Active/Active L3 problem with asymmetric routing and NAT

I'm stumped.  I've looked through as many pieces of documentation and discussions as I can find and I think I have everything set up correctly, but it's only half working.

What I have is two PA-5050s in Active/Active.  I have two routers on the outsi

Hybrid whitelist/blacklist Policy

I played around on our lab FW a bit but couldn't get this working. Here are my objectives:

- Create a "White List" custom URL category that allows only a handful of web sites. (Working with URL Filtering profile.)

- Log all permits (Working. I got this

Wildfire .ace archive support

Does Wildfire support the .ace filetype?  I've received messages that should have been filtered that have .ace payloads.  The message attachments are clearly malware based on virustotal.  The message bodies are classic phishing type attacks. I have a

Drop all packets

I added an exception to a spyware profile to drop all packets and it now says its dropping and allowing the packets how can that be?

Site to Site VPN Double NAT Issue

Hi,

We have a branch office connected via site to site vpn, plao alto firewalls at both locations.

Due to buiding works the office has been relocated to a shared building and we're having to use a third party's network connection. We've been provided w

PBF Logs - How to check if monitor is flapping

Hello All!

We are using a PBF with a public IP as monitoring target... We are suspecting this IP is flapping... but we didnt find the correct time that happens...

Is there any way to check past logs? or check in real-time any PBF logs and monitor any

where is my last topic?

Hi

Few days ago I created topic on old looking Community. Today I can't find it...

The name of topic is "SYSTEM ALERT : critical : Disk usage for / exceeds limit, 96 percent in use, cleaning filesystem "

How I can get access to this topic on new Comm

Globsl Protect client

My used appparently don't know how to put the portal address in the GP client , is there anyway to modify the install package to automatically put the connection IP in the settings?

HA and routing/switching/vwire option in a "VSYS" on PA-7050

How does carving up multitple vsys on a pair of PA-7050s with NPC Option 1 (2x40G QSFP + 12x10G SFP+)  work, in terms of sharing the dedicated HA1-A/B and HSCI-A/B ports on SMC per vsys for HA1, HA2 and HA3?

If you have 5 different vsys (vsys'es) for

OSPF between virtual routers

Hey all,

Is it possible to run OSPF between 2 virtual routers on a single PaloAlto device?

Since you need to have an interconnecting interface, I guess you need to have the traffic physically leave the firewall and come back in on another port in the