TCP fast open and Palo Alto

as far as I could test there is no way to make TCP fast open work through a Palo Alto fw (at least, since  9.1 which seemed to work. It tried 10.2 and 11.2 and all my tests fail there).

Whenever a client sends a SYN packet with data, it is transmitte

Whatsapp traffic cannot recognize in PA for iPhone user.

Recently iPhone users only facing in WhatsApp "connecting" message, User could not send a message and make a call 

on corporate wireless network But, working in mobile network.
It was working before, day by day users facing this issue is increasing.

Extending VLAN through IPSEC + GRE

I am trying to extend the VLAN from main site to branch site using a combination of GRE and IPSEC.

Below is a quick representation of the architecture, the objective is to enable remote communications between the main and the branch sites for all d

VM-50 discontinued?

Hi,

We have a VM50 firewall in our business for 3yrs and have been told that the VM-50 is no longer available? As such, we need to get a VM-100 licence. Are there any other options? - since the cost is double?

Thanks

Remove Device Certificate

We would like to remove the device certificate from a couple of our firewalls.  We don't use or need the device certificates at this time and would prefer them not be installed.

I tried to do a factory reset and the certificate automatically downlo

SysLog setup not working

Hi,

I am using PA-2050, with PAN OS 4.1.3.

From few days I am trying to configure the syslog to be sent to a central logging system. I followed every possible documentation, but I am not getting any syslogs coming to the syslog server.  I tried on sys

GlobalProtect Split DNS configuration

I'm looking to configure split tunneling and DNS in the following way:

If the DNS request is from a defined list, send the query to the tunnel DNS servers, if not, send through local adapter DNS. If the resulting reply contains an IP in the defined

checkpoint R77.30 to palo450 migration

I plan to migrate checkpoint R77.30 firewalls (40 firewalls) to Palo450 devices. checkpoint is configured in a full mesh fashion. Can someone share some ideas on the SD-WAN configuration that is required between all Palo Firewalls, with the Palo back

Troubleshooting Panorama Push - line:51: syntax error [}]

When trying to commit to a ngfw from panorama I am getting this error. I have turned on debug for configd to try and find what specific setting has a problem. No luck getting more information. I have double checked every setting and variable for some

Syslog in Panorama Policy

Hi All,

We have multiple firewalls managed by Panorama. We have single Template managing these firewalls.

There are local Syslog configs done on each firewall as logs is being pushed on different ports. But now we have multiple rules configured in Pa

Palo alto GUI is crashing on chrome browser 125.0.6422.0

I am experiencing an issue where palo alto GUI is crashing on chrome version 125.0.6422.0 when you click on monitoring . This issue noticed in panorama and NGFW with different versions.other chrome version it works fine

Disable and re-enable the 2FA for GP VPN connections

Dear community,

What is the best way to  temporarily deactivate 2FA authentication for Global Protect VPN SSL connections and enable authentication solely via LDAP server by entering the username and password, we aim to seamlessly reinstate the 2FA a

Application Command Center (ACC) - Source Regions Map not working

Hello everyone,

not sure about this, but my Source Regions map in ACC is not working, not showing up anything, no colours:

When I over over the countries it will just be shown in orange, but I can't click or do anything. Also all countries a

Feature Request List

Hi community

In a lot of topics there are discussions and questions about PAN-OS enhancements and missing (not yet implemented) features. So far the PaloAlto Feature Request list isn't available to the public but in a lot of these existing topics f

Cortex XDR

Hello, Is there any possibility that the customer may utilize Cortex XDR agent in two domains, taking into account that first one has tenant id, the other doesn't?

Thank you in advance.