Authentication Fallback

Hello,

So, we currently authenticate administrators to our PA's via Radius (TACACS).  Is there a way to configure the PA's that it will only use the local DB / Administrators if Radius isn't available? 

Thanks!

Rule hit count or unused rule in custom reports or CLI

There are no fields related to rule hit count or any way to identify unused rules in Panorama custom reports. Is there a way to get a consolidated view of unused rules across all device groups at once and not just through the policy page per device g

PA5410 Version 10.2.4 not allow to set offload to true

Hello
We are detecting sporadic CPU spikes on a FW 5410 version 10.2.4 , the average is fine however, we observe sporadic spikes of 95% 96% ...100%. Before with the old FW model we did not have this problem and we have not changed any configuration.

W

EDL Hosting Service - Difference between any, allow, default, optimize

Hi,

Can someone explain the differences between the any, allow, default, and optimize lists? 
The explanation in the Palo Alto documentation is quite vague on this matter.

We're looking into using this to filter o365 access, but unsure which list to

TCP-RST-FROM-CLIENT and TCS-RST-FROM-SERVER

Hi All, 

As captioned in subject, would like to get some clarity on the tcp-rst-from-client and tcp-rst-from-server session end reasons on monitor traffic.

Even with successful communication between User's source IP and Dst IP, we are seeing tcp-rst-

SNMP Looking for a Table on 5020's that shows VPN tunnel status

We have a VPN tunnel and would like to know if there is an SNMP table that can be polled for the status of the tunnel being up or down. 

We are aware there are traps that provide update when the tunnel goes down.

However, we are looking to establish

PAN-229942 fix version 10.1.12 and 11.2.0 release estimation date

Hi Support,

we recently upgrade PAN-OS version 10.1.10-h1 but encounter issue error message "timed out while getting config lock"

then we have confirm with Palo alto TAC engineering team that this issue cause by bug PAN-229942 and the fix version P

Support account with personal email?

Purchased a 440 lab unit for my personal lab through my previous employer who is no longer in business (and inaccessible email) so I need to now register it with my own personal email but am having trouble. Trying to study for PCNSE after getting my

Upgrade VM-Series model - VM100 to VM300

Hello.

I have as a goal to upgrade the palo alto firewall from VM100 to VM300.

I am in a process of understanding the process, so I am wondering if I could get some assistance from this forum.

Thank you in advance.

Going through the guide

Upgrade

Cloud Identity Engine

While attempting to synchronize an on-premises server with Cloud Identity Engine, we encountered the following error

Confirm the domain name configured on the agent matches the Canonical Name of the domain controller to ensure Cloud Identity Engine

VPN Site-to-Site Private IP and Public IP

VPN Site-to-Site Private IP and Public IP

Good afternoon everyone, is it possible to set up a Site-to-Site VPN between a site with a Palo Alto Private IP and a Palo Alto Public IP.

Site Privado: PaloAlto---IpWan-192.168.1.254---Router/Modem--------Inte

SD-WAN Hub and Branch PANOS versions

Is there a requirement for PANOS version to match for SD-WAN or for the Hub site to be of a higher version of PANOS.

Example: Hub is on version 10.2.4, Branch is on 10.2.6

Would there be any issue with this?

GP stops working when ecmp is enabled

We have Palo Alto firewall with three Internet links. One is a leased line and other two are ADSL links. I have configured ECMP on the two ADSL lines to load balance traffic on the two ADSL links. Global Protect is configured on the leased line. I ha