QOS Not Working Propely

Hi Friends,

We have a customer experiencing issues with QoS. After enabling QoS, a noticeable reduction in internet bandwidth was observed. Although QoS was configured correctly, the bandwidth dropped from 25 Mbps to 14 Mbps on a 30 Mbps link.
To te

PCI Compliance - 86476 Web Server Stopped Responding

First time in years, getting this failed result to a PCI scan. 86476 Web Server Stopped Responding.

Their tech suggests it has something to do with my PAN WAF/IDS and they have a bunch of IP addresses/ranges that I can whitelist. I find this odd as

I cannot delete a virtual wire interface

Hello,

I've already looked at similar topics here, but it did not help me.

I'm supposed to set up a DHCP server on ethernet1/2 and to do it, I need to set up ethernet1/2 as a layer3 interface on the CLI first.

Initially, I tried these commands:

Moving interface configuration and sub interfaces to another interface on same firewall

Hi,

I want to move all interface from a 1gb port (1/2) to a 10gb port (1/8) what is the quickest way to do this. Is there a bulk move or clone interface option within the GUI?

Model PA-5220

Software Version 10.1.14-h10

Not using Panorama. Have just

upload and download speed issue

Hi,

We are using PA820
i have a isp connection of 700mps up/down.and i have an internal server that can access from public and the domain is pointed to the public ip.the internal server is in my dmz zone and isp is in untust only untrust interface is

Problem with dynamic update Failed to download file

Hi,

I have a problem with dynamic updates. I see new content version or antivirus, but I cannot download it with message Failed to download file.

Ping to updates.paloaltonetworks.com and downloads.paloaltonetworks.com is working.Service route is Us

TACACS authentication with Cisco ISE not working

Hello, I would like to ask currently I have two firewall that needs to be configure TACACS. One of the firewall is working fine and I'm able to login using my credentials from ISE. However, another firewall is not working for the TACACS authenticatio

HA Failover Issue on PA-3420 with AE LACP – Both Nodes Active (Split Brain ?)

We’re experiencing a critical issue with our HA setup on a pair of Palo Alto PA‑3420 firewalls running PAN‑OS 11.1.6‑h3 in Active‑Passive mode (HA Group 25, preemptive disabled). Both firewalls simultaneously believed they were active, causing a comp

URL access issue

we have one legal category url where it’s not working checked on palo and found no return traffic .So palo support told need to check with upstream as we didn’t find issue on our azure too as we use azure public IP.As we don’t manage any CDN we don’t

Failed to send CHAP authentication request:

admin@PA-(active)> test authentication authentication-profile ISE-TACACS username XXXX password
Enter password :

Target vsys is not specified, user "XXXX" is assumed to be configured with a shared auth profile.

Do allow list check before sending out a

Firewall suddenly stopped reading EntraID groups from CIE

We have been using CIE for about half a year now for a spesific usecase where we use som groups that are maintained in Entra ID to control network access, monday we were made aware that that access did not update for new users.

CIE does have the co

Stop Connect "On-Demand" after "Pre-Logon"

Hi !

we use the pre-login feature with client cert logon - this work quite good. after logon we would like to connect on demand with saml login. we made two configs, one for prelogon and one for the user, both with prelogon:

At the moment if you l

Alerts in AIOPS Still Exists

Hi community,

I have a critical alert on CVE Vulnerability on our firewall. However, after performing the PANOS upgrade to the version that patched the CVE, the alert is still showing in AIOPS.

So, my questions are, shouldn't the alert disappear