External DNS resolution for specific domains

Hello, 

I am trying to look for a solution to an issue we have whereas we don't want to add routes from Azure (via ExpressRoute) to an on premise for public IP's for which Azure devices need to connect to via a Palo Alto firewall and across a VPN to

Remove Multiple Saved Config files from CLI?

I recenlty received an alert for /opt/pancfg at 80% full.  It looks like there must be a bug in a PAN-OS version that seemed to be saving off configs every hour, with a random naming convention of "5rkswfabcbep_5syszjl7hw0j.txt" There are hundreds of

Global protect enforcer and public wifi captive portal

Dear community,

We have deployed Prisma access Global protect [agent 5.2.9], enabling network enforcer and captive portal detection [ 10 min timer and captive portal message].

We are experiencing mixed results with users getting an error web page when

Allowing PIA VPN in home network

Hi all,

Quite new to managing NGFW, please be patient.

I have PA-820 looking after my home network, no domain, few computers, using it to learn more than anything else, but since I have it want to use it fully.

I want my Private Internet Access VPN to a

Palo Alto Firewall VM

I have installed a Palo Alto Firewall VM trial version. Now whenever I have tired to login / after successful login it is suddenly going to runlevel 0 and shutting down.

PAN-PA-5220 Purchase

Dear All,

I am planning to purchase PA firewall 5220 for our Datacentre. and came across below model

I am not mistaken then I need to purchase PAN-PA-5220-DC i(f DC power supply) and PAN-PA-5220-AC ( If AC power supply)

However I am clueless for what

IPSec Tunnel fails after 1 packet

Hi Guys,

We have a number of Palo Alto firewalls at our satellite sites configured in a Mesh VPN.

Site A, Site B, and Site C (Internal) all work successfully.

Site C DMZ can establish a tunnel to all the other sites, however as soon as the VPN is used

Log Forwarding - multiple instances of same catgory?

In Log Forwarding Profile I have URL Filtering/All Logs going to a log collection server. 
But for URLs of a phishing category I want those to be emailed. I tried to do this by 

creating a second profile match list profile URL Filtering/phishing. But

Admin credentials were not changing

Hi
We have 2 PA-850
They are working in HA mode

When i got the handover they gave the admin credentials

The secondary was always active
When i tried to login to the passive one the admin password did't work

At the end i logged in with the initial password

Ask Your Questions Now! Cyber Elite Ask Me Anything (AMA) Event

Ask your questions now through June 30 as the LIVEcommunity Cyber Elite Experts will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to as

Questions) Missing Panorama Log

When creating the Security Policy Rule, 'Log at Session Start/End' was all selected as Actions.

After this, when I check the log in Panorama, only the End Log is visible and the Start Log is not visible.
Also, sometimes this logs are not visible.

I

SAML Jumpcloud HA Implementation

Hi,

i follow the docs here LIVEcommunity - PAN-OS SAML SSO with JumpCloud and Mobile Push MFA - LIVEcommunity - 493684 (paloaltonetworks.com)

it works well with one firewall. When it used to HA active Passive Environtment, it wont work on the passive,

URL Filtering Wildard - ? in URL

I have inbound decryption set up for a server and we want to restrict what URLs users can get to.  The website admin tells me that ALL links to the site will contain something similar to the following:

https://my.web.server/xxx/yyy/zzz/TEXT_SOMETHING

Session end reason=resources-unavailable, version 8.1.15.h3

In the traffic log we have found some entries with a session end reason=resources-unavailable, version 8.1.15.h3, however PAN-189468 is not affecting our version only affects version: 

9.1.0-9.1.13
10.0-10.0.10
10.1.0-10.1.4

adm_(active)> debug datapla