static ip with vlan

HI , I want to configure static ip on panos 9.0.x .very old demo verion on kvmwithout static ip i am able to do very basic task .my isp use pppoe , with username and passwd to login in router .when i add static ip to vlan i dont get internet ,only get dhcp address with dns but no internet ,what suppose to be static route my ip is 45.116.x.x

[INT] Alternative for Data Lake

add TWISTLOCK_CONSOLE env variable to twistcli

i am not sure if this is the right place to suggest this, but i think it will be really handy to have such an env variable i can set up in my zsh profile file (for example), and not having to write `--address $TWISTLOCK_CONSOLE` every time. similarly to how the cli handles `TWISTLOCK_USER` and `TWISTLOCK_PASSWORD`.

PA-440 cannot resolve domain names to ipv4 addresses on CLI

Hello all, Do you how to configure resolve domain to ipv4 address on CLI PA-440? I have set the setup->service-> primary DNS server, and all interface ipv6 are disable. But I ping a domain name on CLI, the resolved address returned is the ipv6 address, not ipv4.

RabbitMQ App-ID Misidentified

We have a Security Policy Rule with Application rabbitmq, and Service is application-default. In the same Security Policy Rule, we allowed the dependant applications amqp and SSL. When we test traffic, in the Traffic log, we see it matching the zones and interfaces and IP addresses as we expect, but the rabbitmq application is identified as web-...

not able to open support case

not able to open support case

Error: Total number of profiles (76) exceeds platform capacity (75)

hello everyone：What are the security documents here?Anything else?Is there any command to check how many profiles have been configured?1、url filter 2、antivirus3、anrispyware 4、vulnerability5、file block6、wildfire7、data filter8、dos

GlobalProtect Client Certificate not Found

Hi All, I am trying to demo pre-logon and am really struggling with the client certificate authentication side of things. I've generated a Root CA on the firewall which has been imported into the Personal and Trusted Root Stores of the machine.The portal is set to use this certificate via a certificate profile which has been configured.Connect m...

Global Protect switching from Pre Logon to User

Hello, We have an issue where many times Global Protect clients are not switching from the Pre Logon user to their logged in user name. Certs are deployed and Pre-logon access works. IT can remote on to troubleshoot a PC that is just at the windows lock screen. We can ensure the PC has access to WSUS for updates, etc... Obviously they have...

How to Include Line Breaks and Quotes in Descriptions using CLI Commands in PAN-OS

Hello, I'm working with PAN-OS 10.2 and need to set descriptions for various objects like address objects, service objects, and security policies using CLI commands in the set format. I'm struggling to include strings that contain line breaks, single quotes ('), and double quotes ("). Could someone guide me on how to properly format these specia...

Upgrade from 9.1.x, to 10.1.x, 10.2.x, 11.x

Upgrade to from 9.1.X, to 11, 10.2.X, 10.1.X ? Hello, good afternoon, how are you? I have a question regarding which is the recommended version to update from PAN-OS 9.1.X. Personally I consider that version 10.1.X ( 10.1.8-h2 ) is the recommended version, I feel that version 10.2.X is very recent and version 11, well you know, is much, much m...

How to remediate overly permissive any- any rule

We have an overly permissive rule with Source, destination and ports as Any. We are working to remove this rule but this is widely used. Please suggest what's the best way to identify the traffic using this rule and to create rules with specific source, destination and ports.

How to setup No-IP Dynamic DNS on Palo Alto PAN-OS 9.0.12

Good day all, I spent quite some time figuring out how to setup the No-IP dynamic DNS service on my PA-220 running PAN-OS 9.0.12 and I want to share how I did it as it wasn't a straightforward process for me and I am sure it isn't for others either. Why do you want to do this?This will allow you to use a fully qualified domain name (FQDN) to ref...