send/receive Multicast over globalprotect using GRE tunnel?

I have a requirement to send/receive multicast over globalprotect  VPN. I am using IPSEC based GlobalProtect VPN.

Can I use GRE tunnelling to enable multicast forwarding over GP?

LAB'ing PaloAlto

Hi, 

I have installed a couple of PA-vm firewalls but i am not able to test upgrading PAN-OS or enable multi Vsys support.

Am I using the wrong model in the lab? Is there a way I can do the above? Are there any trial licenses without limitations?

I lo

scheduled policies to affect existing sessions

Dear community,

I configured schedule on policies and it seems that as per design the existing sessions are not affected by the schedule:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-schedules.html 

Meaning th

LIMIT SERVICES (2000) IN PA 5020 ios 8.1.10

HELLO EVERYB,

i there any way to increase de limit of servies? in our case er arrive to  2000 service (ports) in PA 5020 WITH IOS 8.1.10?

have i to increase at the hardware level? or sfoftware?

thank u so much

Need a way to move big number of selected policies to the desired location

Dears,

As a cleanup to our policies in the firewall, I added a tag "Zero hit" to the policies that never trigger a hit. I have a huge number and I would like to move them all to the bottom.

I tried to find a way to move them to the location I want and

Request a Signature for CVE be Mitigated

Is there a proper way to request a CVE be mitigated by the Palo firewall and added to the Threat Vault?  

I have read the conditions for a signature being added, but it doesn't tell you where to request one. 

https://knowledgebase.paloaltonetworks.com

Error in CEF format for Threat logs

The following guide provides the parsing for CEF-style Log Formats for PAN-OS 9.1:

https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cef/pan-os-91-cef-configuration-guide.pdf

We have been using this for a while, but because now we have

List all deny rules from cli

I have to list all deny rules (from cli)

The following command "show running security-policy | match index " list all security rules by name

For example:

"AllowBrach1IN; index: 1" {

....etc

What I want is:

- deny INBOUND traffic rules only but regarding en

User group Mapping

Wndows logon user name is ABC\xyz, and the user id fetched from AD group is ABC.local\xyz, and because of that the traffic is not hitting the configured rule. Any workaround to fix this?

getting DDNS working with DYN.COM service

I have to deploy some PAN firewalls at locations where ISPs only support DHCP. This seems to be increasing in some countries. I subscribed to DYN.COM but I am stuck on the certificate profile. I need the DYN.COM public cert and CA for dnsalias.com do