PBF policy match works in CLI but hangs in the GUI

Hi,

Came across an issue where a PBF policy match works in the CLI, but not in the GUI. When you run the test in the GUI it just hangs. The PBF rule is working as expected in production, its just the test in the GUI that seems to fail. Anyone come ac

Globalprotect Smart Card configuration

So my company is working to setup a new PKI infrastructure with smart card logins for the users. I have looked at all the 2FA and associated articles about setting up the VPN but it leaves a lot to the imagination. I followed the steps creating the c

Can the peer identification be a local ip while the ipsec tunnel is between 2 public IPs?

Hi,

In this tunnel with a FortiGate, I see the FGT sends its peer id as a local IP and not as the IP which takes part in the tunnel .. 

So I just modified the peer identification for the local PA to match the FGT private IP peer IP and the tunnel has

Old rules can’t edit or can’t create after rules those implemented before create my user account

I’m facing issue to edit or delete in old rules before create my user account  in Palo Alto firewall when I login individually but I can do edit and delete old rules from panorama.

what will be the issue and those firewall not connected with panorama

Migrating from PA 500 to PA 820

Hi team

Can we directly take backup of PA 500 running PA OS 8.1 to PA 820 running PAN OS 9.0.

Thanks in advance.

Captive portal palo alto issued with chrome

Hi all

I use captive portal on palo alto just zone Lan to internet and found issued about chrome

My client have window 7,8 and palo version 8.1

Test on firefox need open firefox and click to option for login to internet

But on chorme not option for click

Migration FROM PA-850 to PA-3220

Dear:

Good afternoon, what is the best migration option from a Palo Alto PA-850 to a PA-3220.

Thinking for example to be able to keep the self-signed certificates in the PA-850, used for Global Protect.

Based on your expertix and experience, what is t

Commit Lock

Hey all,

Has anyone found a way for a non-superuser to remove a commit lock?

I'm aware the official line still seems to be only a superuser can remove the lock, and this is definitely the case in PANOS 9.0 but hoping there might be a way to have this a

VM Series validation Failed

where to check to troubleshoot the VM Series issue, as we are getting errors for the VM Series Plugin validation Failed. Please suggest if there are any specific logs or packet capture we have to look into.  

Error : - Resource-mgr-endpoint is invail

PA-3260 PAN OS 10.0.7 "Source User" Not Working

Hi - Trying to configure/setup source user however it is not working.

I configured my 2 domain controllers under Device\User Identification and added a valid domain account ,they show as connected.

All other settings are default , I am not sure what el