FW Policy Skipped When Either App-Based only or SMTP-BASE app and 587 Port is Defined

Firewall is skipping policy when the traffic has smtp-base port 587 on it. 

I created a firewall policy application based with smtp-base as application but it skips the policy goes to the implicit interzone deny policy. So I created it with by just po

Migrate OpenBDS firewall to Palo Alto

What would be the best approach for migrating the OpenBDS firewall?

In a scenario where there are 4 units of OpenBDS and consolidating into 2 units of Palo Alto.

Would the Expedition tool able to merge the policies?

Any other things to note for the m

Looking for someone familiar with Palo Alto Firewalls

Hello all,

I'm with a company that has just been offered a project to review a certain university's firewalls but we can't take it on as none of us are familiar with Palo Alto systems. However it would be nice to be able to take on projects like th

Global Protect Integration with Azure SAML w/ Multiple Gateways

I'm trying to setup an integration with 2 firewalls at different locations.  The portal and 1 gateway reside on 1 of the firewalls, and i've used this:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U48CAE

to get that

User-id ip mapping issue

Hi all

my customer having problem with user-id

I am trying to solve this issue but not working, so I need help

Customer divice pa-3410 panOS10.2.9 connection with microsoft Active-directory 2012R2(not sure)

Its agenteless user-id, winrm http,

ospf neighbour adjacency is flapping continuously

Hi Team,

Reaching out for help to identify the main cause of this problem.

I can see that the OSPF adjacency is flapping continuously and I have no clue how to move further and how to identify the cause.

While collecting the routed.log, I can s

Palo Alto and Microsoft NLB multicast

Hi

I have an issue to contact the VIP of our Microsoft NLB.

We have a cluster of 2 PA-1410 (active/passive). On this cluster, I configured interface aggregate with sub-interfaces with ID vlan (ex :vlan10, vlan 50, vlan193..). Each IP of the interfa

Checkpoint Firewall migration to Palo Alto firewall using Expedition Tool

Hi Team,

We want to migrate the Checkpoint firewall with Palo Alto NextGen Firewall using Expedition Tool. I've gone through couple of forums also few of them listed on this community as well but I don't get more appropriate way to do this migratio

Detect high bandwith consumption

Hello everyone!

I´m looking for a way to identify a user or IP when they have high bw consumption

Lets say a user is downloading something and is using all my ISP bw, how can I identify it in that moment?

I was able to do this but when the session

Global Counters if packet is dropped by QOS

Hi,

Is there any global counter that might indicate if my session is beeing dropped by QOS?

I have an issue where my BGP connection to prisma access drops but the tunnel to prisma access is always up.

The issue is intermittent.  

If i would setup a

PAN-OS 10.2.9-h9 release notes and CVE-2024-3400

The addresses issues listed in the release notes ( 1/8/24) for PAN-OS 10.2.9-h9 state: 

PAN-252214 A fix was made to address CVE-2024-3400.

However this was previously stated as fixed in 10.2.9-h1.

Is this 'duplicate reporting' or does this address