Question about moving objects...

I have some security rules on a device group using shared addresses groups. I need to move these objects to the device group but I'm not finding an easy way so far. I can't simply move the address group, panorama doesn't allow because rules are using

Oracle database increase session time

Hi All,

Our application use Oracle database and connect application via TCP 1521 and 7777. One session have to keep 24 hour and is it any ways to increase that time?

Thanks !!

HA malfunctioned due to data plane down

Hello 

We have PA-3220 and its running 9.0.12. recently i saw that HA status is showing that "HA malfunctioned due to dataplane failed" and we cannot push any configuration on the firewall due to "dataplane failed" error message. 

Please suggest what c

SSL Decryption and Reddit Posting

Last year I implemented a rule to allow users in my company access to the reddit.com site. It is in our company policy to disallow sharing messages on social media, so I implemented this rule with URL filtering (chat/messages/etc...) and only allowin

Certificate issue

Certificate expires date showing different internally and externally for particular URL

how to monitor PA firewall interface IP address using SNMP monitoring

Below KB don't contain OID 1.3.6.1.2.1.4.20 . I am looking for this OID (provides the addresses and the link to the interfaces you've sent through)to receive firewall interfaces IP address using snmp.

https://knowledgebase.paloaltonetworks.com/KCSArt

Does Palo Alto Networks Support actually exist?

Nobody will answer their phones. Several attempts to call support only leads to hours on hold, nobody ever answers.

Migrating from a pair of 850s to a pair of 3220s!

It is my understanding that I should be able to export my config on the primary PA-850 and import it to the primary PA-3220.  I know that there are more RJ45 ethernet ports on the PA-3220, so I will update Ethernet1/9 to Ethernet1/13 and Ethernet1/10

Multiple External IPs to Multiple Firewalls

I am sure this is going to be something simple, but I am admittedly stumped (not hard to do).

I have a block of External IP addresses assigned by our ISP , say   172.10.10.10/29

The gateway is 172.10.10.10 . This contains a single physical port . Thi

Internet speedtest from PAN

Is it at all possible to determine circuit capacity directly from the PAN?

Esentially what im trying to do is run a intenret speedtest directly from a PAN.

What would be perfect is the ability to run an iperf client direclty off a PAN

ESXI Server & Palo Alto: The Inside Hosts that's on the same port Group as Palo Alto (inside interface) cant ping the Palo Alto inside Interface.

I have a ESXI Server with firewall (Inside, DMZ and Outside) zones

Palo Alto has a security rule to allow interzone traffic from inside to outside

Palo Alto has NAT configured for Outside Interface

When I try to ping from host to host on in the same po

Unable to ping out from new zone

We are in the process of migrating our DMZ servers out from behind an ancient ASA to our Palo. I pulled a test webserver over to make sure my NAT was set and to trial out some rules.

For the most part everything is working but I can't ping out from a