause:

If your GlobalProtect 2.2 or earlier release configura...

Is Decryption needed without URL filtering?

Hello.

We currenly have a Palo-5050 v7.18 doing firewalling and URL filtering.

We have SSL decryption enabled.

Because Palo does not support transparent authentication using Chromebooks and because we do not like the Palo URL reporting, we are looking

...

Captive Portal & Identifying Guests?

Hello,

We have a guest network with a constant rotation of mobile phone users. Is there a way to collect some information about who these devices belong to, such as forcing the user to enter their e-mail or company name? Perhaps using the Captive port

...

Configure DNS Sinkhole with multiple IPs

Hello,

I found this instruction https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891 which is great but how do I create the Anti-spyware profile for multiple IPs? I'm hoping I don't have to create one

...

Discussions

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

Discover LIVEcommunity Through Our New Animated Explainer Video!

IPv6 Point to Point prefix

Cert key import

Some Applications not being submitted to wildfire

Resolved! VPN clients IPsec vendors

Map any TACACS+ user to local account

Resolved! DoS Protection

How to Safely Enable/allow Skype (URL filtering)

Resolved! Migrate Config between PA-500 and PA-2050

Resolved! OCSP is incorrectly spelled OSCP in the documentation

Qos profile

Considering Buying Palo Alto 800 Series

GP upgrade beyond 2.2.x

Is Decryption needed without URL filtering?

Captive Portal & Identifying Guests?

Configure DNS Sinkhole with multiple IPs

No "certificate used by" field when generating certs for SSL forward trust and untrust?

A question about snat address pool couse a route loop

How do I get the documentation / training for creating advanced XQL queries

panorama disk health

Recommend os version

Re: Exclude only communications on specific port numbers from Global Protect

Re: Software NGFW Credits

Re: Advanced DNS Security vs DNS Security License

Re: Replacing HA Hardware

Re: About API keys when using the curl command

Unlock your full community experience!

Resolved! VPN clients IPsec vendors

Resolved! DoS Protection

Resolved! Migrate Config between PA-500 and PA-2050

Resolved! OCSP is incorrectly spelled OSCP in the documentation