Pan-OS Dev Corner

Hi Everyone, 

I wanted to share my project that reduces MTTR for admins who actively use the CLI terminal. While studying Palo Alto Networks NGFWs at my college as a student, I noticed how much time I was spending manually running and parsing CLI comm

PA-440 won't talk via network

Good morning, all!

My lab PA-440 threw a weird on at me this week. When I tried to add it to a new SNMP server (Observium) the firewall stopped talking on the web interface and wouldn't respond to pings to the management IP.  After some rather involv

Max number of units (aeX.Y subinterfaces) supported under a single AE interface?

Hi Team,

I’m looking to confirm the maximum number of units (aeX.Y subinterfaces) that can be configured under a single Aggregate Ethernet (AE) interface on Palo Alto firewalls.

Specifically for models like PA-440,PA-450, PA-820, and PA-850, and acro

PA440でのDHCPv6-PDでのIP配布について

PA440でのIPv6環境でのシステム構築を実施予定です。

構成としてはWAN(2本) --- PA(HA) --- L3SW(stack) --- L2SW --- デバイスとなり、全て動的なIPv6での環境となります。

回線はフレッツ光クロスとStarlinkになり、各ISPからIPoE回線でのDHCPv6-PDでのIP配布となります。

上記の構成はPA440で実現可能でしょうか。

配下の機器にはPDでの委任もしくはRAでの配布を想定しております。

Activate ECMP without trafic disruption

Hello,

I wouldlike to enable ECMP on one HA pair. I read that the process will restart and can lead to trafic disuptions.

I was wondering if i could do the following in order to avoid disruptions : 

• Disable config sync.
• Doing the modification on my pa

High Data Plane Utilization During Business Hours

Hello,

We are experiencing an issue that is becoming hard to isolate, our end users noticed network slowness about a few days ago.

During Isolation and investigation it led us to our NGFW PA-3260's.

This causing extremely High latency when reac

NGFW admin account is locked. What should I do?

Hello all,

I received a report that I couldn't log in to my GP account. Upon checking my firewall, I discovered that the admin account was also locked, blocking GUI/CLI access.

Q1. Is there a connection between the GP account and the admin accoun

Chatgpt enteprise login only

How are people policing logins to Chatgpt for enterprise only logins?

https://help.zscaler.com/zia/adding-tenant-profiles

Zscaler does it.   

Palo does it for microsoft.....

How are people doing this with decryption and Palos native app id, NOT the ACE s

Kerberos SSO Admin with 2 devices

Hi,

I have 2 devices running in active-passive HA. 

I want to use kerberos SSO for the admin ui. 

with one device it is working, but how can i add a second spn?

make image of PA_3220

Hello,

just need to get confirmed - that make an image of a physical PA-3220 is not doable !

I have had questions about that - but my common sense says that cannot bed done  - or am i wrong ?

API Endpoint to retrieve object usage?

Hi

I'm looking for a endpoint to check if a object is used (a bit like "Global Find from the GUI). Does it exists?

For now, i have a script that retrieve all address.

Thanks

Regarding the Operational Specifications for HA Mode

I am reviewing the operational specifications for HA mode. Could you please clarify the following points?

<Device Information>
Model: PA-3420 (2-unit HA configuration)
OS Version: 11.1.6-h10
Interface Information: Onboard (2 ports), Optical SFP10G (3