PAN-OS Group-Mapping - Alternate Username attribute limitation ?

Is there limitation of the Alternate Username attribute that be used ?  Per example, I'm using a extra attribute which is "uid" which is available in Microsoft AD User attribute. From tcpdump trace, I can see that FW ldap request and AD response prop

query traffic log not working when activating from dynamic group?

trying to use monitor (query traffic log) by way of drop-down arrow on a dynamic address group, it gives error saying ' doesn't exist or doesn't contain any member'. However, activating the monitor from a policy rule name which uses the dynamic group...

Cyber Elite interview with MP18

Hey there everyone.

I wanted to let everyone know that the Cyber Elite experts are among our top contributors within LIVECommunity, and our first interview is with @MP18. 

Read the blog here:

https://live.paloaltonetworks.com/t5/blogs/get-to-know

How to create e new network interface on a device using Panorama

Hi all,

I'm quite new using Panorama.

I need to create a new network interface on a device managed by Panorama.

I tried to modify the template but when I push it to device I got an error telling that there isn't that interface.

Of course I miss something

URL filtering and white list

Hi,

I would like to do url white listing. before i do white listing , i would like to monitor all url of users and office application.

after that i would like to allow specific url only. In paloalto monitoring is only show destination ip address and ne

Sending Before Change and After Change details in Panorama to Syslog

I've been testing the logging of change events to a syslog server from Panorama.  Syslog events indicate a change made by a person and the general section of the change without giving any specific details of what was changed.  Looking in Panorama in

the SKU to Upgrade VM license bundle?

When upgrading from VM100 to VM300, is there an upgrade SKU with discounted price or use the SKU# "PAN-VM-300-PERPBND2" with regular price?

Thanks,

Michael

MFP devices wont scan to email anymore

Hello guys and Happy New Year!!

First time when I use an palo alto device. So I configure this device PA-220, and I put it on my network.Everything works great but I have some problems; For example now all my MFP devices wont scan to email anymore. I

CONFIG logs and syslog

Hi there,

we're shipping our logs to a centralized syslog instance. That works great for all types of logs from the PA with the exceptions of the CONFIG logs.

The CONFIG logs are submitted at all, with the problem that the interesting parts "before-ch

Virtural router how many do have and when to have multiple

Hi

So I am doing some network segregation.

I have  vr with say 40 interfaces on it.

I want to add 3 more.

can i create a new vr (vr_b)

place the 3 interface on the new vr (vr_b) and then create a vlan to connect vr original (vr_a) to new vr (vr_b)

When