General Topics
Showing results for 
Search instead for 
Did you mean: 
General Topics


Join Us for a Tech Deep Dive Miniseries!


Stop Zero-Day Threats in Zero Time with Nebula PAN-OS 10.2.


Join us live for an in-depth look at the latest advancements in cybersecurity, best practices, tips and tricks, demos and
more to protect your business and defend against threats in real


jforsythe by Community Team Member
  • 3 replies

Resolved! HA config sync

Hi guys,


I wanna know the Comment column under Network---Interface tab synchronizes when PA is set up as Active- Passive HA?

I assumed it wont, and made some changes in comments coloumn and later found out it got synced.


I referred the PA document:



Seeing these errors in my log pan_packet_diag.log



seems to be filling up my log file ?  I have no idea 


2020-07-04 12:09:26.595 +1000 Error: pan_cfg_url_policy_need_hdr_insrt_log(pan_cfg_url_policy.c:274): url_profile (nil), cfg available: 1
2020-07-04 12:09:26.595 +1000 Error: pan_cfg_url_policy_


Captive portal browser challenge issue

Hi team,


While trying to deploy Kerberos SSO for enduser authentication I came up to the following issue with the captive portal (browser challenge).



When an end user logged in a windows (part of the domain) tries to connect to ""



Resolved! OCSP Responder with Self-Signed Certificate

Following, I created an OCSP responded.  When creating the user certificates, for signed by I tried both the Root and Intermediate certificate.  I allowed HTTP_OCSP on



Resolved! GlobalProtect DNS issues in Windows after disconnect

I am using GlobalProtect 5.09 with PanOS 9.0.7.


While using dual monitors with a split-tunnel VPN, I find that when VPN disconnects dns resolution is still trying to use internal dns servers.  I am forced to reboot my desktop at home multiple times p


SSL decryption on PA incase the SSL termintated on WAF

We have a website hosted behind WAF and Firewall (Palo Alto). The WAF already has the server valid SSL Certificate from public CA. Do we need to install SSL certificate (decryption ) on PA Firewall also for inbound traffic to make it more secure ? 

msalhi by L0 Member
  • 3 replies

Resolved! PA 7k LACP over Multiple NPC



I'm curious to know if it is possible to configure an AE Group of interfaces in a PA 7000 series appliances with interfaces accross multiple NPC's?


This just seems to me to be the most logical way to load share on the platform with multiple NPC's


Custom signature not working

Hello Team,


I need to create custom VA signature which can detect specific chrome browser version and block internet also from that browser.
I have created custom signature which can detect specific version and can block http traffic too but https tra


Custom Application Signature


For the same application, I have several links and ports (https://application.intra.mydomin.corp:8530/toto, https://application.intra.mydomin.corp:8130/titi, https://application.mydomin.corp:8530/toto,..) and I would like to create a rule and sp


public ip addresses and link address /30


I have a question regarding public interface configuration. ISP gave me /30 link network address space and /28 public IP address pool. Can you suggest me best way to configure this public address on PA. Should I use virtual wire, loopback interfa


patux80 by L0 Member
  • 1 replies

Authentication Bypass in SAML Authentication.

Dear Support Team,
Please do us favour to update Security appliance Palo Alto with latest signature which help to prevent from latest vulnerability Authentication Bypass in SAML Authentication.
Patch requirement for CVE-2020-2021 PAN-OS: Authenticati

Incomplete ARP when deployed in Azure



I deployed NGFW 8.1 using Terraform (v0.11.36) in Azure. It provisions VM and all the resources like resource group, VNet, subnet, IP's etc., But the only problem is with the UnTrust(eth1/1) NIC as it complains 'Incomplete ARP even after confi


Top Liked Authors