Panorama Theory- Understanding Templates, Device Groups & Firewalls

I am trying to get a clear general understanding of Panorama managed Firewalls & how they work with templates, template stacks and device groups. Can someone please correct and or add to my current understanding as I explain in a scenario below? ...

Setting "log at session start" on multiple rules

I found a KB but it's from 2016 and is no longer applicable. 

I want to enable 'log at session start' on thousands of existing Security Pre-Rules across several Device Groups. I remember a multi-edit function but something's changed and I can't figur

8.1.4 Panorama upgrade _mig mandatory template to template stack migration query

The PAN docs and the Panorama GUI 'panorama -templates' page all seem to imply the stack is a container for a hirearchical list of templates. So that only the templates contain configurations items.

At the 8.1.4 Panorama upgrade _mig template stacks

Cacti Host Template: From PA500 to VM100 - failing

We have enjoyed Cacti statistics from our PA-500 box for years.  But when I replaced the PA500 with a VM-100 then Cacti could no more connect to fetch data via SNMP.  I thought both models used the same protocol and version.  Below you'll see a scree

Why public cloud users did not need Palo Alto before ?

Dear all

We can see heavy public cloud users since 2016. But we did not have Palo Alto on public cloud until recent. Does that mean public cloud does not need 3rd party security solutions like Palo Alto? Because if public cloud users really need 3rd

Re: user-id agent issues

We are using  windows user-id agent for parsing the user and user group mapping info. often i see in the logs that the user is being not recognized and hitting the deny rule.  after couple of minutes it starts recognizing the user and allows the tr

PAN-SA-2018-0015

Hi guys,

Just saw the notice about PAN-SA-2018-0015. Doesn't seem like this vulnerability is a real issue. Am I correct? Or is there a viable way of someone exploiting it?

OSPF separate virtual router

Hi Expert ,

I would like to know can be possible about run  OSPF separate virtual router but the same use area such area 0.0.0.0  and   wouldn't  route to together

Please suggest to me Thank you 

Deleting Panorama templates

Hi, A firewall has been configured with a template from Panorama, the template was then deleted from Panorama.

Can i safely remove the template from the firewall without deleting the config applied through the template?

Add device in Panorama

Hi,

We are trying to add a devices in Panorama. We have checked the conectivity FW-> in port 3978. We can see the packet running tcpdump in Panorama about packets comming from FW.

so connectivity is OK. Everything looks ok. And we have another FWs in

Can Pan-os take action base on rules, condition or report?

Hi.

I have a question about a scenario. Can Pan-OS/Firewall detected a infected host/client pc and take the following action.

Blocking internett access from the infected hosts/client pc and move the infected host to a another security zone?

OR

Just move