Mulit-Vsys setup with Wildfire

Hi Friends,

We are planning for a multi-vsys PA setup, where one vsys will have only L3/L4 policies and second vsys will be in L2 bridge mode with Threat prevention features only.

Vsys1 will only scan L3/L3 policies while vsys2 will scan traffic fo

advanced url filtering question

https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/datasheets/advanced-url-filtering

how can i configure the firewall with Advanced URL filtering license to protect the following item

> Antievasion

Prisma Cloud Integration with Oracle cloud (OCI)

We are trying to integrate oracle cloud (oci), Looking for documentation

A very weird Behavior on SIP traffic traffic reversing back to the same egress interface

Hello everyone , im seeing a very strange behaviour in my pa-445 version 11.1.4-h7 firewall , where i have an interface on the firewall which is a gateway to my voip devices , the same firewall connects to the voice server through an ipsec tunnel int

PA-VM sysd_construct_sync_importer

We got a customer that runs into this issue recently, it's a known issue (not public) for versions 11.0.0, 10.2.3, 10.2.2-h1 (and also to us 10.2.3-h2, 10.2.2-2).

When you run into this, means that there's a hardware issue, please go to TAC in order

When will PAN-OS start supporting modern SSH ciphers?

I'm running PAN-OS 11.1 and an Ubuntu 24.04.1 server which runs OpenSSH 9.6p1.

I had to tune my sshd_config to support really ancient stuff like aesXXX-ctr and hmac-sha1 just to allow for SSH decrytion...

Please Palo Alto update the supported ciphe

How to create ACLs for access to AWS workspaces (EDLs don't cover all IPs)

I need to create ACLs for outbound access to AWS workspaces using the destination IPs / subnets / FQDNs shown on AWS publication https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html#ip-address-regions.  

PAN pu

PaloAlto Passive Firewall Monitoring in HA Setup

Hi everyone,
Greetings!

I’m currently using OpManager to monitor a Palo Alto firewall in an HA Active/Passive setup, and the Link State of the interfaces on the passive device is set to auto.
While OpManager is able to correctly pull interface details

Replicating vSwitch NIC status to a NGFW VM (ESXi)

Greetings all,

I wanted to see if anyone has successfully replicated the status of a host NIC attached to a vSwitch to a Palo Alto NGFW VM in ESXi 8? 

Right now, all ports always remain up because the virtual switch they are attached to remain up. I

EST Enrollment over Secure Transport

I use certificate based IPSec VPN Tunnels that rely on Certificates.  The Certificate Authority i use supports EST to allow for automated enrollment similar to SCEP.  Is there a way to configure Pan-OS to work with EST instead of SCEP?  I have not be

unable to open a case

I have a new support account, but there appears to be a problem.  URL is https://support.paloaltonetworks.com/Error/Error.

I need to open a case for a critical issue.