BGP Across Two Data Centers

hey all, we have a customer who currently has two PA-2050 nodes setup with HA at one location.

they would like to split the pair and have one PA-2050 at Site1 and the other at Site2 ... setup as Active/Standby.

There would be two private L2 networks be

tcp-fin and aged out

I know there are timeouts set for different application is there a reason other that session table information. Is there any risk? Is it the firewall that is closing a connection? If so what would it close a active connection? Is there a security rea

Object Names and IP Addresses

I've run across an interesting "feature" in working with the Palo Alto system.  I'm converting from the Checkpoint platform and have found a feature that I use in the Checkpoint all the time, but don't have available in the Palo Alto Panorama.  If yo

User-ID for Exchange Permission Issue

Hi All,

I'm running an agent-based User-ID setup against three AD DCs and two Exchange CAS servers.  Unfortunately, despite having the Event Log Reader permission, I cannot seem to get data from the Exchange servers.  I am successfully getting data fr

How to block Sub-url's for https sites.

Hi,

We tried to block  the sub-url’s  for https sites on PA5020 but the same is not blocking.

Please clarify whether PA will block particular https ulr link.??

Thanks,

HA question

Hi,

In an HA pair does the passive HA unit also generate the canned predefined reports? Or only the active HA unit?

Thanks,

Emma

Problems with ms lync / url filtering

Hi all,

I am trying to get lync2013 working, and more specifically Skype for Business, successor of Lync. I have Lync 2013 completely working, but I would like to permit all the wildcards permitted through url filtering, linked to a number of applicat

Time stamp of traffic/threat/url logs are 3 minutes into the future?

Threat logs, traffic logs, url filtering logs are all in the future by 3-4 minutes where everything else has the correct time from the ntp server. The dashboard shows the correct time and what's interesting is that the Configuration and System logs s

Unknown URL Category

How many of you have this category being blocked?  Any issues with web surfing?

VPN Tunnel between static Palo Alto and dynamic Fortigate

What is the exact settings in order to establish a VPN tunnel between a Palo Alto firewall that has static WAN IP address and a Fortigate that has Dynamic WAN IP address?

If both has static IP address, the tunnel works.

If Fortigate has dynamic WAN add

Not understanding "WildFire: Automatically Detect and Prevent Unknown Threats"

First of all I'm very impressed with Palo Alto's firewall, I'm definitely a "fan", however we purchased a wildfire subscription under this premise:

WildFire^TM simplifies an organization’s response to the most dangerous threats, automatically detecting

GP Gateway login page

Is it possible to disable this login page to download the pan gp client?

HIPmatch IP?

Palo currently emails me the hipmatch alert and includes the internal IP that globalprotect assigned it. How do I get the public IP that the user came from in the hipmatch alert email?

I know I can manually find it via the interface (which shows both