How to Exclude all Zoom traffic from GlobalProtect VPN

Need to Exclude all Zoom traffic from Global Protect VPN.

TACACS user authentication in WF-500

Can we configure TACACS sever profile in WF-500?

So that we will provide TACACS user authentication to login into WF-500.

If it is possible, please share configuration steps or article for the same.

Traffic issue on the Palo Alto(zone-to-zone)

Team,

On our Palo's we have a vsys defined and on this vsys we have 2 zones configured. ...... (say Trust zone and untrust zone.)

We have a server in the trust zone which need to monitor the interface allocated to the untrust zone.

This does not happen

Office 365 Dynamic List

Is there any way to use the Office365 dynamic URL?

https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7

which contains IPv4, IPv6 and domain and having update every day. 

Error 1006

Hi everyone!

I got error 1006. I really need help.

Thank you!

URL and Threat Licenses

I have recently ordered URL, Threat and 3 yr support for 7 PA-220's. The main S/N we are using for a test application did not get a license ordered, (oversight on my part). Can I use one of the new licenses from another S/N PA-220 to upgrade and test

How to configure path monitoring if primary tunnel fail

I have created 2 IPSec tunnel and want to configure path monitoring if primary tunnel fail, pls suggest.

Allow listing Dynamic IP sites

Hi All,

We have an issue where we allow list a domain using a dynamic IP, but the host calling the domain and the firewall resolve to different addresses and the connection is drops (in most cases).

We have looked at URL categories but seem to face t

Help with using URL Category as part of a rule.

I'm trying to change my rules for allowing outgoing SFTP connections from using IP's to using URL's as more and more vendors are going to AWS and such and locking into an IP address doesn't work.  I cloned my current working rule which says server x.

Captive Portal Error Android - Iphone

Good afternoon, please your support, I have the following problem:

I configured the captive portal function.

Pan OS: 9.1.9

All the corresponding configurations were made, certificate, ssl decrypt, authentication rules, decrypt rules

If I connect to a W

eBGP between remote Palo Alto devices.

Folks,

Similar to Cisco routers we are checking if we can form remote eBGP neighbors between Palo Altos located in different DC's.

One PA is located in DC-01 and the second is located in DC-02

We are looking at this design to as both these Palo's form

zone protection profile

Can a zone protection profile be implemented on outside zone without an outage ?

Disable Weak cipher suite

Has anyone had success getting past a B on ssllabs for the globalprotect web portal

TLS_DHE_RSA_WITH_AES_256_CB