Type: INNR in session id detail.

Hi team,

What does INNR represents in type when looking at the session ID details.

I know that this happens at child session, when parent session ID belongs to the HTTP/2 ID.

If you guys have any idea about what INNR represents, let me know.

Mgmt Traffic over VPN

Hi All,

  I am looking to deploy a few (4) PA-440's into the field. What is the best way to configure my remote firewalls to send MGMT traffic 3.3.3.3/24 (using loopback) over a vpn to central firewall to pass along to panorama MGMT (10.10.10.10/24

jQuery vulnerability on management interface of PA-3220

Hello all,

Our customer is currently using PA-3220 running PAN-OS 11.1.
During their recent vulnerability scan, the following CVEs were reported that jQuery used on the Web management interface;

CVE-2018-8046
CVE-2007-6758

Questions:
1. Do these v

spanning tree portfast for cisco to palo links

I am moving some palo interfaces to a new cisco switch. 

What is the recommended spanning tree configuration on both palo and cisco sides when connecting these devices?

PA(config-if)# spanning-tree port type ?
edge Consider the interface as edge por

wrong traffic matching rule

Hi this maybe a simple or dumb question, but I have a rule shown below that has specific sources defined. I thought the rule would only match on those host listed in the source, but when looking at the logs, I can see other source IP's are matching o

palo alto firewall slow performance

We are Facing palo alto firewall slow performance issues. 

Adobe Creative Cloud update and PaloAlto Content-ID

Hello,

We have several of our users that are using well-known Creative Cloud client to download/manage/update/upload/assess/enhance/whatever their wonderfull Adobe softwares (Aftereffect, DreamWeaver, ...)

We have a PA with application-based policies

PAN-OS 11.2.8 ETA

Hi All,

i would like to know the ETA of the PAN-OS 11.2.8 as per last PA TAC mention that the 11.2.8 tentative release date of june 25 

but so far no info of the release yet 

this is to fix for GUI display issue with SAML SLO url.

thank you

Advice on dual isp, getting dns to work

Hello all,

I currently have a PA440 and I have 2 isp's, ATT and comcast which will be our backup and it's my 1st time setting this up, we are a small business of about 80 users, I already followed how to configure dual isp redundancy on the links pro

Moving an AE1 OSPF transit link into another AE port what changes will be required?

Hi all, 

I am looking to move an existing AE1 interface which operates as an single OSPF transit to another AE3 port with other sub interfaces also configured.

What changes should be completed and considered when doing this to retain network connec

PA-820 Support renewal

Hi All,

Our current PA-820 support is due to expire in October, so I requested a renewal quote, and our vendor is stating that paloalto is declining to extend support. Has anyone had similar feedback from resellers and or paloalto regarding their n

Palo Alto Kerberos for sso

Anyone hit the same issue before?

2025-08-16 20:35:38.768 +0800 debug: pan_auth_cache_get_authprof_info(pan_auth_cache_authprof_n_authseqprof.c:218): prof "KRB-SSO", vsys "vsys1" (method: Kerberos pre-auth) has sso hash table id: 1 (0 means no or inv

prevent-brute-force-attacks

Hello Everyone

I am looking for suggestions on how we could protect our GlobalProtect VPN. We have been seeing people trying to perform brute-force attacks on random user accounts daily. We do have MFA set up, but is there any automation we could i