security policy order not working.

I have a policy from trust to untrust any any allowed. I have cloned this policy and put on top of this with  address -test and deny 2 applications. This address is an ip for eg. 192.168.1.26 which is reserved in dhcp. But I can see apps being access

No direct access to local network

Hi team, 

Good day!
As I have understood, this feature will provide compulsary full tunnel and all my traffic will be set to inspection by firewall. I won't be able to access anything local. 

Can anyone confirm. 

CLI question - What's the difference between: "receive errors" and "receive incoming errors"

Hi There,

We haev aggrgate interface called ae2, and we have some problems with the traffic related to this interface

so we run the commnand show interface ae2

and show interface ethernet1/3 (which is one of the interfaces inside ae2)

(the ouput is dow

best design for a small network

Good morning, We just got a Palo Alto Firewall for a small testing lab with several virtual servers and clients. The firewall will be then connected between the lab and our ISP gateway. Most of the network traffic will be internal, since the clients ...

VRRP other devices

Hello Guys,

I´m new in the world Palo Alto, my company partner is now Palo Alto.

I have not found documentation, but it is possible to utilize protocol VRRP in PA-5050 with equipment other manufacturers?

Thank you.

Default Management Ports in PAN OS 7.1

Hi all

The standard guide for configuring a PANW Firewall to allow access to HTTPS/SSH etc from the outside has been this link: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Change-the-Default-Management-Port/ta-p/62333

But with

DNS Sinkhole Intended Destination

I've configured a DNS sinkhole in our PAN firewall, and it's helped our department identify machines that are trying to reach out to malicious domains and such. Is it possible to identify the original, intended, destination that the user was attempti

Lync (Skype for Business) Across Organisations

Hi guys,

Is anyone else having issues using Lync (Skype for Business) when messaging, or sending file transfers, to someone in a separate Skype Organisation in an external network?

Not sure if this is a bug or not, as the application is being seen as

VPN between 2 Palo Alto Firewalls

Hi there,

I am trying to setup VPN between 2 Palo Alto Firewalls. On one side I have public address but on the other side I am using a private ip address as this Palo Alto is behind a router. The VPN is not coming up. I also tried to do port forward

Active/Active HA managed by Panorama

In the Active/Active HA setup, there is an option to "Enable Config Sync".  In the past I have used this because I didn't have Panorama.  Now I have a new set of PA5050s that are running in Active/Active mode and we purchased Panorama to go with it. 

Large Scale VPN (LSVPN) - Opinions from end users?

I'm looking for feedback from customers who have deployed LSVPN on PAN-OS firewalls. I'm getting ready to rebuild a highly manual, semi-fullmesh VPN infrastructure of abotu 10 sites. Yes, I have a mess on my hands.

I am planning on a dual-hub and spo