Upgrade 5450 to 11.1.6h10

I am currently on 10.2.10-h9 going to 11.1.6h10 (preferred). Has anyone experienced any issue with the new release on 5450 FW? In the past I upgraded to 11.1.4-h7 and it went horribly BAD. Not the upgrade process but that release 11.1.4-h7 has bugs. Non of the websites we are hosting were accessible. sometimes it works and other time so mu...

BFP with OSPF graceful restart causing outages during failover

Dear community! In a active/passive configuration with OSPF graceful restart and BFD enabled, when we do failover we experience a downtime 1 minute after the failover and it takes about 10 seconds to be fixed. Checking the logs it looks like the firewall builds the new BFD sessions with the core switch, but after 1 minute after the failover th...

About BUG PAN-226361 for PA-820 device running version 10.2.10-h9

HelloI wanted to ask you a question about a problem I just encountered, I have seen the BUG PAN-226361 reproduced in the PA-820 equipment is in version 10.2.10-h9 and yet this BUG has been corrected in the hotfix 7 of the same version, does anyone know if it has been re-activated in higher versions and what is the recommendation of Paloalto in t...

Paloalto firewall google drive blocking -- quic based problem

Hello,We are experiencing an issue with blocking Google Drive access through Palo Alto Firewall despite applying several mitigation steps.Current Setup:SSL Decryption is enabled and functioning.Security policies and URL filtering are configured to block:drive.google.comdrive.google**.drive.google.com*.google.com (selectively for Drive-related se...

MItre ATT&CK Mapping for Palo Alto NGFW

Hi Community, I am wondering if there's available Mitre ATT&CK coverage for types of data sources that a Palo Alto NGFW is mapped to?

Subject: GlobalProtect Connection Issue After SSL/TLS Certificate Renewal

Hello Team, We’re currently experiencing an issue where GlobalProtect is not accessible after renewing the server certificate associated with the SSL/TLS profile used by our GlobalProtect portal. Error message:GlobalProtect: Connection Failed. The network is unreachable or the portal is unresponsive. Check the network connection and reconnect. T...

Updating firmware with pending commit

What happens to pending commits if the firewall firmware is updated and the reboot occurs? We have made some interface changes for an upcoming project, but it has been pushed back. If I update the firmware, will the commit be completed or will it stay as pending?

Ansible Galaxy - panos - not ready for advanced routing

When will the Ansible Galaxy be ready for advanced routing? For instance on the module: panos_interface there is no option to choose the Logical router, only virtual router.

Can anyone give me suggestion for how to block only Linkedin Messaging but can access other Linkedin functions.

A commit is in progress. Please try again later

Running 10.2.13 on a PA-440. Current config issues mean a commit fails. The unit keeps trying to auto commit very frequently (which fails). If i try to change the config and commit, i get the message "A commit is in progress. Please try again later". If i try to install a different software version i get the same error. How can i disable auto co...

Application Shift and How to allow linkedIn but block specific linkedin-posting application

When you want to allow the linkedin-base application with a specific Security Policy Rule, for example Linkedin-Rule, the Implicit applications it depends to are automatically allowed by the firewall, this means that the Security Policy Rule Linkedin-Rule that matches the linkedin-base application will automatically allow the web-browsing and SS...

UserID mapping for users usings Azure VPN Gateway and AzureAD

Hi All, I have a unique scenario. We have a PA VM Firewall in Azure. We use Azure VPN Gateway to allow users to VPN in if need be (mainly 3rd party support) to get to services on the other side of the FW. The user's credentials authenticate against AzureAD using MFA. I need to know if there is a way to implement UserID, or something similar, t...