How can I block VPN users connected to Server to access to a specific application via url filtering

Migration from 220 to 3020

Hi All, Need to migrate palo alto 220 with same configuration and connectivity with palo alto 3020. Please let me know what are the steps need to considered and if any document is available please share it.

Block File upload on facebook Messager and instagram

I get a request to allow users to access facebook and allow users to use text chat and comment only. If users want to upload or send files, the firewall has to block them. Instagram as well, does not allow users to upload anything, but they can log in view, and comment. I have configured SSL Description, created a policy to allow facebook-chat...

PA-820 slow gui

Hi all, We're using a PA-820 machine running version 10.1.6. Ever since upgrading to 10.x version the GUI is extremely slow, while the management CPU is showing very low utilization. The slow GUI is in every screen, not just logs screens. I don't know if it's relevant but we're using several EDL objects, some of them have thousands of entries....

PAN-OS XML API filtering question

Does the PAN-OS XML API for Global Protect previous users have a time filter option? I didn't see one documented. This query returns all previous users in the firewalls logs, but really I just want the last hour: https://<firewall _address>/api/?type=op&cmd=<show><global-protect-gateway><previous-user/></global-pr...

URL Filtering Categorisation Justification

Hi! We're running URL filtering on our PanOS campus firewalls and I very often get asked to add domains to our 'allow list' - almost always because they're newly registered domains. On occasions we've had sites requested that fit into more serious categories - the latest being 'grayware'. These are very often personal web sites used for teachi...

Power Supply Comparison - PA-220 vs PA-440

Hello, all - We have several remote locations running about a dozen PA-220 FW units which we are replacing with PA-440s. I would prefer to make this as painless as possible and may even have the non-technical onsite staff do the hardware swap. I'm just having a bit of a quandary when it comes to the power supplies. The spec sheets are a little...

Pancast: Have an Idea for an Episode?

Hey Everyone! Have you listened to the PANCast podcast? PANCast is a Palo Alto Networks podcast that provides actionable insights from cybersecurity experts to customers, helping ensure each day is more secure than the one before it. Since launching last September, PANCast has produced and published 10 episodes — including titles like “Shou...

GotoWebinar WebCam Issue

Hi Team, Users are trying to enable webcam when they are on gotowebinar meeting. However, they are unable to enable the CAM and other things works absolutely fine. Below are the steps i followed to tshoot this issue. > Created a rule with the APP-ID gotowebinar and gotomeeting to allow access.(This did not help) >Tried checking logs and fo...

Export Management Permitted IP Access List

I have been looking through posts but cannot seem to find what I am looking for. There are some Management Interface Permitted IPs on our Firewalls that do not match the Template that we have for them in Panorama. Is there a CLI command where I can export the Permitted IP list for a firewalls' Management access? From the GUI there doesn't seem...