Force URL-Filter if GlobalProtect is disconnected

Hi together!

Is there a possibility to force a client to use a (local/cloud) URL-Filter if the Global Protect Client is NOT connected to the gateway?

Enforce Global Protect connection / define 40 FQDN exceptions is not really a solution.

Maybe th

PA-445 on PAN-OS 11.1.2-h3

First time posting so please bare with me.

Currently running into an issue that looks like a potential bug or an issues specifically with the PA-445 model (Support Case has been submitted and is in the works; but we'll see what happens) Two differe

BGP Route Advertisement /Export Rule

Need some help with advertising specific routes over BGP and hoping someone can help.

I have a site-to-site tunnel setup between AWS and my on-premise PA Firewall. I am receiving routes from AWS over BGP as expected. No issue there and I am able to

QOS issue error

any idea on below error.

Enviorment:-
OS - 10 2 8 h2
Model - 5220

2024-07-29 19:25:19.349 +0800 Error: gryphon_qos_perform_set(5200/gryphon_sysd.c:389): Set shaper on port 42 index 0 failed with ret -4

Load Balancing in NGFW

Hello All, I am writing to request if there is a way to perform load balancing in a firewall. Case in point an organization has two traffic links for internet lets call them link A and link B. So i need social media traffic to be rerouted to link A a

11.1.3-h2 - Post Install question

Hello,

After installing 11.1.3-h2 the Device -> Software view is different. Now I don't see the currently installed version or any more recent versions like 11.1.4. 

Is this a known issue?

Thanks,

Jon

spyware alerts for <something>.fmb.la

this just started popping up for DNS queries inside going outbound, my PA440 is dropping the packets as a spyware threat. This is quite a new development, probably last 24 hours.

Example action below:

name-of-threatid eq 'generic:com.fresh.fmb.la

Device Certificate Issues.

Hi Friends,

One of our customer is facing issues in fetching the device certificate on a PA-410 device running on PAN OS 11.0.4-h2.

We are logging into the CLI of the firewall with Super User credentials and try to fetch the certificate with the

PA-450 is not booting

Hi everyone,

We are currently configuring a new Palo Alto PA-450 and the device is no longer accessible by web management and over console.

At the first power on booting has been done normally and all led was blinking fine. We started access the We

Validation Error for High availability

The error message when commiting is:

• Validation Error:
• deviceconfig -> high-availability -> group -> state-synchronization unexpected here
• deviceconfig -> high-availability -> group -> state-synchronization is invalid

I configured high availability usi

synchronize google organizational units to PAN

hello team:
Is there a way to sync organizational units from google to Palo alto?
or from Device > Authentication profile > advanced > allow list > all
Greetings.

#paloalto

Advertised static route on BGP over IPSEC.

Hi all,

I have established BGP peer.

I've created redistribution profile with interface that i want to advertised to BGP

The subnet directly connected to interface could be reached/ appear in local RIB

My next objectives :

I have point-to-point f