Load Versioned Configuration (locked)

Hello, community!

I'm trying to export a configuration version from a 3020 and it's not creating new versions whenever I commit a config. Upon checking, I found the last config version says "(locked)" at the end of it. Currently no admins have config

Dynamic Updates Query

Hi Team,

one of our Client had app and threat license earlier now the license has been expired.Both the devices is in HA.So one of the device has been Rma Now i have configured but i have getting error of Antivirus mismatch because threat license ha

Demisto Mail Sender Integration

Hello,

I am using Demisto community edition and i want to integrate it with "SMTP" in order to be able to send e-mails, but i couldn't and encountred the following error message. "(-1, 'E Fatal error: tls_start_servertls() failed') (85)"

So I am askin

Multi-vsys for 3250

A Virtual Systems license is required to support multiple virtual systems on PA-3200 Series firewalls, and to create more than the base number of virtual systems supported on a platform.

PA-3250 support bellow things-
Base virtual systems1
Max virtual s

Flood log triggered by DoS Protection could not be sent to syslog server

Problem description :

Flood log triggered by DoS Protection could not be sent to syslog server.

paloalto deploy: v-wire mode

PANOS : v4.1.8

Settings in paloalto :

1. Device -> Server Profiles -> Syslog -> Add a syslog server with port 514 and LOG_USER fac

AWS IPSec VPN Issue while migrating from PA-5020(HA-8.1.15-h3) to PA-5220(HA-8.1.15-h3) Firewalls

Hello Everyone,
I have an issue while migrating from PA-5020(HA - 8.1.15-h3) to PA-5220( HA - 8.1.15-h3) Firewalls.

1) did .xml running config  file export from 5020 and import into the 5220, but got an error  message while commit. Involved PA TAC eng

How to replace PA-5020 with PA-5220 with minimum downtime?

I am in the process of replacing PA-5020 HA A/P pair with PA-5220 HA A/P pair. At some point, we will remove 5020 and introduce a 5220 and this needs ARP refresh on all interfaces. is there  a script/process I can use to ensure the ARPs are refreshed

Connect pan-vm firewalls to on premise Panorama?

We have virtual Palo firewalls in AWS VPC behind the AWS internet gateway. We are looking to register them to the on-prem panorama.

TLS 1.3 Encrypted SNI No-Decrypt URL Categories

In non decrypted tls 1.3 traffic, how is the firewall in 10.0 seeing the URL that a user requests and how is it enforcing that category?  I've read that tls1.3 encrypts the SNI field, which from my understanding, is the primary way the palo firewalls

Panorama VM running on ESXi 6.7?

Dear community,

I had a Panorama VM running Pan-OS 8.1 without any issue on top of VMware ESXi 6.7, after upgrading to 9.0.4 the host is rebooting the VM from time to time with the following error log:

"..........reset by vSphere HA. Reason: VMware To

Overriding existing User-ID mappings with Captive Portal to elevate privileges

Override the learned credentials through User-ID agent or captive portal for troubleshooting or additional access without involvement of a firewall administrator. (Without clearing from CLI). For example, IT admin is at users place and need to overri

How to migrate logs from M-100 to another M-100 in mixed mode by moving the logging disks

User-ID Based Overide

Hello Everyone, 

We are looking a solution in a case wherein PAN-OS firewall are deployed with only USER-ID based policies for different group of orgranizations. 

Now everyhintg is working as expected but IT Engineers are getting trouble in Installing

Global Protect with Client Certificate Authentication

Hi all,

can somebody tell me if there is a manual or howto,
which describes in detail how to confígure this.

I read the "Quick Start Guide GP" and this thread
https://live.paloaltonetworks.com/message/7126

But I'm not getting it t work. When I connect to