GRE tunnel issue with packet size

Hello,

I am migrating old ASA to Palo Alto PA-440, one of the things i am trying to migrate is IPsec tunnel, that Ipsec tunnel carries only two remote hosts which are sources and destination for GRE endpoint on Cisco Switches. When i try to migrated

When to use zone type Tunnel

I am setting up a lan to lan tunnel between my palo alto firewall and another palo alto device.  When I look at the documentation online, they suggest I create a new zone and set the type to "layer3".  But I also see a type "Tunnel" in there.  I woul

User Mapping - Server Monitoring Issue

I am currently having an issue with the Server Monitoring.

When I add the DC to this section then under Type: Microsoft Active Directory I want to use the Transport Protocol WinRM-HTTPS but it is only showing WMI and is greyed out.

If I swap the type t

Join us for an amazing virtual event - Ignite: What's Next - October 28, 2025

AI is upon us, and here's a fantastic chance to learn more about it!

During this virtual event, we will be hearing from top industry experts and senior executives within Palo Alto Networks about PANW's plans for AI to help drive a more secure futur

A/A vWire Deployment Forwarding MAC Address on HA Links?

Hey Guys,

I'm having an odd MAC flapping issue when I implemented a A/A PAN under a A/P ASA. I'll give the high level and attach a topology with the failure patterns I saw.

We have a pair of 5585X's as the traditional L3 / L4 internet facing Firewall

Feature Request List

Hi community

In a lot of topics there are discussions and questions about PAN-OS enhancements and missing (not yet implemented) features. So far the PaloAlto Feature Request list isn't available to the public but in a lot of these existing topics f

Broken capture in SASE workshop registration

I'm not sure of the best location for this. I'm trying to register for a SASE workshop (and I'm not sure if it's online or not, but that's another conversation), and I need to complete a captcha. Unfortunately, I can't see most of it (see the attache

Bulk changing target device in policy set

I have several policy sets which have between 500-900 rules each and are being re-used for a firewall migration. Each of the sets has the old 850 palo set as the target device. To save time on migration night I am looking to change the target to "any

Commit Failed on Passive Paloalto-3250-admin-role -> AdminRole -> role -> device -> webui -> objects -> packet-broker-profile unexpected here

Hi , Please help , after installed dynamic update of antivirus on Active & Passive PaloAlto-3250, commited successfully on Active but not able to commit on passive.. after commit failed on passive try another way made appication & threat shaedule non

S2S VPNs using Self-signed Certificates

What is the procedure for configuring Site-to-Site VPNs using self-signed certificates?

For example, we need to establish a VPN between Firewall A and Firewall B.

The documentation describes how to create a self-signed Root CA certificate, but it doe