QoS: only ever matches default-group

I'm obviously missing something simple here, but nothing I've tried makes a difference. Creating a QoS Profile to configure the 8 classes: works great. Creating a series of QoS Policies to classify AppIDs, URLs, users, etc into difference classes: works great. Creating multiple QoS Profiles to limit bandwidth for separate networks: nothing ...

Globalprotect SAML Auth with Azure and MFA not prompting for MFA after reconnect

Hi All, There are a few topics on this.. I read most of them still unable to resolve this.. we have panorama with managed FWs (10.2.6) and GP portal and GW setup pointing to SAML profile that integrates into Azure and Azure IdP for MFA at first logon, i was prompted for MFA and connected successfully. log off, log back in again and does not pr...

Prisma global protect

Bonjour, Lorsque l'on configure la gateway global protect sur Panorama, que doit on renseigner dans la partie " IP de la gateway externe" sachant qu'on se connecte à une gateway France North ou France south dans prisma? Pareil que doit on mettre pour l'IP du portail?

static ip with vlan

HI , I want to configure static ip on panos 9.0.x .very old demo verion on kvmwithout static ip i am able to do very basic task .my isp use pppoe , with username and passwd to login in router .when i add static ip to vlan i dont get internet ,only get dhcp address with dns but no internet ,what suppose to be static route my ip is 45.116.x.x

[INT] Alternative for Data Lake

add TWISTLOCK_CONSOLE env variable to twistcli

i am not sure if this is the right place to suggest this, but i think it will be really handy to have such an env variable i can set up in my zsh profile file (for example), and not having to write `--address $TWISTLOCK_CONSOLE` every time. similarly to how the cli handles `TWISTLOCK_USER` and `TWISTLOCK_PASSWORD`.

PA-440 cannot resolve domain names to ipv4 addresses on CLI

Hello all, Do you how to configure resolve domain to ipv4 address on CLI PA-440? I have set the setup->service-> primary DNS server, and all interface ipv6 are disable. But I ping a domain name on CLI, the resolved address returned is the ipv6 address, not ipv4.

RabbitMQ App-ID Misidentified

We have a Security Policy Rule with Application rabbitmq, and Service is application-default. In the same Security Policy Rule, we allowed the dependant applications amqp and SSL. When we test traffic, in the Traffic log, we see it matching the zones and interfaces and IP addresses as we expect, but the rabbitmq application is identified as web-...

not able to open support case

not able to open support case

Error: Total number of profiles (76) exceeds platform capacity (75)

hello everyone：What are the security documents here?Anything else?Is there any command to check how many profiles have been configured?1、url filter 2、antivirus3、anrispyware 4、vulnerability5、file block6、wildfire7、data filter8、dos

GlobalProtect Client Certificate not Found

Hi All, I am trying to demo pre-logon and am really struggling with the client certificate authentication side of things. I've generated a Root CA on the firewall which has been imported into the Personal and Trusted Root Stores of the machine.The portal is set to use this certificate via a certificate profile which has been configured.Connect m...

Global Protect switching from Pre Logon to User

Hello, We have an issue where many times Global Protect clients are not switching from the Pre Logon user to their logged in user name. Certs are deployed and Pre-logon access works. IT can remote on to troubleshoot a PC that is just at the windows lock screen. We can ensure the PC has access to WSUS for updates, etc... Obviously they have...

How to Include Line Breaks and Quotes in Descriptions using CLI Commands in PAN-OS

Hello, I'm working with PAN-OS 10.2 and need to set descriptions for various objects like address objects, service objects, and security policies using CLI commands in the set format. I'm struggling to include strings that contain line breaks, single quotes ('), and double quotes ("). Could someone guide me on how to properly format these specia...