OSPF & Static Routes

Hi, 

I have OSPF configured on PA460 firewall with profile redistributing Static. I have another redistribution profile not to redistribute certain subnets/routes. Now I want to add some new routes with metric higher than that of OSPF. Will these rou

LACP Features on Palo Alto Firewall

Hi Team,

I would like to ask whether the Palo Alto Firewall has the following two features:

1. LACP Graceful Shutdown

2. LACP Suspend Individual

Regards and Thank you

NGFW 

Which model is the rack mount kit for the PA-510?

In the datasheet, the rack mount kit for the PA-510 is listed as “PAN-PA-400-RACKTRAY”, but in the technical documentation, it’s written as “PAN-1RU-4POST-RACK-10.”
Is there a qualified Palo Alto Networks staff member who can confirm which one is actu

possibility of secure MQTT's decryption at Palo alto firewall

how can we decrypt MQTT's port 8883 traffic at palo alto firewall, or is it possible.

Palo Alto CGNAT block issues with GeoBlock rule

We just migrationed from Cisco Firepower:

We have some Negate Geo block rules that will block any country that is NOT on the lists of allowed, but now it is unintentinally blocking CGNAT addresses. We would still like to only allow US CGNAT's but the

Link and traffic priority on palo alto

Hi All,

We are using one isp link for internet browsing and 2 site to site tunnel. Now we have procure another isp link and want to configure it as a primary for internet traffic and one location (India) site to site vpn.

Below my approach to achieve

Issues with SSH and Telnet access only on the passive firewall. GUI access is working fine.

I’m having an issue accessing the passive firewall in my cluster via SSH or Telnet. I can access it normally through the GUI and authenticate using LDAP or my local admin user. The active firewall authenticates both GUI and CLI without any problems.

Abnormal display of traffic log BYTES filed

The customer found that some traffic logs have extremely large bytes, reaching 281.5T,

Looking at the log details, it was found that:

Question 1：

Details:

Type end

Bytes 281474976579754  ---- I think this is an incorrect display?

Bytes Received

validation error "poe unexpected here"

I'm trying to push policy from Panorama (11.1.6) to a PA-440 (10.2.13).  In Panorama, when looking at the config of an interface such as Ethernet1/1, it has a tick box for "PoE". However, on the same dialog on the PA-440 there is no PoE depicted. Now

Global Protect Mac-OS Received fatal alert IllegalParameter from client

Hello team,

I have an issue with the Global Protect 6.2.7 app running on an Apple Mac OS X Sequoia15.3.1 in the SSL negotiation process,

The error on the Global Protect say "The network connection is unreachable or the portal is unresponsive. Check the

Unable to patch Windows Server to utilize UIA

Hello Team,

We are currently experiencing this knowledge issue in our environment.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Vcg

I understand that this can be resolved by applying a patch.
However, we are unable

About the output of the "show ctd-agent status security-client" command

Hi everyone,

I'm using a PA-5250.

When I ran the "show ctd-agent status security-client" command, I noticed that the output had changed:
"Security Client UrlCat(2)" had disappeared, and "Security Client WifUpload(0)" was displayed instead.

[Before]
Sec

Cortex XDR EDL

Hi,

We want to integrate Cortex XDR EDL with PANGFW EDL. We did everything with this guide -- https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Manage-External-Dynamic-Lists

After finishing setup we initiated tes

PAN-DB cloud list loading failed (ERROR:SSL connect error)

Hi Team,

Getting this error one by one on each firewall.

How to fix this error?