How to migrate PA 3220 config on PA 1410

We have 3220 appliance and we want to migrate configuration to new 1410 appliance. Please provide link for migration tool

Clarification Needed: PAN-OS 11.2.x Vulnerability Status and Mitigation

1) Version Clarification 
Is PAN-OS 11.2.x (specifically 11.2.4-h1) affected by CVE-2023-48795 (Terrapin SSH Attack)? The advisory lists up to 11.1.x but does not mention 11.2.x. 
2) Mitigation Confirmation 
If 11.2.x is affected, does disabling chach

New User-Account (__telemetryuser) with PanOS 11.2.10

Following the update to PanOS 11.2.10, a new user account will automatically be created on Panorama and the gateways:
__telemetryuser

I could not find any information about this user. What is this user used for?

Palo Alto Firmware Downgrade

I want to downgrade the firmware of PA-410R from 11.1.4-h7 to 10.1.10-h1. I am trying to access the support portal, but it's not accessible, and I cannot even reach the help line numbers. I want to integrate the firewall with the existing Panorama wi

Error log ": MLAV Server certificate validation failed. " received

Hello Team,

   Just few hours ago we have upgraded our pa 1410 panos from ver 11.1.10-h1 to 11.1.12 recommended by tac to solve error log "devsrsr: virtual memory limit exceeded, restarting ".

Now through these few hours after apparently a successful

PAN-OS 10.2.17 HA A/P - Mgt interface reported as duplicate IP of data interface

After installing PAN-OS 10.2.17 to a PA-440 HA A/P pair  ( to address - CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface . ) 'duplicate IP' system logs reported where the stated MAC address appears to be the fw m

Issue with call recording (flow_predict_convert_rtp_drop)

Hi Team,

We’ve been experiencing issues with the communication between a Cisco softphone and the call recorder. Below is the scenario and a description of the problem:

1. When users place calls from a Cisco softphone, the call is established successfully,

SNMP BULK REQUEST

Hi,

Is there any way to disable SNMP Bulk request on 1410 with PANOS 11.1.4-h1. I am unable to see any option in Device --> Setup --> Operation --> SNMP

Duplicate DNS packets

I'm encountering and issue where we are seeing duplicate DNS (UDP) packets coming out of the palo to the resolving server. Specifically TXT records with multiple packets at the server (resolver) side vs. the normal request/response. At the client sid

Bonjour mDNS Reflector Layer 3 Vlan Interface

Just curious if anyone out there knows why Palo Alto has never implemented the Bonjour Reflector feature in Layer 3 Vlan interfaces.

PAN implemented this a long time ago but it is only available on physical Layer 3 interfaces (or subinterfaces) or

How to allow a user only to push the changes made by him/her on Panorama

Hi Team,

How do I allow a user to Push only the changes made by him/her.

I tried restricting the access using "Allow push for other admins" option but this is disabling the access for any push.

I've tried multiple options but none of them is helpin

OSPF & Static Routes

Hi, 

I have OSPF configured on PA460 firewall with profile redistributing Static. I have another redistribution profile not to redistribute certain subnets/routes. Now I want to add some new routes with metric higher than that of OSPF. Will these rou

LACP Features on Palo Alto Firewall

Hi Team,

I would like to ask whether the Palo Alto Firewall has the following two features:

1. LACP Graceful Shutdown

2. LACP Suspend Individual

Regards and Thank you

NGFW 

Which model is the rack mount kit for the PA-510?

In the datasheet, the rack mount kit for the PA-510 is listed as “PAN-PA-400-RACKTRAY”, but in the technical documentation, it’s written as “PAN-1RU-4POST-RACK-10.”
Is there a qualified Palo Alto Networks staff member who can confirm which one is actu

possibility of secure MQTT's decryption at Palo alto firewall

how can we decrypt MQTT's port 8883 traffic at palo alto firewall, or is it possible.