General Topics

Type: INNR in session id detail.

Hi team,

What does INNR represents in type when looking at the session ID details.

I know that this happens at child session, when parent session ID belongs to the HTTP/2 ID.

If you guys have any idea about what INNR represents, let me know.

Windows 11 Global Protect App not booting at login screen for Prelogon Solution

Machines affected at the time of writing are running the following: OS Version: Windows 11 Build # 10.0.22631.5624
Global Protect Client Version: 6.2.7-1047

We are introducing our environment to our PA Prelogon Solution which is using a certificate

Mgmt Traffic over VPN

Hi All,

  I am looking to deploy a few (4) PA-440's into the field. What is the best way to configure my remote firewalls to send MGMT traffic 3.3.3.3/24 (using loopback) over a vpn to central firewall to pass along to panorama MGMT (10.10.10.10/24

jQuery vulnerability on management interface of PA-3220

Hello all,

Our customer is currently using PA-3220 running PAN-OS 11.1.
During their recent vulnerability scan, the following CVEs were reported that jQuery used on the Web management interface;

CVE-2018-8046
CVE-2007-6758

Questions:
1. Do these v

Cloud NGFW Credits issue

Hello All,

I recently purchased Cloud NGFW for azure and purchased paloalto credits as well.

my Azure NGFW shows as PAYG ( Pay us you go) instead of showing license with my credit.

is it possible to change my PAYG license to credit based.

spanning tree portfast for cisco to palo links

I am moving some palo interfaces to a new cisco switch. 

What is the recommended spanning tree configuration on both palo and cisco sides when connecting these devices?

PA(config-if)# spanning-tree port type ?
edge Consider the interface as edge por

Creating CSR with SAN via API calls

Hi,

I am trying to create CSR via API calls with subject alternate name for hostname and ip address, but I cannot find it in documentation. Simple creation of CSR works for me
https://10.XX.XX.XX/api?type=op&cmd=<request><certificate><generate><certif

wrong traffic matching rule

Hi this maybe a simple or dumb question, but I have a rule shown below that has specific sources defined. I thought the rule would only match on those host listed in the source, but when looking at the logs, I can see other source IP's are matching o

palo alto firewall slow performance

We are Facing palo alto firewall slow performance issues. 

Adobe Creative Cloud update and PaloAlto Content-ID

Hello,

We have several of our users that are using well-known Creative Cloud client to download/manage/update/upload/assess/enhance/whatever their wonderfull Adobe softwares (Aftereffect, DreamWeaver, ...)

We have a PA with application-based policies

Advice on dual isp, getting dns to work

Hello all,

I currently have a PA440 and I have 2 isp's, ATT and comcast which will be our backup and it's my 1st time setting this up, we are a small business of about 80 users, I already followed how to configure dual isp redundancy on the links pro

Moving an AE1 OSPF transit link into another AE port what changes will be required?

Hi all, 

I am looking to move an existing AE1 interface which operates as an single OSPF transit to another AE3 port with other sub interfaces also configured.

What changes should be completed and considered when doing this to retain network connec