Easy way to copy a policy from one firewall to another?

Good afternoon!

I have a set of Palo Alto PA-820s and 850s that I'd like to converge their configurations. For instance, have the same whitelist or blacklist policy outlines that I can add or remove websites, countries, and so forth. 

I see I can s

SSO Kerberos setup for Admin

I have been able to set up Kerberos for explict userid/password entry at the logon screen. Now I am trying to setup SSO.

I at least get to the Click the button to login as user@domain.local. Yet when I proceed, I get Not Authroized.

System log shows

Practical XFF usecase

XFF for user-ID - Displays IP as 'x-fwd-for: x.x.x.x' format

• Seems to me just an investigation help feature
• maybe can even block a particular IP/s if used in security policy as a source user, haven't tested this.

XFF for Security Policy - Gives abil

Can't activate " VM-Series Bundle 1 Free Trial" from Azure Marketplace

Hi there, 

I attempt to start to "“VM-Series Bundle 1 Free Trial “ in Azure Marketplace . When I clicked the link "“VM-Series Bundle 1 Free Trial “. It popped 404 not found. Could you advise how to activate it? 

Besides, I saw that there is a 30-day t

adding x-forward-for client IP to HTTP header

Does the PA support the ability to populate the x-forward-for field?

PA-450 License Issue

Hi Team,

Is there any known issues with the License Tab in PA-450 as our new firewall is not showing anything on the license TAB. I have added the devcie in the support portal but to fetch the license i am not able to see anything in the tab. I upgra

Process cp-path_monitor received user event hbUpdate

Dear Team,

I'm using 9.1.12 PAN-OS

Recent firewall has temporarily switched certain interfaces to 'non-function' with the logs below.

masterd_apps.log
Process cp-path_monitor received user event hbUpdate 60 0.0938

I would like to know what the

Setting up DUO MultiFactor on GlobalProtect and allowing AD password resets at the same time

Hello all,

I am currently trying to set up my GlobalProtect portal to allow my users to reset their passwords when they expire. I was able to do that by setting up my RADIUS profile with PEAP-MSCHAPv2 however now my users are not getting the DUO pu

Is it possible to apply "IP Address Exemptions" into Security Profiles based on the IP of the x-forwarded-for header?

Hello. all.

Is it possible to apply "IP Address Exemptions" into Security Profiles based on the IP of the x-forwarded-for header?

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/policy/identify-users-connected-through-a-proxy-server/us