The allow security policy configured with the app-ID "netbackup" and an "application-default" as a service doesn't work correctly.

Dear and valuable Live Community Members,

I have a problem understanding the below-described behavior in regard to the security policy used in the firewall: 

We have a firewall policy configured to allow NetBackup traffic, but if we configure it

Path Monitoring - latency

I'm not using PAN SD-WAN.

I have static route path monitoring configured for multiple ISPs.  If pings fail, the path goes down as expected.

If the pings succeed, but latency is abnormally high, the path stays up.

How can I set a latency threshold

communication of vlan interfaces not working

Hello,

I have two firewalls connected over "L2 Line" from our ISP.

We would like to use this line to route between our two sites instead of IPSec tunnel.
On this line I can use vlans from 1-100 for communication.

On both firewalls I created L2 interfa

PAN-DB URL Filter expired even if Advanced URL filtering is still valid

I purchased service bundle for my PA firewall,  PAN-PA-220-BND-LAB4-R, which includes PA-220 Lab Unit Renewal Service Bundle (Threat Prevention, DNS, PANDB URL Filtering, GlobalProtect, WildFire, SD-WAN, Standard Support) Period.

After activation,

PA 3260 Policy Rule losing DNS resolution to FQDN-defined site - 4.19.23

We have a policy rule that contains an FQDN-defined website destination (yandr.wiredrive.com). When initially configured to pass traffic to required cloud-based resources, DNS resolution to the wiredrive.com site would happen regularly, usually after

getting system alerts

Hi Team,

frequently we were getting system alerts as " PANDB: Authentication or Client Certificate failure"  after restarted the management server we didn't get error for PANDB, but now we are getting " failed to resolve host wildfire paloaltonetwo

SSL Decryption Exclusion - What does "Obsolete (Enable me to clean)" mean?

When viewing the SSL Decryption Exclusion list you can click to see obsolete entries.  When you do they say OBSOLETE (Enable me to clean) - what does that mean?  If you enable it then it will get removed?  I'm not certain what this is trying to tell

Need to complete PCNSE course through portal

Hi,

This  is suresh from hcl technologies.

Please help me to get the PCNSE course as free and need to complete through paloalto portal.

I have activated login details as a partner

DNS Proxy

Hey,

i am configuring an isolated Vlan and i need some static DNS entries to be "supplied" to the clients instead exposing our internal dns servers.

i thought about using the DNS Proxy feature, but i seam to be stucked.

1) when DNS Proxy is enabled

Cannot see an option to select the management interface for HA1 backup link - PAN-OS 10.2.4

I'm trying to configure HA Active/Passive on a pair of PA-5410's running PAN-OS 10.2.4. I'd like to use the dedicated HA1-A port for the primary HA1 link and the management interface for the HA1 backup link but I cannot see an option to select the ma

Palo Alto Migration

Currently, we have 2 3020s in our production network but I am also tasked with setting up two new 3410s to replace the current setup. I have gone through the initial setup and committed the admin password change. I have a current config backed up, I

PAN-OS 11 GUI Responsiveness - PA-1410

We have some new PA-1410's which are to replace some older oversized PA-3220's. The downsize is the PA-1400 series require us to use PAN-OS 11.

Even with minimal out of the box config (management IP etc) the web UI on both units is very slow and un

virtual address active-active

is virtual address mandatory for active-active HA configurations. I do not wish to use virtual address for A-A HA. My ISP does not give enough IPs

Proxy ARP for Private VLAN?

Is there a 'proxy arp' interface command (or equivalent) to allow l3 communication between isolated devices on private VLANs?

I am looking to move our DMZ to a private VLAN. I would like all ports to be isolated, but allow some communication betwee