nailing up an ipsec vpn?

I have a site to site ipsec vpn between two Palo firewalls.  A always initiates the tunnel to B. Is there a way i can make A always keep the tunnel up even when interesting traffic is not present?

Interzone default deny rule with logging is allowing traffic and shows up in traffic logs

We have a PA-3220 which is running in 10.2.4 Pan OS, we observed something really weird in the traffic logs this morning which shows 'ms-rdp' connections allowing through the default interzone deny rule which we re-verified again to see it is still s

IPSec Child-SA rekey negotiation fails

Our customer encounter intermittent connectivity issue with IPSec IKEv1 during phase 2 rekey of IPSec Child-SA. We open case with the IPSec peer device vendor, they mention that PAN is not sending message to R2011 (IPSec peer) for deleting the SA whe

Configure L2 service on Active-Active Mode

I'am using PAN-PA-3220

We want to setup this model with:

1. HA (active-active)

2. Interface configuration using Layer 2 configuration

Is it possible to done it?. as when I try to create Layer 2 configuration. It always pop out error "Layer 2 unable

SSO not working properly

I have just setup SSO in our new eng panorama. When I tested it initially it gave me the error message "Error Displaying SAML error response page". I reached out to our team and it was noticed that the new saml app had fewer claims and attributes tha

Certificate delete

Hi

i have a problem certificate delete. But sow error Failed to delete Certificate - CaptivePortal.  °  CaptivePortal cannot be deleted because of references from:

i look to to ssl/tls service profile list not show profiles. plase help mee 

Clarification on App Rule - I thought I understood this

I recently moved a firewall into being managed by Panorama.  I setup an Application rule specifying the application as PANORAMA which includes the ports necessary (I assumed) for Panorama communications but the firewall could not be added successfull

Clarification regarding vsys function and network isolation

Hello,

After reading about and looking through documentation regarding vsys, and routing between vsys on the same firewall via use of external zones, as well as the vsys<>VR association, I have a few questions I would like to clarify if possible:

1. If

Suspicious URL detection by cortex

Hi All,

Will cortex be able to detect if there is any malicious URL clicked by user?

Also, would like to know how cortex detect the ransomware attack.

Regards,

Sakshi Seth

Proxy SG to Palo alto policy migration

Hi,

Is there any automation tool through which we can migrate all our proxy SG policy rule, object and object group to Palo alto. Or else if there is any alternate option then please let me know.