Resolved! NAT, Routing and license requirements

Hello Bros,

                I have an unlicensed and out of support single paloalto 3220 appliance, and this device is not licensed now as we have upgraded to paloalto ha.

my question is I wanted to re-use this appliance for some network services such

Resolved! Authentication issue with Global Protect

We are having difficulty with our Active/Passive pair of PA_820’s where they are setup to allow auth to GlobalProtect based on AD group membership.

If we create a new OU in AD and move a user to the newly created AD OU whilst still having the same gro

Resolved! Welcome Page - Iframe

Hello,

we want to include a (external or internal) website via iframe in the welcome page. My test HTML site:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> 
<HTML>
<HEAD>
<TITLE>Pal

Resolved! Not able to ssh access Active after config on mgmt interface on Passive standby

We have a pair of PA-3220 running 9.1.6.  We made a config change on the passive and now not able to access the active firewall.

Config was added to passive host where we added ssh ciphers / mac /  host key to the mgmt interface.  After the change we

Resolved! Change speed/duplex on 10G SFP port for PA-5220

Hello,

Is it possible to hardcode speed/duplex for 10G SFP port on PA-5220 device? i am getting below error:

>set network interface ethernet ethernet1/5 link-speed 10000 link-duplex full 
Error: 
Server error : ethernet1/5 -> link-duplex 'full' is not

Resolved! IKE and IPsec Encryption and Authentication Parameters for Site-to-site IPsec VPN

I was configuring a Site-to-site IPsec VPN and I was having a hard time matching my Encryption and Authentication parameters. The remote end device is Huawei Eudemon 1000E and my local device is PA-800. I have finished the configuration both sides by

Resolved! FWs not sending logs to Panorama, logs show constant disconnect

Woes with RMA M-100 continue.  Sometime yesterday logs stopped showing up on our m-100 and no idea why.   It was working after we restored the configuration but stopped yesterday.  I can push policies to the FWs and as far as they can tell they are f

Resolved! Is it possible to write a rule matching any IP ending in .xx

Hi all,

I have a question, is it possible to write a rule that matches only a part of the IP address? For example match any IP ending in .51? Using wildcards this would be  *.*.*.51

Put another way, i would like to match all IP's that are x.x.x.51 wher