HA Failover Issue on PA-3420 with AE LACP – Both Nodes Active (Split Brain ?)

We’re experiencing a critical issue with our HA setup on a pair of Palo Alto PA‑3420 firewalls running PAN‑OS 11.1.6‑h3 in Active‑Passive mode (HA Group 25, preemptive disabled). Both firewalls simultaneously believed they were active, causing a comp

Failed to send CHAP authentication request:

admin@PA-(active)> test authentication authentication-profile ISE-TACACS username XXXX password
Enter password :

Target vsys is not specified, user "XXXX" is assumed to be configured with a shared auth profile.

Do allow list check before sending out a

Firewall suddenly stopped reading EntraID groups from CIE

We have been using CIE for about half a year now for a spesific usecase where we use som groups that are maintained in Entra ID to control network access, monday we were made aware that that access did not update for new users.

CIE does have the co

TACACS authentication with Cisco ISE not working

Hello, I would like to ask currently I have two firewall that needs to be configure TACACS. One of the firewall is working fine and I'm able to login using my credentials from ISE. However, another firewall is not working for the TACACS authenticatio

Stop Connect "On-Demand" after "Pre-Logon"

Hi !

we use the pre-login feature with client cert logon - this work quite good. after logon we would like to connect on demand with saml login. we made two configs, one for prelogon and one for the user, both with prelogon:

At the moment if you l

Alerts in AIOPS Still Exists

Hi community,

I have a critical alert on CVE Vulnerability on our firewall. However, after performing the PANOS upgrade to the version that patched the CVE, the alert is still showing in AIOPS.

So, my questions are, shouldn't the alert disappear

Issue with GP Access for JIO Users on PA-820

Dear Friends,

One of our customer is facing an issue with users on PA-820. According to the customer, many users are connecting to the internet via mobile hotspot using JIO SIM cards. While they can successfully connect to GlobalProtect, but they a

HA session sync too slow?

I've recently migrated to a pair of active/active HA firewalls and am seeing some DNS return traffic dropped. Checking the logs, I can see that traffic is returned via another firewall as the DNS request was received. No problem, as normally the HA s

Firewall Configuration via API

I have enquiries regarding the API on PA firewall.

I would like to know whether I can enable User-ID in zone, adding server in Server Monitoring and adding Syslog Parse Profile via API or not?

Are those actions supporting configuration via API?

Person Vue exam error

Hi,

for the last week I tried to the Palo Alto SSE and the PCNSE and I get an error (see attachment).

does anybody knows about problem with PersonVue exams online?

thanks

PrismaAccess: Maximum limit for tunnel settings in the GlobalProtect app

Hello
I would like to know the upper limits for tunnel settings in the GlobalProtect app in PrismaAccess.
① Upper limit for tunnel settings profiles
② Upper limit for IP address matches
③ Upper limit for routes to exclude

The background is that we plan t

Issues with PAN-OS 10.2 Upgrade – Missing Configuration After Update

Hello everyone,

I recently performed an upgrade from PAN-OS 10.1 to 10.2 on our firewall, and we’ve noticed that some of the previous configuration settings seem to have disappeared post-upgrade. Specifically, some custom address groups and security

Panorama not pushing network template changes to devices

Hello,

I am very new to Palo Alto FWS so please be gentle  

I have been asked to setup two new PA3060 firewalls to be centrally managed by a Panorama server.  Both the Panorama and Firewalls are running v8.0.5.

I have successfully followed the PA in