Restoring Palo Alto from AWS snapshot - interfaces etc

Apologies if this is a basic question but first time I do this maybe in a real production environment and I have no prior experience. Does anyone have an example of restoring Palo Alto in AWS (from a snapshot)? Where could things go wrong in the rest

ChatGPT Access

Hi Team,

Users are trying to access ChatGPT and getting error, but we have allowed teh ChatGPT APP-ID and still the same. Not even seeing any error at all. What is the best way to fix it?

Regards,

Sanjay S

NAT traffic from DMZ to another zone

Hallo Everyone,

I am using PA-220

let’s call PaloAlto-Firewall “X”

Office Firewall “Y”

Other firewall “Z”

Firewall X has 8 Interfaces.

Interface 1/1: has the IP-Addressee 192.168.5.254. we assigned this Interface to a Zone Called "DMZ". When this fir

Not able to login into the firewall using admin account

Hi Folks,

We are having PAN-OS:9.1.10 installed on our environment.

We are able to login into the firewall using our admin accounts which are locally created on the firewall with authentication profile set as "None"

Suddenly we are not able to login

URL category block triggers not logging in Panorama

Hi,

I am testing global protect using Prisma Access - Panorama managed..

On panoroma - i have a mobile user security rule applied with a custom URL filtering profile enabled where I have set the action to block for some of the newer URL categories in

pan-os-python Panorama set_ha_peers() method not working

The document I'm referring to - https://pan-os-python.readthedocs.io/en/latest/howto.html > High Availability Pairs

I've been working with the pan-os-python SDK, specifically with a Panorama High Availability (HA) pair. I'm following the documentat

How to Configure IPSec VPN Tunnel when a peer is behind a router without a static public IP

Environment
PaloAlto Next-Gen Firewall
IPSec VPN Tunnel
Topology
PA1 ----- Router ----- PA2

Public IP of PA1 : 10.50.50.50
Public IP of Router : Dynamic IP
Internal IP of Router : 10.20.20.1
Private IP of PA2 : 10.20.20.20

PA2 Private IP is natted by Rout

Shared policy last commit state

Hello -

How long does it take Panorama to update the "Shared policy last commit state" column?  I still see a "failed" even though it committed just fine.

Certificate-Based Administrator Authentication to the Web not work on Passive node cluster

Hello team,

I am configuring a new deployment, "

Configure Certificate-Based Administrator Authentication to the Web Interface"

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/manage-firewall-administrators/config

PA-7000 Series PANOS-10.1

Hello,

We have a PA-7050 firewall that we are looking to upgrade from 9.1.15 to 10.1.10-h2. 

We are following the upgrade path provided by Palo Alto however when we upgrade to the recommended 10.0 release or the 10.1 release the entire firewall c

Sending logs to SIEM one file per type

I am an administrator of a SIEM, for this I have usually asked the paloalto administrator to send me the logs via Syslog using port 514 to the IP of the server I administer.

After informing me that the process has been done, I check a specific rout

Error: failed to handle CUSTOM_UPDATE

HEllo,

I am using 5220 series firewall in 2 different DC. versions 9.0.9 and 9.1.6. When I commit on both firewalls, I get a custom_update error. After check now the dynamic updates, I commit again and the problem goes away.

Any suggestion,
Thank you K