URL Filtering Categorisation Justification

Hi!

We're running URL filtering on our PanOS campus firewalls and I very often get asked to add domains to our 'allow list' - almost always because they're newly registered domains. On occasions we've had sites requested that fit into more serious

Power Supply Comparison - PA-220 vs PA-440

Hello, all -

We have several remote locations running about a dozen PA-220 FW units which we are replacing with PA-440s. I would prefer to make this as painless as possible and may even have the non-technical onsite staff do the hardware swap. I'm

Pancast: Have an Idea for an Episode?

Hey Everyone! Have you listened to the PANCast podcast? 

PANCast is a Palo Alto Networks podcast that provides actionable insights from cybersecurity experts to customers, helping ensure each day is more secure than the one before it.

Since launc

GotoWebinar WebCam Issue

Hi Team,

Users are trying to enable webcam when they are on gotowebinar meeting. However, they are unable to enable the CAM and other things works absolutely fine.

Below are the steps i followed to tshoot this issue.

> Created a rule with the APP-ID

Export Management Permitted IP Access List

I have been looking through posts but cannot seem to find what I am looking for.

There are some Management Interface Permitted IPs on our Firewalls that do not match the Template that we have for them in Panorama. Is there a CLI command where I can

Meraki switches not getting DHCP IP

Meraki switch is connected to PAN firewall where we have created a pool in vlan 225. On firewall i can see that the DHCP IP has been leased for the switch in vlan 225 but switch is not getting a DHCP IP

any suggestion to replace current PA3020?

Hi.

we are planning to replace/upgrade current PA3020 to a newer PA model.

could you please suggest which model is the best suitable with my requirement below?

thank you.

Current PA3020 Setup Info

- using 5 virtual routers

- using aggregate interfa

Why Management interface do query instead of DNS-Proxy Interface

Hi Team,

I configured DNS proxy Interface e1/1 - 192.168.29.245 to clientless vpn.

DNS-Proxy resolves as,

1. General browsing resolves with DNS 8.8.8.8 and 1.1.1.1
2. Tutelartechlabs.com resolves with DNS 1.1.1.2 and 4.4.4.4
3. Amazon.forest.in (internal-appl

Policy Reporting

I was just hired by a company with many policies implemented. Is there any report that can tell me what policies are associated with a source IP or group? 

MTU value

Hi All, 

If we set mtu value as 9192 in interface and 9072 as sub-interface, which one the sub interface choose.If it will choose 9072, would that mean 9072 size packet can be sent.

Similary,

Hi All, If we set mtu value as 9192 in interface and k

What problems or vulnerabilities does this present?

IMPORTANT NOTE: Never set both checkboxes "Forward Trust Certificate" and "Forward Untrust Certificate" in the same certificate, and do not have the "Forward Untrust Certificate" deployed under a trusted certificate chain. If you do this, it will cau

PA-3020 Suggested version

Please can you help me on this, I need an PA-3020 suggested version and latest version.

My current version is 9.1.11

Vulnerability Protection Profile action drop, but still forwards packets

Hello,

A customer has a Palo Alto perimeter firewall and a Fortigate DCFW which sits behind the PA in the line of traffic when incoming from the internet .

It has been observed that in a scenario when the Palo Alto firewall which has SSL Inbound