Source User missing users unless DC is rebooted--User Mapping

Hi all,

I am having an issue that users are no longer communicating their IP and converting them into agent-ID's so they no longer get the correct web-filter rules. Currently nothing is now showing up in the "Source user" column but If the Domain C

PAN DB CLOUD DISCONNECTED | Cloud is not ready, there was no update from the cloud

Hi guys,

Seeing an error message show up in the System logs:

"Cloud is not ready, There was no update from the cloud in the last 630 minutes. 04/18 09:49:25"

I have connectivity to updates.paloaltonetworks.com, as the Palo is able to retrieve l

Live Community Access Denied

Hey all,

When i attempt to access this link regarding a cert expiration, i get Access Denied;

https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672

Hips Profile and Global Protect features not available in terraform

Hi we are using terraform to push configuration to Panorama and connected devices.

We noticed that the HIP and global protect features are not available in the terraform provider and the last this was updated was over a year ago Feb 2022. Are there a

panos_panorama_bgp_import_rule_group and panos_panorama_bgp_export_rule_group cannot have multiple rule sections

I get an error when using more then one rule section in panos_panorama_bgp_import_rule_group and panos_panorama_bgp_export_rule_group using the latest version of everything.

test1 and test2 works fine if you only use one of them but adding them both

Dataplane is down: path monitoring failed.

One of our passvie firewalls encountered the problem "Dataplane is down: path monitoring failed". The reason may be that we replaced the fan. At present, I found the following link to the official documentation of Palo Alto. Because we have no plans

Open internal application server access to the mongo cloud tcp

 does anyone know how to open port 27017/TCP from our internal application server to the mongo cloud *.mongodb.net?

prisma free trail using AWS PAYG

Hi Team,

I have subscribed to prisma cloud PAYG 15 days free trail in AWS. I exceeded 15 days today. I don't want to continue using it and get charged. How do I unsubscribe it?

API set up with global protect and infoblox

Hello Community,

I hope i am in the right place to ask this question. I am working on building an API set up that will pull Global protect user information such as hostname, IP, etc... That data will then be fed into infoblox as our central dns sourc

Authentication Fallback

Hello,

So, we currently authenticate administrators to our PA's via Radius (TACACS).  Is there a way to configure the PA's that it will only use the local DB / Administrators if Radius isn't available? 

Thanks!

Rule hit count or unused rule in custom reports or CLI

There are no fields related to rule hit count or any way to identify unused rules in Panorama custom reports. Is there a way to get a consolidated view of unused rules across all device groups at once and not just through the policy page per device g

PA5410 Version 10.2.4 not allow to set offload to true

Hello
We are detecting sporadic CPU spikes on a FW 5410 version 10.2.4 , the average is fine however, we observe sporadic spikes of 95% 96% ...100%. Before with the old FW model we did not have this problem and we have not changed any configuration.

W

EDL Hosting Service - Difference between any, allow, default, optimize

Hi,

Can someone explain the differences between the any, allow, default, and optimize lists? 
The explanation in the Palo Alto documentation is quite vague on this matter.

We're looking into using this to filter o365 access, but unsure which list to

TCP-RST-FROM-CLIENT and TCS-RST-FROM-SERVER

Hi All, 

As captioned in subject, would like to get some clarity on the tcp-rst-from-client and tcp-rst-from-server session end reasons on monitor traffic.

Even with successful communication between User's source IP and Dst IP, we are seeing tcp-rst-

SNMP Looking for a Table on 5020's that shows VPN tunnel status

We have a VPN tunnel and would like to know if there is an SNMP table that can be polled for the status of the tunnel being up or down. 

We are aware there are traps that provide update when the tunnel goes down.

However, we are looking to establish