Associating Link Tags with GRE Tunnels for SD-WAN Path Control on PA-1410

We are configuring SD-WAN path control on a Palo Alto Networks PA-1410 (PAN-OS 11.4) that connects to two Zscaler data centers (Dallas and Atlanta) over two ISP circuits. Four GRE tunnels are in place:

• ISP 1 → Zscaler DFW

• ISP 1 → Zscaler ATL

• ISP 2

Interface Errors after upgrade - VM Series

Hello,

we upgraded our Palo Alto VM to 11.1.6-h1, after the upgrade the monitoring system gave us warning about the errors increasing on the Firewall interfaces but the clients did not report any issues, so it's not affecting them at all,

this is

Facebook working as application reddit-base

We are currently experiencing an issue with URL filtering and application-based policies. We’ve set up a policy to block the Facebook application, but it’s still being allowed through. In the logs, it shows as the application "Application reddit-base

Temp user created using TACAS: Can no longer access device.

A temp user account was created using TACAS username. The device attempting to be reached is no longer accessible to the user. Is there any work around for the particular issue?  

Deepseek Restriction

I've noticed when trying to just use the appIDs, any web traffic not able to be identified ("incomplete", "insufficient-data") will hit the policy even though the appID doesn't technically match the policy. My other thought was just to allow the unid

Difficulty in Displaying Unused Firewall policies in PA networks using API key

Query on Load configuration snapshot operation

Hi,

We are trying to take config backup in firewall. We have saved named config snapshot with name lets say "config" . As next step instead of doing export named configuration snapshot we have selected Load named configuration snapshot and loaded pre

New software 11.1.6-h3 network issue

Hi guys，

May I ask if any of you are currently using the latest  preferred version 11.1.6-h3?

Recently, I upgraded my firewall from 11.1.4-h9 to 11.1.6-h3 in my lab (VM workstation environment), and my firewall has become very slow.

I am unable

APP ID

Hello Techie,

I've one generic query related to aap id feature, one of the PA docs says it requires 4packets or 2000bytes to identify any single applications where in live scenerio I do see see it works with only 1 single layer 7 packet(C2S/S2C) ca

Decryption: List of App-IDs that require decryption

This is a re-post of an earlier post of mine that has been buried, but this time with a little more context.

Is there already a central location where all app-ids that require decryption to use/discover are listed? It's called out in the content re

Restart button is grayed out under both IKE Info and Tunnel Info on IPSec tunnels

Hello folks,

I am not sure when this happened but I suspect it when we upgraded to PAN-OS 11.1.3.

On my PA-3250 when I go into Network > IPSec Tunnels in PAN-OS, and then click either IKE Info or Tunnel Info, I am no longer able to restart the connec

license for PA-220

Hi,

I am a private user, and wanted to purchase the PA -220 device. but I wanted to know where should I go to purchase the basic threat protection license for this device?  am based in Italy and probabaly would be easier if there is some online store