Is there a need for a book on PAN-OS "Policy as Code" subject?

Dear All,

I am looking to determine if there is a demand in the market for a guide to PAN-OS security policy automation ("policy as code").

There is plenty of reference information (https://pan.dev is always a good starting point) but there is

PanOS sdwan and PanOS versions

We are looking to upgrade our 9 firewalls PanOS version before December 31st.  We have Panorama and are using PanOS SDWAN.  Do the PanOS versions on the firewalls all need to match or can we update a couple a night and have SD-WAN still work.  Or do

Portal Password

I was just setup with user ID to and temp password to access the portal. How do I change the temp password?

VM Trial License

Hi
I am trying to obtain a TRIAL LICENSE for a VM. I am using EVE-NG and need to set up a training lab. I dont want to associate it with'

our current Palo Altos. How can i go about obtaining one?

GRPC status UNAVAILABLE in intelligent offload

Hi All,

Has anyone else come across an issue where a process called 'pan_grpcd' is using upwards of 85% of the CPU on a PA-VM.

The VM is running version 11.0.2 and i can see an error in the system logs - 'GRPC status UNAVAILABLE in intelligent of

Macbook Can't use Zoom application when connect GlobalProtect

Hi Team,

My customer reported he can't use Zoom application on his Macbook when connect GlobalProtect.

Is this an issue from GlobalProtect or Macbook and is there a way to solve this

Thank you.

Need to create firewall policy that allows only Microsoft teams and rest all need to block

Hi Friends,

I would like to create Palo Alto configuration for specific range of IP address, not based on users.

My requirement is as follow.

1. Only Microsoft teams traffic (incoming and outgoing includes calls) should be allowed.

2. Want to block all

Asynchronous Security Zones?

Is there an issue with asynchronous routing if the traffic passes through different security zones? We have our PAs setup with subinterfaces for our respective VLANs. So we have:

Eth1/3.10

Eth1/3.20

Eth1/3.30

Eth1/3.40

These subinterfaces connect to

Threat ID 30852 and 35107 - HTTP /etc/passwd Access Attempt

Is this a duplicate or does anybody know what the difference between those two Threat ID's is ?

Cheers Roland

[CAPTIVE PORTAL] Kerberos Browser-Challenge + Authentication Sequence

Hello,

I have an issue with the USER-ID. The Firewall is running 10.2.6 actually. 

We have different users : most of the people are in the AD and others are not.

Default authentication rule : Kerberos browser challenge. What i understood is : If kerb

high latency after HA failover

Hello team,

I have an HA active/passive with a couple of PA-3250. After failover from active to passive there are a high latency for all the connections and some Http/https sessions cannot be established. I see in the traffic logs many aged out sessi