Palo Alto and Captive Portal for Kerberos

HI all

We have a Palo Alto deployed in AWS and have a requirement to check for a users AD group before letting them into the network.

We cannot use User ID Agent as we are not allowed to set up connections to domain controllers as we have over 10 and t

Object xpath in PanOS config logs

In the PanOS GUI under Config logs there is column "Full Path", which shows the full xpath of the edited objects. However the "Full Path" is not part of the actual syslog Config message and I also can't find a customer "Full Path" field in the Custom

want to block IP address.

Dears,

I have one internal working website. i want to allow the website by the URL and want to block by the IP address.

Example:- website name -       https://example.com

                  ip address -                 192.168.1.50

If any user browse this

PowerBI Desktop Sign In fails with SSL Decryption

We are rolling out SSL Decryption for a group of test users and we run into an issue with PowerBI Desktop.

When we try to login in PowerBI Desktop it fails and shows that it cannot setup a trusted SSL/TLS connection for the sign in.

I am looking into

Load Versioned Configuration (locked)

Hello, community!

I'm trying to export a configuration version from a 3020 and it's not creating new versions whenever I commit a config. Upon checking, I found the last config version says "(locked)" at the end of it. Currently no admins have config

Dynamic Updates Query

Hi Team,

one of our Client had app and threat license earlier now the license has been expired.Both the devices is in HA.So one of the device has been Rma Now i have configured but i have getting error of Antivirus mismatch because threat license ha

Demisto Mail Sender Integration

Hello,

I am using Demisto community edition and i want to integrate it with "SMTP" in order to be able to send e-mails, but i couldn't and encountred the following error message. "(-1, 'E Fatal error: tls_start_servertls() failed') (85)"

So I am askin

Multi-vsys for 3250

A Virtual Systems license is required to support multiple virtual systems on PA-3200 Series firewalls, and to create more than the base number of virtual systems supported on a platform.

PA-3250 support bellow things-
Base virtual systems1
Max virtual s

Flood log triggered by DoS Protection could not be sent to syslog server

Problem description :

Flood log triggered by DoS Protection could not be sent to syslog server.

paloalto deploy: v-wire mode

PANOS : v4.1.8

Settings in paloalto :

1. Device -> Server Profiles -> Syslog -> Add a syslog server with port 514 and LOG_USER fac

AWS IPSec VPN Issue while migrating from PA-5020(HA-8.1.15-h3) to PA-5220(HA-8.1.15-h3) Firewalls

Hello Everyone,
I have an issue while migrating from PA-5020(HA - 8.1.15-h3) to PA-5220( HA - 8.1.15-h3) Firewalls.

1) did .xml running config  file export from 5020 and import into the 5220, but got an error  message while commit. Involved PA TAC eng

How to replace PA-5020 with PA-5220 with minimum downtime?

I am in the process of replacing PA-5020 HA A/P pair with PA-5220 HA A/P pair. At some point, we will remove 5020 and introduce a 5220 and this needs ARP refresh on all interfaces. is there  a script/process I can use to ensure the ARPs are refreshed

Connect pan-vm firewalls to on premise Panorama?

We have virtual Palo firewalls in AWS VPC behind the AWS internet gateway. We are looking to register them to the on-prem panorama.

TLS 1.3 Encrypted SNI No-Decrypt URL Categories

In non decrypted tls 1.3 traffic, how is the firewall in 10.0 seeing the URL that a user requests and how is it enforcing that category?  I've read that tls1.3 encrypts the SNI field, which from my understanding, is the primary way the palo firewalls

Panorama VM running on ESXi 6.7?

Dear community,

I had a Panorama VM running Pan-OS 8.1 without any issue on top of VMware ESXi 6.7, after upgrading to 9.0.4 the host is rebooting the VM from time to time with the following error log:

"..........reset by vSphere HA. Reason: VMware To