All OSPF neighbors suddenly down

Hello all,

Customer has a problem were their PaloAlto suddenly declares all neighbors adjacencies down, after that the PaloAlto will do a grateful restart and the OSPF neighbors will change to init, and then go full again, this OSPF flapping lasts

ICAP Support with PAN-OS 11.0

Hi,

I've just been reading about the new proxy capabilities with PAN-OS 11.0.

I could find any mention about ICAP support. Is ICAP supported?

Thanks,

Ben

PA 10.2.3, RADIUS Challenge caused timeout even it shows auth success on Monitor

Hello All,

I have Palo Alto 10.2.3, and also 10.0.3 as a test. I used RADIUS to authenticate to the admin UI, then the RADIUS server sends a challenge, this is being handled normally by 10.0.3 but 10.2.3 seems to timeout although on Monitor it shows

Is it possible for Dynamic group containing all DHCP issued ip's from a palo reservation scope??

Hi All,

I have a requirement.

Palo DHCP reservations direct mac to ip- say 50 (changed occasionally enough to be annoying)

I want a Dynamic group that skims the content of the reservations and permits in only those in an ACLs.  Its painful to keep do

MLAV: Authentication or Client Certificate failure.

Does anyone know about the alert. MLAV: Authentication or client certificate failure?

App-ID Override Policy Matching

Is there a way to identify what traffic is hitting a specific App-ID Override policy?

We have several poorly configured App-ID override policies I'm trying to clean up and consolidate but they override to the same custom application, and it is not

Advance URL filtering - License - error "License required for URL filtering to function"

Hello team,

I have a valid advanced URL filtering License - but when i navigate to URL filtering it says error "License required for URL filtering to function"

Do i need to get PAN-DB url filtering license too ??

or is there some setting which

Antivirus updates failing 9.1.15

Hi All.

I am having issues where the antivirus updates are not checking the servers nor downloading.

I have a valid advanced threat license and an expired threat license.

Background running: 9.1.15

Observations:

Content updates are functional a

Please Release App-IDs for IBM AS400 user traffic

Hi,

we have noticed traffic from users connecting to mainframes/midranges is showing as "unknown-tcp" and "insufficient-data" for the following ports:

TCP/449 (Server Mapper)

TCP/8470 (License Management)

TCP/8471 (Database Access)

TCP/8475 (Remo

PAN to rsyslog on Ubuntu 22 yields unusable file names

Hi.

I have a default setup w/ Ubuntu 22 as a rsyslog server. I pointed my PAN 10.2 to it, and am getting log data, but I am not getting a usable / meaningful file name. I'd like the log file name to be something like "perimfw" or some such to start.

Palo Alto ALG (Application Level Gateway) SIP dissable just for a particular source and destination IP addresses in a Security Policy?

Hello to All,

From what I read about ALG (Application Level Gateway) functions on the Palo Alto Firewalls this function if needed is disabled globaly for the SIP default application or with application overide policy but this will stop the SIP si

Palo Alto PA 5220 not login after password complexity changes

We changed the password complexity and history settings on our firewall a couple of days ago. After committing the changes the local users are not able to login on the firewall. So we tried to boot into maintenance mode by connecting through a consol