This Nominated Discussion Article is based on the post "Move Firewall to New Panorama " by @securehops  and answered by Cyber Elite @TomYoung

This Nominated Discussion Article is based on the post "Cant Download Panorama for esx ova".

This Nominated Discussion Article is based on the post "Adding a firewall back into a AP cluster that has outdated network and device settings" by @AlanDeBoer   and responded to by @Raido_Rattameister. Read on to see the solution!   Hi All,   I'm curious if anyone can provide an article or just some basic steps of adding a firewall back into a AP cluster that has "outdated" network and device settings.   Firewall-02 was moved to a new location and has a new IP scheme for the network and device settings. Firewall-01 will be physically moved and needs to rejoin the cluster, but it does have outdated IP settings.   I'm assuming the first step is to power up 01 without any copper/fiber connected and console into 01 and update the device management IP first. Solution:   Step 1 - Take config backup from both firewalls (Device > Setup > Operations). Step 2 - Make sure that "Device Priority" of Firewall-02 is lower than Firewall-01 to make sure Firewall-02 stays active firewall. Step 3 - Cabling (at minimum HA1 cable). Step 4 - Click "Sync to peer" in Firewall-02 (Dashboard > High Availability widget).   If you click "Sync to peer" on Firewall-01 you will push old nic scheme from Firewall-01 to Firewall-02 and your network will go down!   In addition, mgmt IP change as you pointed out.

  This Nominated Discussion Article is based on the post "Palo Alto integration with Azure Sentinel" by @ShailUpadhyay  Read on to see Cyber Elite @PavelK's recommendation!   Hi All, We are currently working on setting up the Azure Sentinel for our environment and Integration of PA firewalls with Sentinel is our top most priority.   However we need to understand what will be the best approach for integration.   Should we integrate independent firewalls with Azure Sentinel or Panorama with Azure Sentinel or both firewalls and Panorama with Azure Sentinel ? Also what factors drive this decision. Any leads will be helpful   Thank you  Recommendation:   Hello @ShailUpadhyay   in our case, we have been using following scenario for about 3 years:   Logs are sent from Firewalls to Panorama, then from Panorama to logstash, then from logstash to Sentinel. We never really run into any issue. The only issue we came across once was we started to see a log loss between Firewalls and Panorama which naturally resulted missing logs in Sentinel. This was eventually resolved by adding additional log collectors in log collector group.   Personally, I believe that having all Firewalls to send logs to Panorama and then let Panorama to send all logs to Sentinel has many benefits. For example: ease of management or ease of troubleshooting as you have only one place to look into.   On the other hand if you have many firewalls with a high log volume, then you might hit ingestion rate limitation of Panorama where Panorama would be a bottleneck (This of course depends on Panorama model and log collector design). In this case having Firewalls to send logs directly to Sentinel would be a better option.   Having both Firewalls as well as Panorama to send logs to Sentinel would be the last choice that I would preferably avoid. You will end up with log duplication.   Kind Regards Pavel 

New End-of-Engineering (EOE) and End-of-Life (EOL) dates for the GlobalProtect App 5.2.X releases for Windows and macOS.

This article is based on a discussion, Panorama Issue - cannot edit an interface on a template stack, posted by @Kai_Ulrich  and answered by the Support Team. Read on to see the discussion and solution!     I cannot open/edit anything in a template stack under template->network->interface  Zones and other things in the stack are working fine but if I click on an interface e.g. ethernet1/1 the window for the interface is popping up for some milliseconds and is closing directly.   Ive tested serval browsers on serval computers - restarted and updated panorama. the editing on a template works well:   but not on a template stack (all stacks)     As panorama admin everything is working. The problem is only happen when I use a user with the type "Device Group and Template Admin"     Ive created a user with the type "DeviceGroup and Template Admin" and one access domain and one admin role. in the admin role Ive enabled everything for the WEB-UI excluding panorama, save for other admins and commit for other admins but the network part is completely allowed.   The template and the stack re also included   I m using Panorama 10.0.7 (same problem was also with 10.0.6 and 10.0.5)   i couldn't find anything on the internet and just don't know what to do. i've been despairing about this problem for a very very long time. Maybe someone can help me , maybe it is a really stupid configuration issue. but i cannot find it. i played a lot with the rights but only as panorama admin it works in the stack.   Thanks a lot! Solution:   Hello @PavelK ,   here the answer from Palo Alto:   I would like to update that we have been able to replicate this issue in our lab. It seems as if the concerned issue is only observed for the DG&T admin when SDWAN plugin is installed but not configured on Panorama. We are discussing this internally if it requires another code change or the aforementioned change in 10.1.3 should be sufficient. Meanwhile, since i see that the SDWAN is not configured on this Panorama, as a workaround we can remove the SDWAN plugin from this Panorama if acceptable. I've uninstalled the plugin and it works