IP sec tunnel

Hi Team,

We have multiple IP-sec tunnels and want to clean up unused tunnels.

Like we have the option of an unused rule for security policy, or we will know by its hit count, is there any similar way we can find out an unused tunnel so we can delet

TSF file upload

I am trying to open a case in the portal for one of our customers and the page is not working.  I have a TSF to upload as I believe our customer has evidence of exploitation of CVE-2024-3400

Microsoft Defender Outbound traffic policy

Trying to slim down a rule for outbound traffic with clients using MS defender. I built a custom URL list of the defender urls provided by MS. Added it to the policy under service/url category. The apps used are ms-update, ssl, web-browser, windows-d

PBR using Route failover

Hi All,

Our organisation purchased two Mpls link and wants to configure an PBR like such

1) All intranet traffic like dns, ntp shoud go via primary MPLS

2) All internet related traffic should go via Secondary MPLS

3) In case Primary MPLS goes dow

Diabled Application in VSYS1

I have received an high risk alert on PA3250 IOS 9.1.16  "Disabled applications in vsys1: 104apci-unnumbered-startdt-act 104apci-unnumbered-startdt-con 104apci-unnumbered-stopdt-act 104apci-unnumbered-stopdt-con 104apci-unnumbered-test-act 104apci-un

Captive Portal is not Working

I have enabled Captive portal for PA-VM 100 and configured all points related to it.

Issue raised when a user tried to connect to internet, client get error pls look in the attached snap.

Elaboration on the differences between the PAN-OS root certificate, the device certificate, and the certificate under cert management?

I've been requested to get as much information as I can on this topic, and I've found a good one on Reddit.

A piece of info that i found on reddit

It's great, but somehow I still need much more elaboration on this.

Could anyone provide me a docum

NGFW Threat & Traffics Log Fields

Hi Team, 

I am going through the traffic and threat logs of the NGFW. In the logs, I am unable to get the knowledge of the following fields " domain" & "config version". 

Not able to login into URL from behind the palo alto

Dear Team,

Greeting...!

We are trying to access one URL from behind the palo alto, it was accessible but we are not able to log in to that URL, and when we checked using a mobile hotspot it was login successfully.

Additionally, we checked the t

10.2.8 DP DP Hardware Packet Buffer exhaustion bug

If upgrading to 10.2.8, keep an eye out on your DP Hardware Packet Buffer usage. We've seen it cause PA-5250's to stop processing traffic.

TAC is aware of the issue. We ended up downgrading to 10.2.7-h3 to work around the issue for now (be mindful of

Layer 2 network extension

Is it possible to extend the layer 2 network over the layer 3 network to the other site using Palo Alto

Basically I am trying to extend the VLAN to other site. Not sure if this can be achieved with Palo Alto. Any suggestion are welcome