Block domain while permitting some access.

A group within my company would like access to, we will just call it, xyz.com/blog, but we currently block xyz.com via an EDL based policy. We are also not decrypting this groups traffic as it causes issues with some of their connectivity, so options

device template stack values staying in overide mode, shared template values not passing through on template stack

hello,

anyone ever have this following issue.

on some of our template stacks the shared template values are not passing through to the template stack.

in the template stack some values come through from the device template but the shared template (wh

Panorama showing incorrect device IP

Morning all. We are onboarding 90 or so pa410 firewalls and did our initial config and update with ZTP, at which point panorama showed the managed devices as their DHCP address on a /24 I gave them.

we are now using the dedicated WAN interface for

Error on Importing config of new firewall

Hi,

I get following error, when importing config of new firewalls i am trying to onboard into Panorama.

Quick AP ID related question google-docs

Just looking of for clarification around google-docs app IDs. If I allow the google-docs container ID in a policy\app group...I'm essentially including ALL the child apps contained within.... correct. ???

No need to explicitly specify the child apps

Are Virtual Routers required?

Firewalls disconnected after upgrade to 10.1.6-h6

CHECK if Palo-HA pair are no longer connected because of an empty “auth-key”?

Panorama → Managed Devices → Summary

<<Check Certification Column (Should have “pre-defined”) >>

(1) –GENERATE-- OR --COPY-- <panorama-auth-key>

Panorama → Device Regis

How Do I Actually Get Support From Palo Alto?

So I purchased premium support for my device but when I go to the website to create a support ticket, I get to a point where the ticket is blocked by a window telling me that I am being redirected to the live community. If I click continue a new tab

Radius Accounting

Is there a way to configure the boxes to act as a NAS by sending a Radius Server (like Freeradius) accounting information? I am particularly interested on the session start and session stop attributes. I am about to provide Globalprotect VPN access t

ESP_TFC_PADDING_NOT_SUPPORTED

Working with PA 5250 and ASA on the other end.  The tunnel between is up and communication flows across however we are seeing constant system errors being logged.

When we enable the tunnel we get the following.

IKEv2 child SA negotiation is succeeded

Error while disabling tunnel.

Hi All,

We are running PA with firmware 9.0.4

Getting errors while "disabling" not required/unsed IPSec tunnel.

Error: tunnel interface tunnel.50 encap interface is not set.

Error: parse tunnel member failed.

Error: error parse qos tunnel group

Error: er

Rules from One Zone to another Zone

Hello All,

from the GUI i can get all the security policies from one zone to another, However, from the CLI, is there a way?

for example : i need all the policies from Orange_Zone to Free- App_Zone

"Orange to DEVDB11-1; index: 1333" {
from Orang

User-ID Agent

Hello!

I have a Palo Alto with version 9.1.5 installed and I want to install a User-ID Agent, which version can I install?