Allowing only low-risk of a url category

Hello everyone,

I have a requirement to adjust security policies in a way that only "white list" logic is enabled, and  for one specific rule I have to allow only the low-risk category of given url category, for example training-and-tools, and not

BGP peeering

Trying to setup a Two BGP session with 2 separate routers that provide internet access.
The 3 devices (PA, router1 and router2) share the same network 10.9.9.0/25.
BGP session 1 : PA <--> Router1
BGP Session 2: PA <--> Router2
the two sessions seems work

Can we create a rule to match only the selected application without selecting WEb-Browsing dependency

Dear All,

I need a community advice, we are migrating all our Firewalls from Checkpoint to Palo Alto.

First Palo Alto was implemented 2 weeks ago, a PA 3420 version 10.2.4-h2

We are trying to transform the imported rules into Palo alto style.

For

Seek to assist to check IPS signature database and update in Palo Alto

Dear All,

I am writing this to seek your assist help to check IPS signature database and update in Palo Alto Next-Generation firewall.

Best Regards,

Ghost session after VPN down/up

Hello,

I have an issue with many sites working with PA440 series. When the tunnel VPN fail down and comes up, some devices like printers, phones and access point can't connect normally to the network until that we clear old session related to the a

Question about REST API in PAN OS

Hi everyone,

I have a question about REST API in PAN OS.

1. When a query is generated using rest api in pan os, what is the process/daemon that handles this task? And how can I check it (from CLI or GUI)?

2. How many CPU/memory resources are co

What are the response steps to be taken in the event that DDoS is detected on the Palo Alto ?

Hello All, 

What are the steps to be taken in the event that Panorama detected some threat events in the category of DDoS. What should be the next steps to be taken from our end as someone managing the Panorama? This is from the viewpoint of Incident

Generate Certificate to be Signed by Public CA for Global Protect VPN

Hi All,

We would like to use our GlobalProtect VPN using certificate signed by Public CA.

As the CA team is requesting to generate CSR from Palo Alto Firewall , can I follow below article to generate?

https://knowledgebase.paloaltonetworks.com/KCSA

Service Route in Palo Alto | Role based authentication | Running & Candidate configurations | Backup configurations

In our series of Network Security from Basic to advanced theories & practical discussion, today is below target

•  What is the Services Route & how to configure it
•  Role base user management, authentication & creating users to assign rights, etc.
•  Runn

Palo Alto with Cisco router, GRE goes down

Palo Alto with Cisco router, GRE goes down after enabling the keep alive in Palo Alto side,

note that the GRE tunnel goes down from the Palo Alto side but still up from the Cisco side, but there is no ping reachability from both side

Does anyone have