External DNS resolution for specific domains

Hello, 

I am trying to look for a solution to an issue we have whereas we don't want to add routes from Azure (via ExpressRoute) to an on premise for public IP's for which Azure devices need to connect to via a Palo Alto firewall and across a VPN to

Remove Multiple Saved Config files from CLI?

I recenlty received an alert for /opt/pancfg at 80% full.  It looks like there must be a bug in a PAN-OS version that seemed to be saving off configs every hour, with a random naming convention of "5rkswfabcbep_5syszjl7hw0j.txt" There are hundreds of

Global protect enforcer and public wifi captive portal

Dear community,

We have deployed Prisma access Global protect [agent 5.2.9], enabling network enforcer and captive portal detection [ 10 min timer and captive portal message].

We are experiencing mixed results with users getting an error web page when

FTP Inbound Decrypt Issues

Ok, I'm at my wit's end with TAC.. after 7 months of explaining the issues, collecting logs, and then starting over when a new agent takes the case, I'm hoping the community can help me.

I've had inbound decryption set up for our FTP server for some

Allowing PIA VPN in home network

Hi all,

Quite new to managing NGFW, please be patient.

I have PA-820 looking after my home network, no domain, few computers, using it to learn more than anything else, but since I have it want to use it fully.

I want my Private Internet Access VPN to a

MGMNT Slow and Serching logs slow and Syslog server issue.

Device Model: PA-5220 HA Mode Active-standby

PAN-OS 10.0.0

The questions below as I couldn't find anything on Palo Alto website.

Recently we have upgraded Palo Alto to v10.0.0.

1. Web management interface became very slow and searching logs takes very

Palo Alto Firewall VM

I have installed a Palo Alto Firewall VM trial version. Now whenever I have tired to login / after successful login it is suddenly going to runlevel 0 and shutting down.

Dual ISP VPN failover with single VR

Hi All, looking for some assistance to configure VPN failover for DR/BCP.

I've attached a basic diagram below

Currently, static route monitoring is set up on the outside interfaces of the firewalls at Site A, so if upstream from Site A ISP 1 fails Si

Palo Alto - Barracuda IPsec VPN problems

We've a IPsec-VPN IKEv2 between Palo Alto (10.0.7) and Barracuda (8.0.5-0341) with 10 IPsec tunnels, one VPN-tunnel per subnet-pair, on Palo side "proxy IDs".

At least once every day, some of these ipsec-tunnels go down and can only be forced to come

PAN-PA-5220 Purchase

Dear All,

I am planning to purchase PA firewall 5220 for our Datacentre. and came across below model

I am not mistaken then I need to purchase PAN-PA-5220-DC i(f DC power supply) and PAN-PA-5220-AC ( If AC power supply)

However I am clueless for what

IPSec Tunnel fails after 1 packet

Hi Guys,

We have a number of Palo Alto firewalls at our satellite sites configured in a Mesh VPN.

Site A, Site B, and Site C (Internal) all work successfully.

Site C DMZ can establish a tunnel to all the other sites, however as soon as the VPN is used

Log Forwarding - multiple instances of same catgory?

In Log Forwarding Profile I have URL Filtering/All Logs going to a log collection server. 
But for URLs of a phishing category I want those to be emailed. I tried to do this by 

creating a second profile match list profile URL Filtering/phishing. But