API to dynamically register and tag from Panorama to Firewall

I'm finding we can use the api to register IPs to Tags on panorama no problem.   I can view that they are registered on Panorama.   However, Panorama is not pushing these mappings to the managed firewalls.   I'm matching on name and I'm using the dyn

Dynamic user group using HIP log

Hi Team,

Just need to check if anybody faced the below issue in PanOS 10.0.x

I am trying to create a dynamic user group with HIP log by following settings,

1- created one Tag

2- Configured log settings for HIP log for build in action tagging the source

Inbound TLS/SMTP inspection (to FortiMail)

Hi,

I'm wondering if anyone happens to be doing successful inbound inspection of SMTP/TLS to a FortiMail appliance? Or any other mail server for that matter.  I've run in to a brick wall when it comes to renegotiation. The Palo is serving the correct

How does Validate Commit function work in PAN OS 9.0.9?

 I'm wondering if the validation process is checking the change against the running config and not taking into account the Interface IP change in the candidate config while doing the validation.

I am trying to make a change to both the IP address of

Configuring decryption, some gray categories and experiences

So I guess I'm just curious what the overall opinion of multiple people is regarding decryption and how well they take into account local laws, etc.
I get decrypting traffic can be a major step up in security and basically unlocks a lot of potential i

Palo Alto custom application signature for Referer or Origin Header access to be allowed blocked?

I think that the the customer application signature using Pattern Matching and context http-req-headers or http-req-origin-headers can be used to allow URL access if the Referer or ORIGIN site is allowed. Can this be confirmed ? For blocking I think

Local Checks Not Enabled (info)

As per VAPT done at our firewall found below vulnerability   :

Please suggest any solution   

=====================================================================================

Local Checks Not Enabled (info)

Local checks were not enabled.

Scanner did

how to block malicious Attack on server

Hi All,

Good day!

I'm trying to block malicious attack on our server but no luck. Please see below attack i encountered on server.

I've already create a policy for that attacked. I already set security profile for that specific servers.

Also i already

Panorama is dropping lot of traffic to syslog splunk

I have a active-standby panorama cluster version 8.1.17 that manages about 40 firewalls.  The active-cluster panorama is also a log collector-group.

20 firewalls send traffic/threat/URL logs to active panorama and the other 20 firewalls send traffic/t

Facing issue with SSL VPN with Particular ubuntu machine(Linux)

Dear Friends,

Hope you are all doing good!!!

I am facing issue SSL VPN for particular ubuntu 14.0 user.

Here is my findings and observation below:

================================

++ Customer having 4 diff ISP provider

++ The user was in full tunnel mo

GlobalProtect & SCCM

Long story short, we purchased GP and configured rules etc to allow SCCM traffic to and from VPN clients who are users working from Home.

We are struggling to release applications or updates to these users and would like to know if anyone has GP with

GlobalProtect MTU Size

Hi All,

I have an issue where GlobalProtect VPN clients are enable to establish a VPN tunnel when connected to a certain WiFi network. We have narrowed the issue down to the MTU size. 

Ther are various GRE tunnels and IPSEC tunnels which have reduced