I have a question about capture conditions, etc. when using packet dump in IPSec VPN.

Hi

I am experiencing latency between Palo Alto of internal server and peer of internal server in IPSec and am trying to perform packet dump on Palo Alto firewall.

And I performed packet dump with the following conditions

However, Syn and Ack pack

URL filtering is not functioning as expected.

Hello Team,

We are experiencing an issue with URL filtering on a Palo Alto PA-440 running version 11.1.4 -h7. Despite having valid licenses, URL filtering is not functioning as expected.

Here’s what we’ve tried so far:

1. Cleared the cache and deleted

Queries on Packet Captures.

Hi Friends,

I have few queries on the Packet captures and traffic logs

1. If we are pinging from the management ip to the gateway ip i am able to ping but how can i see those logs on the GUI of the firewall.

According to my understanding the Tr

VM-Series Next-Gen Virtual Firewall w/Advanced Threat Prevention (PAYG)の契約変更について

AWS MarketPlaceで、VM-Series Next-Gen Virtual Firewall w/Advanced Threat Prevention (PAYG)をの購入を検討しています。構築期間中は時間払い（OnDemand）とし、本番稼働後は年間一括払い(365-day contract)に切り替えることは可能でしょうか。

API auth REST vs SOAP

I'm having an issue authenticating via RESTful API, PAN OS version 11.1

Using SOAP to fetch my API key, then storing it here

$header = @{
"X-PAN-KEY" = $apikey
}

Then Invoke-Restmethod like this

Invoke-RestMethod -Uri $newURI -Method get -ContentTy

Integrated User-ID Agent - auto password rotation.

Hi all,

Has anybody here ever worked on a solution to automatically change the password of the user-id agent via a PAM solution? 

My goal would be to have our PAM solution change the password in AD, than, via API if possible, change the password of

System Log "'tls-X509-validation-failed"

Dear All,

As today 31-May, 2024, From PA Firewall it show system log on "tls-X509-validation-failed" CloudAuthService Server certificate validation failed. Dest Addr: app-registry-service.apps.paloaltonetworks.com, Reason: unable to get local issue

DAC cable s

Has anybody used a Cisco DAC cable between a Cisco switch and a PAN firewall, or a PAN DAC cable , or a third party DAC cable? Any problems?

SSH and console login blocked

cannot login to Palo Alto SSH and console using super admi user. From console it shows error = "user not known to the underlying authentication module"

From SSH it shows error - " Access Denied".

SSH screenshot attached.

How to upgrade palo alto directly from 10.2.8 to 11.1.2

How to upgrade palo alto directly from 10.2.8 to 11.1.2

VPN PA-400 to PFSense

Hi all!

I've created an IPsec VPN site-to-site between Palo Alto and PFSense.

We are facing problems because the tunnel doesn't connect. We see the errors below on Monitor Logs:

Error1 = IKEv2 IKE SA negotiation is started as responder, non-rekey. Ini

PA850 last supported PANOS 11.1.x

Hey Folks,

The last supported version for the PA-850 is PAN-OS 11.1.0. The PA-850 has End-of-Support (EoS) until 2029. However, I want to confirm whether security patches, threat updates, and other dynamic updates will continue to be provided unti

Proxy IDs between Peers

Hi,

if the remote peer require local palo alto to set proxy IDs, what happens if the proxy IDs at PAN side doesn't match the ones at remote? would this cause any issue i.e traffic gets dropped or does palo alto forward the traffic down the tunnel as