Panorama PAN-OS 8.0.8 and always highlighted (Green) Commit button

I have recently upgraded Panorama from 7.1.x to 8.0.8. Although there are no changes and all firewalls are "in sync" for the configuration, the Panorama "Commit" button is Green/Highlighted. Is there anyone using Panorama with 8.0.x and seeing the sa

Palo Alto firewall generates SSL version / cipher suites errors

Hi, i have a very strange issue. I have a webserver protected by a palo alto NGFW, if i disable inbound ssl inspection policies everything works fine and i can access the server as intended. 

However when i enable the inbound ssl inspection policy, w

USER-ID - Windows Server 2016 - Event Log Viever permission issue

I cannot read AD logs on Windows Server 2016 with the event viewer read group access. Is there anything special that needs to be on Windows 2016 Domain?

Thanks

Dynamic Update from Panorama doesn't work

I want to use Panorama to perform dynamic updates for the "Antivirus" and "Applications and Threat" sections.

On remote firewalls, I configured Panorama as the update server.
I also scheduled the automatic update via a template.

In Panorama, I have the

DNS Format That sent to Arcsight it contain www?

Malicious domain names some of them contain www before domain name like www.xyz.com.

so if there is any solution to define that as domain name only like (xyz.com) to use it in correlation rules.

Why is this traffic allowed when the rule should not allow it?

I am tidying up some rules that were "rush" jobs as part of the initial deployment.

One rule "TEST-VI" was 

SRC ZONE - TRUST  
DST ZONE - Partners
DST Addr - I%%%%%A-VIP

Application - Any

I was going to get rid of this as there is another rule after it

GlobalProtect LDAP Authentication Fails

I have succesfully set up local login for GP but struggling to set up LDAP authentication. The CLI test says that its succesfull, but it fails whne using GP

Any tips please?

Subject Alt: Email for GP authentication

I've been trying to setup this scenario. But I keep getting subject as username on GP portal. 

Is there any trick? Because configuration is pretty simple.

Delete object group, created new obj. group, policies and objects deleted - how to revert back?

Since we do not have any spare Palo Alto FW's and our is production I must ask before doing something wrong...

I deleted object group (that included 2 HA FW's), created new one with the same 2 FW's comited to Panorama, but now the rules and objects a