About emr_1

8 interfaces per AE https://docs.paloaltonetworks.com/ngfw/networking/configure-interfaces/configure-an-aggregate-interface-group#:~:text=Each%20aggregate%20group%20can%20have%20up%20to%20eight%20interfaces   Max num. of AE is here https://www.paloaltonetworks.com/products/product-comparison?chosen=pa-440,pa-450,pa-820,pa-850   ... View more

I agree with you, and TAC is wrong. If I configured a rule as below:   The rule on the box is recognized as below: )> show running security-policy "test; index: 1" { from any; source any; source-region none; to any; destination any; destination-region none; user any; source-device any; destination-device any; source-advanced-device any; destination-advanced-device any; category any; application/service [0:windows-remote-ma/tcp/any/5985 1:windows-remote-ma/tcp/any/5986 ]; application/service(implicit) [0:web-browsing/tcp/any/5985 1:web-browsing/tcp/any/5986 ]; action allow; icmp-unreachable: no terminal yes; }   As you know, "web-browsing/tcp/any/5985" is "application/protocol/source-port/dest-port".   By the way, I found issue from release note. === PAN-194408 Fixed an issue where, when policy rules had the apps that implicitly depended on web browsing configured with the service application default , traffic did not match the rule correctly. ===   Even I don't know which version you are using, you should check you are hitting this or not. I can find this bug-id on 10.1.6-h3, 10.1.7,10.2.3 release note ... View more

As far as I know, there is no official document for EoS of PAN-DB (URL4). On back days, salesforce (ordering system of PAN) suddenly stopped ordering URL4, and there is no announcement of EoS at that point. Afterward, we recieved "localized official document" of EoS announcement which is for distributors. According to that document, it describes... "Effective November 1, 2021, all URL4 SKUs will be discontinued and consolidated into Advanced URL Filtering (hereinafter ADVURL)." What I meant to you is that they are not using any phrase of "End of Sales" in this document. They are saying "Discontinued and consolidated". *Note: I can find "EoS" phrase on other subscriptions on other localized official documents. Even I'm not sure, this might be a reason for not listing URL4 on EoS page. Hope this helps you. ... View more

Expedition Tool is over.   https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642   ... View more

I believe Cloud NGFW is available only with PAYG. Please refer to 6th page of the datasheet. https://www.paloaltonetworks.com/resources/datasheets/cloud-ngfw-for-azure   Simple Procurement and Setup With Cloud NGFW for Azure, you can implement next-generation network security in minutes. Procure Cloud NGFW via Azure Marketplace, set it up with a few clicks, and integrate with native Azure services, such as Azure Key Vault and Azure Virtual WAN. You can set up rulestacks and automated security profiles in only a few minutes. Cloud NGFW for Azure is available as a pay-as-you-go service. You pay an hourly rate for each availability zone where your NGFW is deployed. You also pay for the amount of traffic, billed by the gigabyte, processed by the NGFW. ... View more

I would say 11.1.   From Software EoL perspective, 10.2 will be Limited Support in next month, thus PAN does not release updates for P2 or lower (non-critical) issues https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-policy#lsupport   From Hardware EoL, you have no chance to grab 11.2 for PA-3250. It says last supported version is 11.1. https://www.paloaltonetworks.com/services/support/end-of-life-announcements/hardware-end-of-life-dates   ... View more

Even I'm not living in Europe, I think there is no restriction (minimum amount of credits) for purchasing credits. At least I could buy 15 credits in APAC. If "with minimum of 500 Credits" is true, I believe this is rule in reseller, not palo alto networks. Thus, I suggest to contact other reseller. FYI: By the way, I could add 45 credits here. (just proof you there is no minimum) https://www.markit.eu/au/en-au/pan-software-ngfw-lab/v2p32331715     ... View more

Yes, you need subscriptions/licenses to detect (and also to block) ... View more

Thanks for reply. I understood that. ... View more