SSH traffic on one policy appears to be denied by a policy that is currently disabled. How is that even possible?

I created a policy (number 21) that allows several types of traffic outbound (ssh, https, tcp 8989, tcp 61000 - 65535, and UDP 1024-65535).  All traffic seems to be passing except SSH, which is being blocked by policy number 25, which is supposed to

How to download Panorama vm file

Hello.

I want to download Panorama Base image. I go to support.paloaltonetworks.com->Updates->Software Updates but there are no Panorama Base Images. Why can't I find it at this address? Please help me. How do I download Panorama's legal .ova file

TCP SYN with data attack block by the firewall but increase the latency of data traffic

Hi Support,

We recently notice have latency in our network , when we investigate found a lot threat logs from TCP SYN with data has been block by firewall as we have DDOS protection.

My question is below:

1. does this attack affect the performanc

SNMP LinkStatus can't seen

Hi all,

 I have the Zabbix server ver 6.4.3, I'm import the template palo_alto_firewall in this link: https://www.zabbix.com/integrations/palo_alto_networks

 It shows somethings, but the Linkstatus with OID: 1.3.6.1.2.1.2.2.1.8. and the traffic out a

Palo Alto Decryption "Out of firewall resources: memory"

Hello, 

Wondering if anyone has encountered the error on the subject line under Decryption logs? We seem to be experiencing an "outage" with outbound traffic (Web pages don't load, slow internet, etc) here are some recent changes:

• We migrate over

Source User missing users unless DC is rebooted--User Mapping

Hi all,

I am having an issue that users are no longer communicating their IP and converting them into agent-ID's so they no longer get the correct web-filter rules. Currently nothing is now showing up in the "Source user" column but If the Domain C

PAN DB CLOUD DISCONNECTED | Cloud is not ready, there was no update from the cloud

Hi guys,

Seeing an error message show up in the System logs:

"Cloud is not ready, There was no update from the cloud in the last 630 minutes. 04/18 09:49:25"

I have connectivity to updates.paloaltonetworks.com, as the Palo is able to retrieve l

Live Community Access Denied

Hey all,

When i attempt to access this link regarding a cert expiration, i get Access Denied;

https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672

Hips Profile and Global Protect features not available in terraform

Hi we are using terraform to push configuration to Panorama and connected devices.

We noticed that the HIP and global protect features are not available in the terraform provider and the last this was updated was over a year ago Feb 2022. Are there a

panos_panorama_bgp_import_rule_group and panos_panorama_bgp_export_rule_group cannot have multiple rule sections

I get an error when using more then one rule section in panos_panorama_bgp_import_rule_group and panos_panorama_bgp_export_rule_group using the latest version of everything.

test1 and test2 works fine if you only use one of them but adding them both

Dataplane is down: path monitoring failed.

One of our passvie firewalls encountered the problem "Dataplane is down: path monitoring failed". The reason may be that we replaced the fan. At present, I found the following link to the official documentation of Palo Alto. Because we have no plans

Open internal application server access to the mongo cloud tcp

 does anyone know how to open port 27017/TCP from our internal application server to the mongo cloud *.mongodb.net?

prisma free trail using AWS PAYG

Hi Team,

I have subscribed to prisma cloud PAYG 15 days free trail in AWS. I exceeded 15 days today. I don't want to continue using it and get charged. How do I unsubscribe it?

API set up with global protect and infoblox

Hello Community,

I hope i am in the right place to ask this question. I am working on building an API set up that will pull Global protect user information such as hostname, IP, etc... That data will then be fed into infoblox as our central dns sourc

Authentication Fallback

Hello,

So, we currently authenticate administrators to our PA's via Radius (TACACS).  Is there a way to configure the PA's that it will only use the local DB / Administrators if Radius isn't available? 

Thanks!