Force BGP Peering over a certain interface/path

I have many paths through my network and my palo altos are choosing to peer iBGP with each other over the Northbound paths to the next level of of switches. I want them to use the links south bound to my datacenter core to peer BGP. They are peering

USER-ID and problems with runas /netonly in combination with MMC modules

Hello, 

as a safety measure i placed my workstation in a different vlan and from there i'm managing our network and servers which are located in the designated dedicated vlans. 

On the firewall we have a rule which makes it possible for our 'admin' a

PAN DB URL filtering issue.

Dear all,

One of my customer PAN DB License expired and we try to block all Youtube videos excluding some the vidoes links in Youtube. 

My query here is, whether if the device without a valid PAN DB Licence we will be able to acheive the above requir

Difference between commit and commit force?

Somebody told me that #commit force pushes the entire configuration to the data plane.

Could you please let me know what you mean by entire configurations? 

Thanks in advance!

Vulnerability in PA?

Hi,

We just received info about this vulneraability:

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

So we would like to know if PA appliances are impacted?

Thanks

Panorama Local Log Collector.

Hey, I have a HA pair of firewalls in SiteA and a HA pair of firewalls in SiteB. SiteA and SiteB seperated by a 1Gb WAN. I have Panorama deployed in HA, one VM in SiteA and one VM in SiteB. I want the firewall in SiteA to send logs "only" to the Pano

sip invite method request flood attempt

I have recently been dealing with sip invite method request flood attempt show up not only in my threatsm but also making it impossible to make calls external or external to internal calls because its trying to call a number every 4 seconds and takin

Allow outbound web traffic by exception by session while utilizing authentication

Is it possible to block all outbound http/https traffic on an authenticated per-session basis instead of a per-client basis? I currently have my PA setup so that it will only permit web traffic after authentication (using captive portal), however thi

Kerberos SSO PAN-OS 7.0.1

Hello,

at the moment I'm trying to set up a SSO Auth with the Admin Web Interface (and Captive Portal). I set it up like the documentation of PAN-OS 7.0 told me. I tried different Crypto types but all with the same error.

1. Log in to the KDC and open