TAC Recommended PAN-OS Release 9.0

Hi Guys,

We are running 8.1.6 on our PA Gateway and Panorama and would like to upgrade it to 9.x.x. I went through the Release Guidance and it says the preferred released version is 9.0.4

https://live.paloaltonetworks.com/t5/Customer-Resources/Suppor

DNS Proxy for Specific Vsys to resolve FQDN Object

Can I create a DNS-proxy for a specific proxy to resolve FQDN created in object>address.

I create a DNS-proxy with the DNS profile but it didn't work, the firewall use always the DNS configured in Device>Service>Globale

IPS signature for Zero Day vulnerability in Google Chrome

Hi Team

Please let us know the IPS signature for Zero Day vulnerability in Google Chrome. Need to block this.Please help us.

Regards

Mohammed Asik

Panorama VM CMS Prompt

Hi

I tried installing Panorama Base image ova on VMWare Workstation and also on VMware Fusion and every time it boots into “PA-CMS login:” mode.

I have tried different options with different Workstation and Fusion versions and different guest settings.

docs.paloaltonetworks.com/panorama broken?

Hi guys, I noticed that not a single link pointing to https://docs.paloaltonetworks.com/panorama is accessible anymore.

A lot of documentation points towards this path so I don't think this is desired?!

Examples:

https://docs.paloaltonetworks.com/reso

Bypass Firewall and block Download Accelerator

https://wordpress.com/post/nbctcp.wordpress.com/1811

I want to know whether PANOS 9.x be able to block some technique to bypass firewall and download accelerator such as

1. DNS over TLS (method 11)

2. Soft Ether (method 7)

3. ZenMate (method 3)

4. Opera

URL filtering Expired License and unable to see the option action on expired license - block

We have PA connected and managed by the Panorama.

We have some PA where url filtering is expired and and url filtering profile is pushed from the Panorama.

When I go to Panorama and open the url filtering profile I only see action on expired license

Zone protection and Dos Protection

Hi all,

dos protection rule can override zone protection?

I have a zone protection activated for OUTSIDE and a policy in dos protection from OUTSIDE to INSIDE.

In zone protection there are specific features (like ip spoofed) that are not present in dos

Routing table limitations

Does anyone know if there is a way to re-allocate the resources reserved for IPv6 routes to IPv4 routes?  Our IPv4 routing table contains approximately 6300 routes, and the Palo Alto limit of 5000 IPv4 routes doesn't see all of them, but we don't use

Memory PA5250

Hello All,

How much memory does PA 5250 had?

Overlapping GlobalProtect Portal agent config AD groups

Does anyone know how Palo treats overlapping Active directory groups for portal agent configs?  Is the list read top down for handing out configurations to the agent if a user exists in multiple groups identified by the portal?

Google Safe Search Update

Enforcing Google SafeSearch with Palo Alto Networks Firewalls - Lockstep Technology Group Blogs

Enforcing Google SafeSearch With Palo Alto Networks Firewalls

Lockstep works with a number of organizations that require filtering of inappropriate web base