creating a customer account

I am attempting to create a Palo Alto customer account so that I may transfer a Palo Firewall that it I have purchased to it. I do not have a sales number for the purchase so I cant create an account. I am buying the unit from a partner. It is a unit to be used for training. How can I create an account????? Thanks in advance for shared wi...

Device Certificate not showing

Hello Guys, I have problem with device certificate, i have create the device certificate, but is not showing in GUI Palo Alto.but when i try to import configuration the certificate is showing.anyone can help me why device certificate is not showing in GUI ?

ECCN for PAN-OS

Hello, I require the ECCN for your software, PAN-OS. I do not have access to the 'HW Accessory Cross Reference' link I have seen posted. Alternatively, please provide an email address to your Trade Compliance team so I can contact them directly. Thank you.

Packet drops with Unknown-TCP

Hi Team, Need your suggestion on below. We have created a policy to allow access to a site with URL filtering. Created new category to the specific set of URL and then allowed the same in URL Filtering Profile and called the same in ACL. Source is set to LAN Range, Destination is set to Any, Application is set to Any, Service is set to Any, URL ...

Migration from PA3220 to PA1410, aggregate interfaces to cisco stack not coming up

We recently moved from PA3220 to PA1410 using export config from PA3220 and importing it to PA1410. Aggergate interfaces were up on the PA3220 but not coming up on PA1410 with same set of interfaces... Can anyone help with this setup?? Am i missing any config?

Allow only global protect from trust to untrust.

Hi Everyone Greeting. I need to allow only the GlobalProtect application from the trust to the untrust zone, by allowing: First security policies : source trust -> destination untrust -> Application DNS -> Allow Second security policies : source trust -> destination untrust -> The Paloalto-shared-services application, by openi...

Explicit proxy chaining

Hello, I like the explicit proxy functionality but missing option to use proxy chaining and forward all the explicit proxy requests to an upstream proxy. Some ideas how to archive this? Thanks for any recommendations Lumir

PA-440-LAB purchase without going thru my employer

Anyone know where and how I can purchase the PA-440-LAB bundle without going thru my companies account and vendor? I did that with the 220 and it was a nightmare. I want to setup an individual PA account for support and licensing and acquire the lab bundle directly. Thank you

QoS: only ever matches default-group

I'm obviously missing something simple here, but nothing I've tried makes a difference. Creating a QoS Profile to configure the 8 classes: works great. Creating a series of QoS Policies to classify AppIDs, URLs, users, etc into difference classes: works great. Creating multiple QoS Profiles to limit bandwidth for separate networks: nothing ...

Globalprotect SAML Auth with Azure and MFA not prompting for MFA after reconnect

Hi All, There are a few topics on this.. I read most of them still unable to resolve this.. we have panorama with managed FWs (10.2.6) and GP portal and GW setup pointing to SAML profile that integrates into Azure and Azure IdP for MFA at first logon, i was prompted for MFA and connected successfully. log off, log back in again and does not pr...

Prisma global protect

Bonjour, Lorsque l'on configure la gateway global protect sur Panorama, que doit on renseigner dans la partie " IP de la gateway externe" sachant qu'on se connecte à une gateway France North ou France south dans prisma? Pareil que doit on mettre pour l'IP du portail?

static ip with vlan

HI , I want to configure static ip on panos 9.0.x .very old demo verion on kvmwithout static ip i am able to do very basic task .my isp use pppoe , with username and passwd to login in router .when i add static ip to vlan i dont get internet ,only get dhcp address with dns but no internet ,what suppose to be static route my ip is 45.116.x.x

[INT] Alternative for Data Lake

add TWISTLOCK_CONSOLE env variable to twistcli

i am not sure if this is the right place to suggest this, but i think it will be really handy to have such an env variable i can set up in my zsh profile file (for example), and not having to write `--address $TWISTLOCK_CONSOLE` every time. similarly to how the cli handles `TWISTLOCK_USER` and `TWISTLOCK_PASSWORD`.