OpenVPN support on Palo gateways?

Palo gateways have supported ipsec site to site vpn for a long time. Do they also support acting as an OpenVPN gateway? I dont mean openvpn passthrough to a backend. I mean actually being the Openvpn endpoint.

revert but not the config

Is there a way to "revert" via cli?  I don't mean config changes either, I mean like the following places:

1. Network > Interfaces > Ethernet1/1

2. Device > Setup > Management

I'd like to script out reverting these.

We cannot export the metadata, when you are in the FW, in the Global protect section, it does not allow you to enter the IP or the Vsys.

Hello,

We cannot export the metadata, when you are in the FW, in the Global protect section, it does not allow you to enter the IP or the Vsys.

When I select in the Authentication Profile, the profile from which I want to export the data, and I sel

Access denied

Hello Palo Alto Community ,

I have problem in communcating betwen Fire wall and Domain Controller (ldap).Status show me Acces Denied on Server Monitoring,i try change user roles to fix it  , but again show me the same status  Acces Denied .

Please he

Global Protect on IOS Always ON VPN sanity check

I've had a Palo Alto case open for almost 9 months now that appears to have devolved into a finger pointing match between Apple and PAN and I'm going to have to make some decisions here, I don't know if anyone else uses that functionality or not.  Ap

WMI access denied in System Logs but Device > User Identification shows connected on all DC's

Hello,

I've seen on my Palo Alto 3220 system logs dashboard applet a ton of Access Denied messages regarding our domain controllers.  However if I go over to Device > User Identification, all 4 of our DC's there are listed as connected in green.  All

Access Denied (Server Monitor)

I configured the Base name and bind name properly but we facing the following error in putty “pan_user_id_win_get_error_status(pan_user_id_win.c:1130): WMIC message from server AD-Monitor: NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied” and  “pan_

Unable to connect to dataplane interfaces

We have pair of pa3220 in active/passive with one LACP trunk interface and a WAN interface as standard L3 interface. All of sudden we are unable to connect to the VLAN interfaces on LACP trunk and WAN interface. Failed over the passive one and traffi

PANOS Upgrade from 6.1 to 9.1

Got an old firewall, 

How much is the risk to upgrade from PANOS 6.1 to 9.1 now???

Any concern?

schedule security rules

I have 2 security rules, one needs to run office hours and one needs to run non-office hours. If the tcp session remains (not closed) can the same traffic use different security rules based on time ? or because the tcp session remains and it will sti

issues using aka.ms in a firewall rule

Microsoft makes extensive use of the name aka.ms to map to thousands of IPs in its Akamai content delivery network.

I find that i have issues trying to use FQDN host object aka.ms in a firewall rule. Many times traffic doesnt hit the rule.

I suspect

session_end_reason eq 'n/a' after upgrading to 9.1.14 h1 model 5220

We are observing a high amound of session_end_reason eq 'n/a' during peak hours and results session end . any similar experiance ? 

Install a single Host Defender (twistcli)

Install defender failing 

sudo ./twistcli defender install standalone host-linux \
--address https://<CONSOLE> \
--user <USER>

Ref : https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_defender/install_hos