Setting Up Double NAT over a site-to-site VPN

Hi,

I've been trying to read up on if it is possible to set up what Cisco would call "Twice NAT" on Palo Alto, and while there seems to be a lot out there for really odd fringe cases, I'm struggling to find anything on what I think would be a reall

BGP failover not working as expected

Hi

Our PA 220 is running 2 eBGP's  with 2 CE (WAN) routers.

Those 2 CE routers will run eBGP with respective ISP's. 

We control the routing through Local preference. 

Routes learned via primary CE 1 has LP of 500

Routes learned via secondary CE

Paloalto can't block hotspot shield.

Dear all,

I am currently facing paloalto can't block and see hotspot shield app.

Our organization do not want to use ssl decryption to block hotspot shield.

Any other solutions to block hotsport shield without decryption ???

Thanks.

Panorama Upgrade

Hi Team,

I am setting up a new Panorama. Where not even created the Device Groups and Templates yet. I need to upgrade the Panorama but i am not able to do that. I am able to reach internet but unable to fetch the softwares, is there anything that ne

redistribute static routes including next hop as next VR in ospf

we have two VR

1. Default :

eth1/1 -  10.1.1.0/24  L3_LAN Zone

eth1/2  - 10.1.2.0/24 L3_DMZ zone

eth1/3 - internet

2.New_VR

tunnel interface tunnel.1_global protect tunnel

eth1/4 - Branch

Core ------- PA ------------------Branch router

We want to enable osp

auto commit issues after upgrade to 10.x

Hi,

We started to experience auto commit finishing delay on our PA-5220 after the upgrade to 10.x.  We have a pair of HA PA-5220 in active/passive mode, we never had an auto commit issue before in previous updates, reboots of the firewalls. We have

Upgrade of 5260

Dear Team,

I have upgraded PA-5260 from 10.0.12 to 10.1.9-h3 and faced weird, issues after the upgrade the customers monitoring system has generated some errors like this >> "device 'slot-1 data processor' status is 'down' "" we have checked and slot1

Manual Gateway Selection in GP

Hi Team,

We are unable to select the Gateway manually in GP may i know how to set this up? Users needs to get the option to select the Gateway manually. This is quite urgent please help.

Regards,

Sanjay S

RFC1006 protocol over TCP

Hi has anyone heard of this protocol, give simple example of how it works AND whether or not it's supported by Palo Alto ? 

IPSec VPN tunnel question, Proxy-ID and peer IP same?

I am creating a static routing IPSec VPN tunnel with a 3rd party.  The 3rd party wishes to NAT their hosts to their peer IP, which means the remote peer IP will be the same as the proxy-ID IP.  How do I support this?

URL Category rule works on some firewalls but not others

We are using a rule to permit traffic for Cisco licensing using URL Categories.  The rule is applied via template, so all of the firewalls get the same rule.  The only variable is the source IP/host.

This rule works on most of the firewalls (all ar

PA-220s randomly crashing

We are having a large number of our PA-220s randomly crashing. No critical system logs are see shortly before the crash, the device just goes down and they are logs of dataplane starting up like 30 minutes later. Our other models are fine, its only t

Need help! Specific subnet cannot access my internal resource

Hi Team,

I just need an advise. 

I have this setup as attached but I have this mystery that's been bugging me for days now. There is only one subnet which cannot access my internal resource.

I ran the filter and global counter and there are speci