QoS: only ever matches default-group

I'm obviously missing something simple here, but nothing I've tried makes a difference.

Creating a QoS Profile to configure the 8 classes:  works great.

Creating a series of QoS Policies to classify AppIDs, URLs, users, etc into difference classes:

Globalprotect SAML Auth with Azure and MFA not prompting for MFA after reconnect

Hi All,

There are a few topics on this.. I read most of them still unable to resolve this..

we have panorama with managed FWs (10.2.6) and GP portal and GW setup pointing to SAML profile that integrates into Azure and Azure IdP for MFA

at first log

Prisma global protect

Bonjour,

Lorsque l'on configure la gateway global protect sur Panorama, que doit on renseigner dans la partie " IP de la gateway externe" sachant qu'on se connecte à une gateway France North ou France south dans prisma?

Pareil que doit on mettre po

Virtual Wire & Virtual System assignment issue

Hi,
I hope this message finds you all well 

I have some configurations questions regarding virtual wire in PAN-OS FW that support multiple virtual systems, i would like to get some official documents regarding virtual wire configuration and assign it

Alternative for Data Lake

Are there any cheaper alternatives of Data Lake? Let's say, our retention is 6 months and we'd like to store incidents and all related information for 1-2 more years somewhere else. Has anyone used/using something like that, e.g. Amazon S3

add TWISTLOCK_CONSOLE env variable to twistcli

i am not sure if this is the right place to suggest this, but i think it will be really handy to have such an env variable i can set up in my zsh profile file (for example), and not having to write `--address $TWISTLOCK_CONSOLE` every time. similarly

PA-440 cannot resolve domain names to ipv4 addresses on CLI

Hello all, 

Do you how to configure resolve domain to ipv4 address on CLI PA-440?

I have set the setup->service-> primary DNS server, and all interface ipv6 are disable. 

But I ping a domain name on CLI, the resolved address returned is the ipv6 ad

RabbitMQ App-ID Misidentified

We have a Security Policy Rule with Application rabbitmq, and Service is application-default. In the same Security Policy Rule, we allowed the dependant applications amqp and SSL. When we test traffic, in the Traffic log, we see it matching the zones

DNS Rewrite and NAT Traffic and without NAT Traffic

Hi,

We have scenario in which two different subnets in DMZ Zone communicating with Internal Zone but 

1. One subnet is allowed to communicate with Internal Subnets (Internal Zone) without NAT (Source or Destination).
2. 2nd subnet is allowed to communicat

not able to open support case

not able to open support case

Error: Total number of profiles (76) exceeds platform capacity (75)

hello everyone：
What are the security documents here?
Anything else?
Is there any command to check how many profiles have been configured?

1、url filter 

2、antivirus
3、anrispyware

4、vulnerability
5、file block
6、wildfire
7、data filter
8、dos

GlobalProtect Client Certificate not Found

Hi All,

I am trying to demo pre-logon and am really struggling with the client certificate authentication side of things.

I've generated a Root CA on the firewall which has been imported into the Personal and Trusted Root Stores of the machine.

The po