WildFire job stuck at 49% on Panorama M-200 Appliance

Panorama M-200 hung on an active job at 49%. At this writing, it is pushing an hour. 

Started the upgrade from 10.1.x to 11.1.6-h10. 

Upgrades through 10.2.0 and 11.1.0 seemed to have worked fine. 

There are a pair of M200s in HA. The other M200 fi

Panorama changes after static route added

We have added a static route to our Palo firewall through Panorama GUI and before committing the change when we compare the candidate config to running config it shows removal of some static route metrics for all static routes, even though we only ad

Panorama SD-WAN Zone Mapping? No longer needed or no longer available?

I know this has been posted in the past, but I want to check if there are some new answers before reaching out to our SE. There is a "known issue" where the zone mapping tab was removed from Panorama. The current documentation still mentions the need

Panorama REST API Discrepancy

Hi folks!

I've got a pet project to automate the provisioning of our new site firewall templates via the Pano REST API. While doing some cursory looking, I noticed that there's no endpoint in the v11.1 API docs to interact with ethernet interfaces. I

Can I Decrypt OpenVPN

Hello, 

I want to decrypt traffic to my OpenVPN server so I can perform URL filtering and IPS checks on users connecting to it. I have the OpenVPN server's CA certificate and key. Do you have any idea ?

push from panorama to PA firewalal failed because of " is already in use because of policy and NAT already in use)

Hi,

We have panorama in 9.1.9 version and  PA-220 in same version.

we imported configuration from pa to panorama, added just e pôlicy rule and pushed again the template and device group to same firewall. 

but then we get always pushh failed with errors

Does Panorama Forward These Events to External SIEMs via Syslog by Default?

Hi everyone,

We're currently integrating Palo Alto logs (via Panorama) into our SIEM solution (Wazuh) using syslog, and I wanted to confirm the log types that are forwarded by default or require additional configuration.

Specifically, does Panorama f

VPN between palo alto and Meraki with dynamic WAN ip address

Hello Mams and Sirs...

I am stuck in a unique issue.

Meraki has 2 WANs - primary one is static and secondary one is dynamic.

They have 4 Lan subnets. 

The initial plan was to use their FQDN as remote peer and they would take care of the VPN failover.

Limitation on Panorama (license) used by VM-series

Hello experts,

Not sure this should belong to Panorama or VM-series, 

We have a Panorama for log collection already for on-perm ngfw.
Planning to purchase more ngfw firewall for AWS and Azure with BYOL (NGFW credits)

1) is there any limitation (e.g ma

Admin GUI Login Fails on WAN Interface - Slow Load & "Single Sign-On" Error on PA-410

Hello Community,

I'm hoping to get some expert advice on an issue I'm facing with a single PA-410 firewall. I've done some initial troubleshooting, but would appreciate a second opinion on the cause and the best path forward.

The Problem

When I ena

Firewall rules not getting reflected in Cloud NGFW

Hi,

We have a on-prem Panorama which manages Cloud NGFWs.

We have observed intermittently that the Firewall rules deployed from Panorama are not getting reflected in Cloud NGFWs.

There are no visible errors that are generated with Panorama showing

Panorama can't show specific timeframe log

Hi community,

I have a question. I’m experiencing an issue where Panorama does not show logs for a specific time frame. However, when I check directly on the firewall, the logs for that time frame are visible. I've already confirmed that the log fo

panos_commit_panorama commits all pending changes regardless of user specified in admins list.

Ansible playbook snippet: 

------------------------------------------------------------

collections:

paloaltonetworks.panos

vars:
panorama_provider:
ip_address: {{ panorama_fqdn }}
username: {{ username }}
password: {{ password }}
tasks:

name: Commit Conf