Options for viewing Firewalls with Overrides in place

I recently ran across Panorama managed firewalls that have overrides in place for HA configurations.  This must have occurred during deployment and were never removed before they went into production.  Is there any way to view local firewall override

Query firewall configuration from Panorama using the REST API

Is there a way to proxy API query over Panorama to a managed firewall using the REST API? 

This is possible in the XML API using something similar, however I am now building an application using the REST and it will not be ideal, if mixed with the XM

Validation error while pushing config in panorama

Previously, we had perform upgrade activity on the PA-5220 from version 9.1.14-h1 to version 10.1.11. After few days we try to make some changes and push from panorama. Then we encounter this error(kindly refer the attached image):

deviceconfig->sy

After removal firewall from Panorama it cannot register anymore to other Panorama instances

I had a small POC with SD-WAN on PA-410 units and Panorama in management mode.

Once it was done, configuration was deleted, and it acted just as a regular firewall, so I have decided later to remove it at all from Panorama. Just as a regular step rem

Revert specific changes made by a user in Panorama via ansible

Hi Team,
I am looking for an ansible solution to revert only specific uncommitted changes made by user in Panorama. For eg: if a user created an security policy and a nat rule, I want to revert that specific nat rule creation not the security policy.

PAN-OS Xpath

Hi all,

Is it possible to retrieve info for security profiles and policies using XPath on Panorama-managed firewalls?

As of now, I am able to retrieve this info via panorama xml api/xpath, but not through the firewall directly. 
The security policies

Suspicious VPN log in attempts - do you guys also get this?

We don't have users in Switzerland / Netherlands, but I can see consistent log in attempts from the GlobalProtect logs.

I know the true locations is masked, but this is a persistent thing, wondering if you guys also get this?

I've geo-blocked sus

incorrect determination of the geo-sign of the IP network by Palo Alto networks 31.135.232.0/22

Good afternoon. We encountered a problem. We are the owners of the network 31.135.232.0/22. In the system "Palo Alto networks" it is determined by geo-identification as Ukrainian, although in fact it belongs to a Russian Internet provider. Accordingl

Importing Shared Object Questions

I have a relatively new Panorama installation.  I want to associate 2 in production firewalls with ~1700 shared objects each.  These two are only slightly different, I could make them the exact same with a little leg work.

I associated and disassoc