Newbie: VPN on PanOS 10

Hi everyone,

This is probably trivial, but I am fairly new to this so bear with me:

I would like to set up the PA firewall as a VPN server for users to connect to (ideally, using only the built-in windows client). After authentication they should have

PANOS 9.1 know issue PAN-83610 network processor

PAN-83610

In rare cases, a PA-5200 Series firewall (with an FE100 network processor) that has session offload enabled (default) incorrectly resets the UDP checksum of outgoing UDP packets.
Workaround: In PAN-OS 8.0.6 and later releases, you can persist

Maintenance mode

When we try to access maintenance mode keeping "M" press the device just stop booting and nothing appears on console. Then if I press the M after some seconds just normal boot. We also try typing "maint" but no luck

VWire Radius (NPS) via Mgmt

Happy 2022 ! 

We've just setup VWires for our branches firewalls (A/A Layer 2), no ip address on any interfaces except :

- Mgmt (routable and managed by Panorama)

- HA1-3 (non-routable address) 

Most of the device management (SNMP, NTP and etc via Mgmt

Downgrade from 9.1.12.h3 version to 9.1.9

Hi All,

I have decided to upgrade my Palo Alto 850 from version 9.1.9 to 9.1.12.h3 but after the secondary Palo Alto upgrade facing an issue where interface are not getting up so my team decided to roll back to version 9.1.9. Should my configuration

PANOS 8.0.x restart IPSEC tunnels from GUI

Dear all,

we found out that we are not able to restart VPN tunnels in PANOS 8.0.x from GUI because its grayed out and it is an expected behavior as you can see the message "Restart disabled because OK".

The conclusion is that on version 8.0.x it's no

Remote backup issue

I am trying to backup the config from a remote backup server. The backup file is generating but no config showing in the file. Instead when I open the xml file, I can see this    " <?xml version="1.0"?>  -<response code="403" status="error">  -<resul

Kerberos SSO for Captive Portal

Been working through options for gathering userID data on non-domain-joined machines lately, so here's another complete option using Kerberos (krb) SSO.

Create a user in AD (my example, username: krb.palo), check the boxes for:

• User cannot change pass

How to access Management interface through host name

I want configure wild card certificate to management interface through SSL/TSL profile. so i want to access this management interface through host name. how to  configure this on Palo alto.