General Topics

9.0.9-h1 for Panorama?

I am looking to upgrade our VM Panorama devices from 9.0.6 to 9.0.9-h1 but whilst I can 9.0.9h1 via Panorama>Device Deployment>Software I cannot see it available under Panorama>Software. Does that mean that it is not available for my device?

GlobalProtect Pre-Logon setup uses multiple IP addresses

I have setup GlobalProtect with Pre-Logon configuration, but between the "pre-logon" status and "post-logon" status of the same computer I am getting 2 different IP addresses.  For example, during pre-logon I get 172.16.4.201, but as soon as a user l

Paloalto PAN OS7.1.6 to PA 3250 8.1.13 migration

Hi,

I would like to migrate one PA 4020 EOL device which is on PAN-OS 7.1.8 and I got one new PA 3250 with 8.1.13 PAN-OS. Can someone please suggest how I can do this migration?

I appreciate your time and help. 

Timeout when connecting to Azure

I seem to be having an issue where the microsoft_graph_secapi output nodes aren't succesfully connecting to Azure.

I don't know what I could have possibly configured wrongly to cause this.

PA-VM deployed in Bluvalt cloud (openstack)

Dears,

I'm new in paloalto firewall.

We deployed PA-VM in  our provider Bluvalt cloud (openstack) and we need to use vpn site to site tunnel with another provider.

 I will be grateful if anyone can help us to make the settings from the beginning.

UserID 8.02 and Windows 2016 server problem

Hello

I know that on this forum few peoples reported that this configuration working (but still isn't supported).

I moved config from my old userid server to new one (everything typed from keyboard) but when I try to start UserID I got error:

Virus/Win32.WGeneric.akrgog

Hello,

I'm getting a Threat Detection - Virus/malware identified by the name "Virus/Win32.WGeneric.akrgog" when a user tries to open a particular PDF file. When looking at the Threat log I can see the PDF file being blocked and identified as a 'Virus.

GlobalProtect Internal not getting User-ID

I have internal globalprotect setup on a system, but i don't see any user-ID associated with that system IP. It is configured to save credentials. User-id is configured on zone and interface management profile as well. 

How to create policy between vsys.

Hello Team,

New to palo alto..and need one help. Below is my topology.

I want 10.1.1.0/24(vsys1) to communicate to 10.2.2.0/24(vsys2) and the route is via L3 device.

What should be my policy here? Shall i create below policy

Source Zone-Zone A

Source IP-1

Panorama web gui VM series required daily reboot. web gui does not load

Hi,

I have installed VM series panorama version 9.0  but it required every day VM reset to load the web gui. is there any bugs in the panorama version 9.0?

commands to debug traffic between two host using Palo alto firewall

Can some one help with documentation with running debug  commands on palo alto firewalls.

For example syntax to monitor traffic between two particular host.

Thanks for help in advance.

User grouping firewall policies for all firewalls

Hi all,

I like to ask if it is possible, and and hot to build a scalable solution for AD grouping info to all firewalls managed by panaroma so that they can create firewall rules based on user id and grouping. 

Current environment I am testing:

1 panor

External/Untrust IP's showing up as Internal/Trust

I am at a complete loss as to what I am seeing. I have PA-3250's running 9.1.2 code in L3 mode. The interfaces are split up into 2 aggregated ethernet interfaces, each using subinterfaces (ae1.706, ae1.707, ae2.699, ae2.698, etc.) When looking at tra