PAN VM Security Policies -

I have setup my VM on a  single desktop with 4 NICS to connect to different subnets and security zones and to have different interface setups for the VM. Two other desktops have NICS with different subnet scopes. I have created a rule to test ping tr

Source user information is intermittently not visible in the traffic log.

he agent is installed on the ad server and user information is mapped and confirmed. However, source user information is not visible intermittently in the traffic log. This occurs even when it is the same application and the same external address. I ...

How API to work with PA

Hi We like to set up API for palo alto and review related documents. I found there are a lot documents on API. but I am not familar with API in PA and do not know which documents is good for beginner to kick off. Anyone can share some documents link

Checking NAT Pool Usage from the GUI

Hello community,

I'm wondering if there is a way to check the usage of IP addresses in a NAT pool from the GUI and/or from Panorama. I'm interested in seeing which original IP addresses have been translated and what is the translated address.


The CLI

FQDN Object in Policy - not working but FQDN seems to resolve properly

I've never had the opportunity to use or need to use an FQDN in a security policy before but my first attempt to do so does not seem to be working. I'm trying to use an FQDN to restrict IPSEC/IKE traffic from a Virtual Network Gateway (VNG) in Azure.

PanOS 10.1: DHCP server missing hostnames / descriptions

PA220 running PanOS 10.1 managed via Panorama 10.1.

Prior to PanOS 5.something, you could not add a description to an IP reservation in the DHCP server configuration.  Later in 5.something, a description field was added.  This works.  You can add a

Removing a device from Panorama - what happens to shared objects?

I want to remove a device from Panorama and have it continue to work independently. I have a lot of shared objects - addresses, address groups, URL categories and schedules.  What will happen to those objects when I remove the device using this proce

Creating user-ip mappings from the command line.

Is it possible to authenticate machines to Captive portal from the command line? We have several linux machines who don't have access to the web browse only command line. Can these be authenticated through curl or any other command line tool?

Assign assests

i want to assign some assets to specific admin. any suggestions

Using PAN as a DHCP Server - MAC Addresses are Case Sensitive

Hi everyone,

I'm having an issue trying to tell our account representative that PAN should treat upper-case or lower-case (or even mixed) MAC addresses as one entry.  I say this because I had an entry in our PAN DHCP Server all in lower-case (enter

TS Agent and Proxy PAC file

Interested to know if anyone has the TS Agent deployed and the users are using a proxy PAC file.  We are facing an issue where intermittently internet access will stop for a period of time - we have removed the myIpAddress() from the PAC file and sti