How to show the auditing process of objects during policy auditing

Hi Everyone,

I'm a new member FW Palo Alto,
Currently, I have done a dump of the rule checking process, but I cannot show the process of checking each object against the rules in the firewall, so that I can clearly see the rule checking and the matchi

Unable to connect GlobalProtect

GlobalProtect Unable to connect and the web portal showing err_empty_response. Certificate is already installed in the client.

PANGPS log:

(P2832-T9964)Debug( 929): 12/15/23 09:43:34:892 SSL connecting to x.x.x.x
(P2832-T9964)Debug( 487): 12/15/23 09:

Policy match either XFF or layer 3 IPs?

We have load balancers proxying traffic back through a pair of PA5250s and recently started extracting X-forwarded-for data to match in our traffic policies. Is it possible to have rules that match EITHER the XFF IP or the load balancers' proxied IPs

Fragmentation over IPSEC tunnel

when the packets are fragmented and transmitted over the IP Sec tunnel, does PA-FW accept the packets in both of the following options

1. Fragment first then encrypt and forwarded to FW
2. Encrypt first then fragment and forwarded to FW

Web GUI is not working in chrome and mozilla, but working in microsoft edge

Hi team,

But in Edge its working firewall

Destination Static NAT vs Source Static NAT with Bidirectional

Static Destination NAT: This NAT Rule allows users on Internet to initiate traffic to access internal or dmz server with a public IP of the server let's say 13.1.1.10. The inbound request has a Layer 3 destination IP 13.1.1.10, the firewal then appli

Site-to-Site VPN with Static and Dynamic Routing

I read the following article about Site to Site VPN With Static and Dynamic Routing.

https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/site-to-site-vpn-quick-configs/site-to-site-vpn-with-static-and-dynamic-routing 

Th

Wrong Geo location

Hello, couple times we had issue with wrong geolocation. It is very interesting how PaloAlto create ip<->location database.

example: 

from FW:

show location ip 46.8.61.78

46.8.61.78
Czech Republic

regarding https://knowledgebase.paloaltonetworks.com

GRE Tunnel and Multicast Traffic

Hi Everyone,

Hi Team,

We have been trying to configure GRE tunnel. From the configuration end, everything seems fine and we have already followed the official KBs but GRE tunnel nevers gets up. And this is affecting our multicast traffic flow. Same

DNS Security cloud service connection refused

we facing problem since this morning 

DNS Security cloud service connection refused

is this any global outage.

Thanks

Naeem

PA-450R supported SFP

Hi Chapms,

Can you pls let me know if the PA-450R support the following.

PAN-SFP-LX

PAN-SFP-SX

PAN-SFP-100BASE-FX

SSL Termination at Palo Alto NGFW

Can Palo Alto NGFW support SSL Termination
ConsumerAPP (2Way SSL) --> Palo Alto NGFW support --> (1Way) to Service provider

Documentation on the setting "Software Cut Through"

Hi,

   I can't seem to find any info on the setting "Software Cut Through". It's currently set to true on our PA-460. Would that affect the performance of our firewall ?

Thank you,

Antonio