Customize Authentication Complete URL

Hi,

i would like to customize the URL Authentication complete in GP. i was checking this KB: https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-user-authentication/set-up-external-authentication/set-up-saml-authent

Queries regarding .crx3 chrome extension

We are currently experiencing a significant increase in bandwidth consumption on our network due to users downloading .crx3 files, which are Chrome extension packages. Our Palo Alto Firewall does not natively recognize or allow us to block the .crx3

Connection Failed unreachable macbook

Unable to connect in mac mini

06/29/2025 12:07:37:787 [Info ]: Started the Portal pre-login
06/29/2025 12:07:37:787 [Info ]: CPanMSService::PreloginPortal CheckServerCert return 0x2000
06/29/2025 12:07:38:055 [Info ]: Portal pre-login result receive

Palo Alto FW and Panorama Requirements for 11.1 or 11.2 version

Hi, 

I need help asap how to know if Palo Alto VM Series at 10.2.x  can update to 11.1 or 11.2 is there a link to help me. Is the CPU, Memory, Hard Drive Size the main factors.

If you can give an example would be very nice.

Thank you. 

Upgrade while the /dev/root is high

Hi,
I'm wondering if I can smoothly upgrade the firewall if the dev/root is above 90%
Note that the /opt/pancfg is at 60%.

Any thoughts on how to whitelist Akamai IP ranges?

Hello Network,

Any thoughts on how to whitelist Akamai IP ranges? I am hoping to use MineMeld as the aggregator of the information.  We currently use it for AWS but I did not see a node built for Akamai.

Thanks in Advance,

Scott 

DHCP Lease Issue

• Device details:
• • Model - PA 3020
  • Software version - PAN OS – 8.1.3

• Problem Description:
• • Please be informed that we are frequently encounter DHCP lease full (100%), and it cause interruption for our users at region side.
  • Customer side have two vlan for

GlobalProtect - Multiple Client Settings

Following a change to move from LDAP (Local Domain Controllers) to Azure SAML with MFA enabled we are experiencing an issue with the use of multiple Client Settings Configs on a single Gateway.

We use the users section to identify a subset of users

UnAuthorized Access

Dear,

Anyone can help me to solve my account.

" Your account has expired. To get this resolved, you must reach out with your Super User for assistance.
You can click here to send your Super User a reminder notification."

i have clicked to send a r

HTTP Header Referrer

Hi,

is it possible to build a security access rule based on http-header referrer field?

Someone have do it?

Regards

BGP Communities Import Rule

I have a BGP connection that is up.  Let's say it is to peer 10.1.2.3,  and my Peer AS is 1234

They have a community set that I want to match on in an import rule.  Specifically, 1234:567

I know this is just an example, but the field simply say

Paloalto routing an IPSEC tunnel to another router

Hello, I'm trying to create a tunnel between R1 (OpnSense) and R3 (Sophos), R2 is the Paloalto that NATs a dedicated wan IP to interface1/2 (private TRUST LAN) where is locally connected the Sophos.

R1 (Opnsense) <----->  R2 (Paloalto NAT 1:1) <---

Cisco BGP neighbor x.x.x.x local-as yyyy feature on Palo Alto

Hi,

Does Palo Alto support Cisco BGP neighbor x.x.x.x local-as yyyy feature? or there is any way to achieve the same (Palo Alto FW has a local ASN, but it uses another local ASN just for a specific neighbor)

Thanks!

Automated backups from Panorama

Hi Guys

I have a HA FW Palo Alto, which are managed by a PANORAMA.

Is it possible to do the automated task, to send a BACKUP of the FW configuration, on a daily basis, but from the PANORAMA?

The best option in this scenario, in your experience, is to