General Topics

Restoring Configuration Between Platforms?

Is it possible to restore a backup configuration from say a PA5000 series to a PA3000 series?  I know there are obviously interface differences between the platforms, and I couldn't find any recent documentation explaining if this is possible.

Than

Policy audit comment in cli

Do you know how can we configure and view Panorama security policy audit comments in the cli or another way for bulk applying comments to policies. 

I will modify policies in bulk using the cli set commands, but also want to add audit comment to all t

Active cluster

Hello ,

We have a customer having Active /active cluster .  The Panorama lies in another country : The nodes of cluster use the traffic interface ( and not management interface)to reach Panorama , and at firewall we do the NAT , so that on Panorama 

HOW TO DOWNLOAD IMAGE VM IF YOUR NOT YET THE COSTOMER

HOW TO DOWNLOAD IMAGE VM TEST IF YOUR NOT YET THE CUSTOMER

Firewall drops VSS-Management trailer due to Layer 4 checksum enabled

This is not an issue, but a general document about an issue that we experience with a customer last weekend. The issue is not well documented by Palo TAC and it took us the help of another customer who experienced the same issue with the same applica

File types need to block

The file type is malicious as per the swift advisory 2021, that need to be block on the Palo alto Firewall.

File Type .gmu,.ekt, .jpn,.er,

Communication between Panorama and a Firewall from outside

Hi PA Experts,

We have a Panorama (10.02) that we will use to manage multiple firewalls from different companies, so it's a multi-tenant deployment. 

I have 2 questions for now:

1. One company is concerned about security connecting their FW to Panoram

Global Protect Single/One login Portal/Gateway

Good afternoon, I have a question:

I have Global Protect configured and operating, operating correctly Portal and Gateway.

When one uses the Global Protect App, it always asks 2 times for login, I understand that one is in the Global Protect Portal an

Timeout on syslog sourced User-ID mappings?

Greetings all,

Taking another look at our user-id mappings with our server team today and we've landed on trying 90 minutes for AD.  We set this on the agents installed on two of our AD servers and the firewall is showing the new logs coming in as ha

PCI DSS testing failure

We are using SecurityMetrics to test for PCI compliance and have recently started receiving a failure based on TCP/IP Initial Sequence Number (ISN) Reuse Weakness (CVE-2002-1463) for the PaloAlto firewall (5.0.8).

I'm not sure how to remedy the proble

Unable to sign into GP client with Azure AD SSO

Hi All,

Trying to setup Azure AD SSO with Global Protect, but am receiving the below error. According, to the Microsoft documentation it means that the user is not assigned to the application in Azure, but I can confirm that the user is assigned corr