General Topics

Bulk changing target device in policy set

I have several policy sets which have between 500-900 rules each and are being re-used for a firewall migration. Each of the sets has the old 850 palo set as the target device. To save time on migration night I am looking to change the target to "any

Broken capture in SASE workshop registration

I'm not sure of the best location for this. I'm trying to register for a SASE workshop (and I'm not sure if it's online or not, but that's another conversation), and I need to complete a captcha. Unfortunately, I can't see most of it (see the attache

About side scrolling in the UI

Hi. I'm used to do side scrolling in Chrome by using this combination: shift + mouse wheel.

But when I try that (for example in the Policies tab) i get "diagonal" scrolling.

I think that current implementation of scrolling relies on javascript. You s

Feature Request List

Hi community

In a lot of topics there are discussions and questions about PAN-OS enhancements and missing (not yet implemented) features. So far the PaloAlto Feature Request list isn't available to the public but in a lot of these existing topics f

Paloalto Images not available

Hello Gents,
I noticed, Paloalto has removed access to the VM resources.
I dont see "Updates" tab in the menu.
Earlier I used to download KVM/QCOW2 from my personal account (Not Organizational Account).
But now its not available, can anyone help me downl

Cloud NGFW Credits issue

Hello All,

I recently purchased Cloud NGFW for azure and purchased paloalto credits as well.

my Azure NGFW shows as PAYG ( Pay us you go) instead of showing license with my credit.

is it possible to change my PAYG license to credit based.

Type: INNR in session id detail.

Hi team,

What does INNR represents in type when looking at the session ID details.

I know that this happens at child session, when parent session ID belongs to the HTTP/2 ID.

If you guys have any idea about what INNR represents, let me know.

Windows 11 Global Protect App not booting at login screen for Prelogon Solution

Machines affected at the time of writing are running the following: OS Version: Windows 11 Build # 10.0.22631.5624
Global Protect Client Version: 6.2.7-1047

We are introducing our environment to our PA Prelogon Solution which is using a certificate

Mgmt Traffic over VPN

Hi All,

  I am looking to deploy a few (4) PA-440's into the field. What is the best way to configure my remote firewalls to send MGMT traffic 3.3.3.3/24 (using loopback) over a vpn to central firewall to pass along to panorama MGMT (10.10.10.10/24

jQuery vulnerability on management interface of PA-3220

Hello all,

Our customer is currently using PA-3220 running PAN-OS 11.1.
During their recent vulnerability scan, the following CVEs were reported that jQuery used on the Web management interface;

CVE-2018-8046
CVE-2007-6758

Questions:
1. Do these v

spanning tree portfast for cisco to palo links

I am moving some palo interfaces to a new cisco switch. 

What is the recommended spanning tree configuration on both palo and cisco sides when connecting these devices?

PA(config-if)# spanning-tree port type ?
edge Consider the interface as edge por

wrong traffic matching rule

Hi this maybe a simple or dumb question, but I have a rule shown below that has specific sources defined. I thought the rule would only match on those host listed in the source, but when looking at the logs, I can see other source IP's are matching o