URL Filtering override tab after upgrade.

I am planning to upgrade firewall cluster from 8.1.18->9.0.14->9.1.11.

9.0.x says override tab is removed.

Is it the case with 9.1.x as well?

I have lot of domains in override.

Slowness when filtering at destination in a rule by address-group

Hi,

We are having slowness in a traffic when the destination in the security rule is a address-group. If we configure "any" in destination the session are fast. The traffic is 443 (web-browsing).

How PA can cause slowness in https if the destination

PBF policy match works in CLI but hangs in the GUI

Hi,

Came across an issue where a PBF policy match works in the CLI, but not in the GUI. When you run the test in the GUI it just hangs. The PBF rule is working as expected in production, its just the test in the GUI that seems to fail. Anyone come ac

Globalprotect Smart Card configuration

So my company is working to setup a new PKI infrastructure with smart card logins for the users. I have looked at all the 2FA and associated articles about setting up the VPN but it leaves a lot to the imagination. I followed the steps creating the c

Can the peer identification be a local ip while the ipsec tunnel is between 2 public IPs?

Hi,

In this tunnel with a FortiGate, I see the FGT sends its peer id as a local IP and not as the IP which takes part in the tunnel .. 

So I just modified the peer identification for the local PA to match the FGT private IP peer IP and the tunnel has

Old rules can’t edit or can’t create after rules those implemented before create my user account

I’m facing issue to edit or delete in old rules before create my user account  in Palo Alto firewall when I login individually but I can do edit and delete old rules from panorama.

what will be the issue and those firewall not connected with panorama

Migrating from PA 500 to PA 820

Hi team

Can we directly take backup of PA 500 running PA OS 8.1 to PA 820 running PAN OS 9.0.

Thanks in advance.

Captive portal palo alto issued with chrome

Hi all

I use captive portal on palo alto just zone Lan to internet and found issued about chrome

My client have window 7,8 and palo version 8.1

Test on firefox need open firefox and click to option for login to internet

But on chorme not option for click

Migration FROM PA-850 to PA-3220

Dear:

Good afternoon, what is the best migration option from a Palo Alto PA-850 to a PA-3220.

Thinking for example to be able to keep the self-signed certificates in the PA-850, used for Global Protect.

Based on your expertix and experience, what is t