PA equivalent of ASA packet tracer?

One of the more useful features in troubleshooting on the PIX/ASA (which we used until recently) is the packet tracer, which allows us to enter source/destination IP/port, etc and check to see if a given connection is allowed or blocked, and by which

unable to access the firewall through both the GUI and CLI modes

I am unable to access the firewall through both the GUI and CLI modes, but the internet is functioning properly. The firewall gateway is located at 192.168.0.1, and it is reachable via ping.

HA-Palo Alto with 2-Diffrent ISP

Dear Community 

i have 2-PA configured as HA and need to be redundant for ISP,so i have interface from ISP-A and another one from ISP-B, and from internal service i have VM server that needs only one IP statically work with NAT and 2-Vsys,and using s

CVE in the “Vulnerability protection” profiles

Hi

We have a doubt about the inclusion of CVEs in the “Vulnerability Protection” profiles.

Currently [CVE-2025-0282][CVE-2025-0283] are not included in the list of signatures.

Is it possible to request Palo Alto to include them and is there a procedu

Panorama Error: Number of address group(x) exceeds platform capacity(x)

Hi All,

We onboarded the 1 pair of Palo Alto firewalls into panorama. It is successfully onboard. New Template stack pushed successfully to firewall. But the device group was failed with “Error: Number of address group(x) exceeds platform capacity(xx

Can't find PAN-OS for VM

Hello,

In my customer support portal, I can't find the VM version for PAN-OS. Is this related to my license, or did Palo Alto remove it?

Thank you!

Best regards,
Murillo Castiho

I am having issue with webservice stopped

I am having issue with webservice stopped i tried to restart it is getting stopped GUI mode is not working only CLI is working

speedtest is not correctly identified with and without decryption 10.2.4 latest app-id

hi guys, 

I searched through and it looks like it's an know issue that speedtest.net is not correctly identified by app-id 

I use app -default setting on the policy 

The policy cannot  really see speedtest.net's traffic and identifies  the traffi

Setting Up a Remote VPN using Connect Before Logon

Looking for some assistance as I am building out a remote vpn using Connect before logon for my Palo Alto. 

Does anyone know a simple, easy way to set this up with LDAP. Some article are outdated and some are inconsistent in their approach verse othe

Unable to commit changes

Hello team, i have been facing the below error when trying to commit changes in palo alto firewall pa-1420

invalid local dhcp setting for monitor destination 8.8.8.8 (module routed client routed phase 1 failure

please help.

GlobalProtect fails to connect to backup gateway when portal is down

Hello,

PAN-OS 8.1.4; GP 4.1.6
I am using only the one VR with dual gateways and ECMP routing enabled with WRR (Weigthed 1/4 (WAN1=50, WAN2=200).

I have one portal configured for WAN2. I have two (2) gateways; one on WAN2 and one on WAN1. When WAN2 is

Hardening Guide for PAN NGFW and Global Protect

For compliance reasons, specifically StateRAMP (and likely FedRAMP in the distant future), I'm looking for any hardening guides or STIG for the PAN NG-FW and Global Protect or even general best practices.   I feel odd asking for "security hardening"