Active/Passive HA direct link between firewalls

Hi All,

I use PA-220's in HA pairs often, and I've always used a straight-through cable to connect port 7 and 8 from FW1 to port 7 and 8 on FW2. I've never had ANY issues with this configuration. 

I just learned that PAN says to use a crossover cable

GlobalProtect portal allows a user to download the software without logging

has anyone noticed that globalprotect portal allows a user to download the software without authentication? I'm running 5.0.4. Here's the exact link:

https://{IP/FQDN}/global-protect/getsoftwarepage.esp .  

not able to access certain web sites from host behind PAN firewalls

I am trying to access http://www.brokercheck.com from behind the PAN firewall via dynamic NAT without any success.  I have other customers behind different PAN firewalls, regardless of PAN OS version, with the same issue access website http://www.bro

Best Placement Integration Approach

Hi Guys,

Just want to seek your inputs about what can be the best integration approach for this scenario.

Currently, the VLAN gateway is in my core switch and I will be introducing PA FW into my network. I want to have control and visibility for my int

Best way to apply log Forwarding setting to multiple security policies in Panorama

I recently migrated a few HA pairs into Panorama in my environment. Historically, our security policies were configured to only send traffic logs from deny rules to our syslog. Any allows were only logged on the local firewall (due to costs of Splunk

The data length of the http2 message exceeds 65526 and later will be discarded

We then pass the data through http 2.0 in plaintext, the data length of http2 messages exceeding 65526 will be partially discarded, resulting in incomplete data and affecting normal operations.
Currently, the solution is to turn off the HTTP 2.0 check

user-id agent log showing machine account, expected behavior or bug?

Hello community,

I´d like to check with you regarding the following:

Since upgrading the user-id agent from 8.0 to 8.1 the user-id logs in the firewalls are showing "Managed Service Accounts" (computer accounts with "$" appended at the end) in the way

Self-Signed Certificate expiry warning

Our GlobalProtect VPN was using a self-signed certificate which got expired caused end users not being able to connect to the VPN.

This raises the question that what are the ways to get alerted for these sort of incidents. Is there any in-build mechan

Can we integrate clearpass as a radius server for Global Protect 2FA

Can we integrate clearpass as a radius server for Global Protect 2FA ?

PaloAlto FW RDP Across multiple AD domains

I'm part of a cloud team that does not manage the FW but am not getting clear answers from them.

My operations counterparts have the following issue:

Support person logs into IP address x.x.x.x into production domain. As part of their function, they m

Rule tagging best practice and guidelines

Hi ,

Can someone share best pratices and guidelines on how to use tags on PA ?

Firewall Palo can advertise aggregate route...

Hello,

In our lab, we made a set up about peering BGP between Palo and a third part device.

According to this kb from Palo : "The Palo Alto Networks firewall does not advertise an aggregated route to its peer when it receives a prefix falling within t

Palo Dual Action on Same Malicious Domain

We have found in the logs, Malicious DNS queries are being blocked but few of them are in Alert State. however the Domain is marked as a malicious in DNS signature at Threat Vault.

Can you please elaborate why paloalto having dual action on same malic