Did you do any policy trace as you may have allowed just the icmp and not web-browsing or SSL (if you don't do decryption Palo Alto will see most applications as just SSL)?
You may also do policy trace for the NAT and check if you are using SSL decryption as if it is not configured corectly you may see issues. I suggest also doing pcap capture at drop and transmit stage as to see if the firewall is droping the traffic or not transmitting it as it could be GNS3 issue. I have made an article in live palo alto for such checks if the issue really is because of the firewall:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!